As DDoS attack strengthens, US Banks scramble to mitigate website outages

Several major US banks are scrambling to break a digital siege as their websites experience increasing amounts of downtime due to a sustained distributed denial of service (DDoS) attack, launched by what is believed to be Muslim hacker group Izz ad-Din al-Qassam Cyber Fighters.

In the past six weeks, bank websites have been offline for a total of 249 hours, double the amount of downtime experienced in the same amount of time just a year ago.

"Literally, these banks are just in war rooms, sitting at controls trying to stop (the attacks)," Gartner Group bank security analyst Avivah Litan told NBC News.

“The frightening thing is (the attackers) are not using as much resources as they have on call. The attacks could be bigger."

More from GlobalPost: Anonymous Korea continues attacks against North Korean sites

Muslim hackers in the Izz ad-Din al-Qassam Cyber Fighters launched the third phase of their Operation Ababil campaign against US-based banks on Wednesday, making further demands that the YouTube video “Innocence of Muslims” be removed from the web.

Known to many as the Muslim world's Anonymous, Izz ad-Din issued an ultimatum on Tuesday that their DDoS attacks against American banking institutions would continue into their sixth week unless insults against the Prophet Mohammed were removed from YouTube. 

“We have already stated that "removal of the offensive video, INNOCENCE OF MUSLIMS, from YouTube is the simplest solution to stop the cyber-attacks. During last week the below list of banks and/or financial services were being chosen as target: American Express, Citizens Financial, Ameriprise Financial, KeyCorp, BB&T and Bank of America,” read the statement issued for week five of Izz ad-Din’s “Operation Ababil” campaign. 

Operation Ababil entered into its third phase in March, a continuation of the campaign against US banks that began last September. 

"It goes on and on and on … It's like they are kicking sand in someone's face, reminding people that they are there," senior technologist at Internet infrastructure company Neustar Rodney Joffe told NBC news.

More from GlobalPost: Sprint to blacklist Chinese-made equipment over cyber security concerns

"You just have to ask yourself, 'Why?' (The attackers) just seem to enjoy being able to say 'On an ongoing basis, we can make life uncomfortable for your banking industry.'"

Internet and mobile cloud monitoring company Keynote Systems provided NBC news with information on recent bank outages. To gather it, they checked the websites of the United States' 15 largest banks for outages every five seconds for six weeks.

Keynote Systems spokesman Aaron Rudger also told NBC news that he was “comfortable inferring that the so-called al-Qassam attacks were responsible for most of the increase.”

As the operation continues, techniques used by Izz ad-Din to carry out cyberattacks are growing in sophistication and strength, posing a growing threat to investors and deposit holders across the US. 

"The third wave of attacks has matured in several meaningful ways," Dan Holden, director of security research at Arbor Networks, told Information Week.

More from GlobalPost: Lacking international support, Syria's rebel hackers are losing the cyber war

"The size of the botnet has continued to grow, new techniques and toolkits are being developed and the attackers continue to focus further on the application level."

According to Holden, Izz ad-Din is randomizing the techniques used in their cyberattacks to test and analyze bank’s defenses against DDoS attacks.