For the third time in the last half year or so, they have mounted DDoS attacks against prominent US financial institutions in order to protest the continuing online existence of a video that they feel vilifies Islam and offends Muslims.
This third phase of "Operation Ababil" concentrated their attacks during working hours on last Tuesday, Wednesday and Thursday. Among the targets were the websites of Bank of America, Capital One, Citibank, PNC Bank, Union Bank and Wells Fargo, as well as that of American Express.
"Our site experienced a distributed-denial-of-service (DDoS) attack for about two hours on Thursday afternoon... We experienced intermittent slowing on our website that would have disrupted customers' ability to access their account information. We had a plan in place to defend against a potential attack and have taken steps to minimize ongoing customer impact," stated an AmEx spokesperson following the start of the attack.
Customers of the aforementioned institutions experienced extreme difficulties in accessing the sites and using them for their online banking needs, but things have returned pretty much to normal over the weekend.
Nevertheless, this might not be the end of it, as the copies of the original film can still be found on YouTube.
In the meantime, security professionals are pointing out that with every new phase of the operation the attackers have improved their abilities and refined their attack techniques.
"The biggest change is the maintenance and the growth in the botnet," Dan Holden, director of Arbor Networks’ Security Engineering and Response Team explained for Ars Technica. "There has been a big investment on their part to keep the campaign growing. And they've added some twists and techniques to their tools as time goes on, focusing their attacks more on the particular applications of the banks they're targeting. Now there are particular tools being used for a specific set of banks."
And while the attacks bring huge losses to the targeted institutions - whether it's because the customers can't access their accounts for days at the time, because the hackers or other cyber crooks might have used the DDoS attacks as a cover for fraudulent transaction, or because of the preventative measures they had to undertake to protect their websites - the cost for the attackers is thought to be also considerable.
Considering the effort and hours it takes to maintain the attack botnets, and the continuing refinement of the attacks, Holden believes that it couldn't be done without financial backing.
"Regardless of who's behind this, it has to be funded at some level. Even if it's hacktivists, it's got to be funded hacktivism," he pointed out.