‘itsoknoproblembro’ Toolkit – The Beast that Beat Banks

Large scale, sophisticated distributed denial of service attacks – which have plagued the banking industry for months now – are finally subsiding. These attacks, which for the most part have been politically and socially motivated, have been cause for concern for security experts, government officials, and banks.





How It Started

Beginning in September 2012, large banking institutions; including Wells Fargo, Bank of America, PNC and JPMorgan Chase were at the receiving end of high level DDoS attacks – at times peaking between 60Gbps – 100Gbps. Comparatively speaking, most attacks are below 1Gbps. Thus, the cause for concern. Why were banks attacked? For some, the reason seems to be a little flimsy. Rumors circled that it was an Iran sponsored attack due to its sophistication and size, but an Iran hacker collective quelled these rumors by claiming full responsibility for the DDoS attacks and citing the Innocence of Muslims video as their motivation.

If you didn’t catch the headlines, the Innocence of Muslims video incensed the Muslim world because of its negative depiction of the Prophet Mohammad. Soon after clips of the video were released on YouTube, the hacker group Izz ad-din Al Qassam Cyber Fighters posted on Pastebin:

We, Cyber fighters of Izz ad-din Al qassam will attack the Bank of America and New York Stock Exchange for the first step. These Targets are properties of American-Zionist Capitalists. This attack will be started today at 2 pm. GMT. This attack will continue till the Erasing of that nasty movie. Beware this attack can vary in type.


And then the attacks started. The attacks lasted for months and are still a potential threat to banks. Here’s an infographic timeline of the series of DDoS attacks that took place.

How the ‘itsoknoproblembro’ Toolkit Works


The ‘itsoknoproblembro’ toolkit was the weapon of choice for the hackers that launched repeated attacks against banks. The tool is a hybrid DDoS attack tool that operates as a PHP-based suite. “itsoknoproblembro can launch multi-layered attack vectors by leveraging already compromised commercial machines, while at the same time, injecting malicious PHP scripts into popular content management systems – like WordPress and Joomla. This gives attackers the ability to scale up the size of an attack by converting machines into brobots,” says Todd Reagor, Chief Executive Officer of Rivalhost. Once compromised machines are under control of the attackers, it’s simply a matter of launching the attack.

Here’s how the itsoknoproblembro toolkit works:

  • The toolkit attacks infrastructure and application layers simultaneously
  • SYN floods are used to attack multiple network entry points on the target machine
  • ICMP, UDP, and SSL encrypted attacks are implemented as well
  • UDP packet floods are used to overwhelm the target DNS infrastructure
  • Legitimate IP addresses are used that make detection difficult


How DDoS Protection Stops Attacks


DDoS protection is a combination of sophisticated anti-ddos tools, human knowledge, and experience in mitigation. At its simplest level, it can be divided into three distinct steps:
  • Monitor: Flow data from edge routers is pulled and analyzed. Potential attack patterns trigger an alert that notifies the team monitoring your server.
  • Detection: Attacks are detected from dynamic profiling by comparing traffic deviations against an organizations normal patterns. Signature analysis
    is also used to compare known attack triggers with the traffic on your
    site.
  • Mitigation: Typically, malicious traffic is rerouted away from the victim and “scrubbed” by the mitigation company. Then, legitimate traffic is forwarded back to its original destination.

About Bio
Rob Lons is the Director of Digital at Rivalhost, a DDoS Protection company specializing in mitigation and protected web hosting. Follow on Twitter @rivalhost


Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Top 5 Techniques Hackers Use to hack Social Media Accounts

These days, Social Media have become a significant need in our everyday life. It encourages us to associate and connect with anyone over the...

5 Top Programming Languages for Hacking

We live in the 21st century, which is very fast-changing. This is a century of competition for information and computing resources. Every year the...

OSINT Tutorial to Track An Aircraft And Flight Information In Real-Time

No doubt Internet is said to be the world's largest repository of data and information. It contains an enormous amount of data related to...

Preventing SQL Injection in PHP Applications

SQL injection is one of the most common cybersecurity threats and as the name suggests, it is a form of injection attack. Injection attacks, on...