Hacktivist Group Claims Responsibility for Cyberattacks on Amex, Others

A group that has claimed responsibility for a flood of cyberattacks on the nation's biggest banks says it was behind an assault last week on the website of American Express (AXP) that left customers of the credit card giant unable to log in to their accounts.

The al-Qassam Cyber Fighters, hacktivists who since September have waged a campaign to impede online operations at financial institutions until YouTube takes down a trailer for an anti-Muslim film, said in an email Tuesday it targeted Amex in the past week along with five other firms: Bank of America (BAC), Citizens Financial (RBS), KeyCorp (KEY), BB&T (BBT) and Ameriprise (AMP).

Amex spokeswoman Amelia Woltering tells American Banker the company has not been hit by another denial of service attack since Thursday and is “working with law enforcement authorities” to investigate the incident.

At least two other institutions the al-Qassam group targeted experienced some disruptions.

BB&T spokesman Brian Davis said in an email the company incurred "intermittent delays and outages on BBT.com for a few hours [Tuesday] due to a targeted cyber event." Lynn Woodman, a spokeswoman for KeyCorp, said the company's websites last week experienced "some activity but with minimal disruption." "We're dealing with this as a new normal," she added.

Spokespeople for B of A, Citizens Financial and Ameriprise Financial did not respond immediately to a request for comment.

The attack on Amex, which took the company's website offline for roughly two hours, followed similar attacks recently on Wells Fargo and TD Bank. The onslaughts aim to bog down companies' websites by directing a torrent of digital traffic their way that can cause the website under attack to labor to the point of unresponsiveness and render online banking impossible.

JPMorgan Chase (JPM) experienced an outage at its website on Monday that lasted for about three hours, although a source close to the company said the incident was not believed to have resulted from a denial of service attack.

For its part, YouTube has said the trailer conforms to the company's content guidelines, although YouTube warns viewers the content may be “potentially offensive or inappropriate.” Several versions of the trailer remained on YouTube on Tuesday.

For reprint and licensing requests for this article, click here.
Bank technology
MORE FROM AMERICAN BANKER