Coordinated Cyber Attack on Greek Banks
Written by Nikos Vaggalis   
Tuesday, 01 December 2015

Financially tortured Greece has been caught in the middle of another turmoil, that of a hacking thriller currently in full deployment. Hacker team Armada Collective last week notified the National Bank of Greece of a series of pending DDoS attacks against its banking infrastructure unless 700 bitcoins is paid in ransom

Carrying out their threat, to prove their point, they launched a pre-emptive attack on Thursday November 26th lasting for 45 minutes, against three institutional Greek banks, which unconfirmed information suggests were Eurobank, Alpha Bank and Attica Bank.

The attack passed by largely unnoticed and without serious consequences on the websites' operation.

That's not the end of the story, however.

The group had set Monday 30th November as the deadline for payment of the ransom, but later extended it this to Thursday, December 3rd. If this deadline expires, new DDoS attacks, this time massive iin scale, will be launched with the aim of causing total blackout bringing those sites and their online transactions to a standstill.

Greek authorities do not disregard the claim, upgrading  
the Greek banks' online security level to the maximum, with EYP, the   National Intelligence Service in Greece, taking charge of this shielding operation.

So what is the dreaded DDoS attack in layman's terms?

It's an attack where the hackers overload the website with mass requests, causing it to collapse it under the heavy load. What the attackers hope for is that the business attacked will be willing to pay the ransom to avoid the further consequences of the prolonged downtime which would be translated into loss of revenue

According to GovCERT.ch,  last  October the same group threatened Swiss hosting providers for an amount of just 20 BTC by sending a warning email:  

From: "Armada Collective" armadacollective@openmailbox.org To: abuse@victimdomain; support@victimdomain;
info@victimdomain Subject: Ransom request: DDOS ATTACK! FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION!
We are Armada Collective. All your servers will be DDoS-ed starting Friday if you don't
pay 20 Bitcoins @ XXX

When we say all, we mean all - users will not be able to
access sites host with you at all. Right now we will start 15 minutes attack on your site's IP (victims IP address). It will not be hard, we will not crash it at the moment to try to minimize eventual damage, which we want to avoid at this moment. It's just to prove that this is not a hoax. Check your logs! If you don't pay by Friday, attack will start, price to stop will increase to 40 BTC and will go up 20 BTC for every day of attack. If you report this to media and try to get some free publicity by using our name, instead of paying, attack will start permanently and will last for a long time.

This is not a joke. Our attacks are extremely powerful - sometimes over 1 Tbps per second. So, no cheap protection will help.
Prevent it all with just 20 BTC @ XXX
Do not reply, we will probably not read.

Pay and we will know its you.
AND YOU WILL NEVER AGAIN HEAR FROM US!
Bitcoin is anonymous, nobody will ever know you cooperated.

The final line of this text explains why the group prefers to be paid in the cryptocurrency bitcoin which is not easily traced, For the first time in history Bitcoin makes blackmail, extortion and kidnap logically possible simply because of this fact.

Their extortion actually succeeded when, the same attack brought down CERN's ProtonMail email provider, which, to avoid further damage reluctantly paid the ransom. It later went public with the following statement:  

At this point, we were placed under a lot of pressure by third parties to just pay the ransom, which we grudgingly agreed to do at 3:30PM Geneva time to the bitcoin address:

1FxHcZzW3z9NRSUnQ9Pcp58ddYaSuN1T2y.

This was a collective decision taken by all impacted companies and while we disagree with it, we nevertheless respected it, taking into the consideration the hundreds of thousands of Swiss Francs in damages suffered by other companiescaught up in the attack against us.
We hoped that by paying, we could spare the other companies impacted by the attack against us, but the attacks continued nevertheless. This was clearly a wrong decision so let us be clearto all future attackers – ProtonMail will NEVER pay another ransom.

The truth here is that

"ProtonMail originally created to provide privacy to activists, journalists, whistleblowers, and other at risk groups, and we have many of those people in the ProtonMail community"

which clearly demonstrates that this group are not hactivists and in their cause of extorting money they won't stop at anyone and anything, not just targeting financial or otherwise institutions. 

So now our attention turns back to Greece, with Thursday coming very soon. Will the attacks be carried out? Will they succeed, and will the Greek Banks pay up under this pressure? We'll just have to wait and see. 

More Information

GovCERT.ch

Related Articles

GitHub Under DDoS Attack 

Inside Bitcoin - virtual currency 

Flaw In Bitcoin Algorithm 

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter,subscribe to the RSS feed and follow us on, Twitter, FacebookGoogle+ or Linkedin

 

Banner


The Art Of Computer Programming - A Great Present
15/12/2024

If you are looking for a programmer present this holiday season, there is one book, or set of books, that should be top of any list... Donald Knuth's The Art of Computer Programming.



PlanetScale Gets Into Vector Search
02/12/2024

PlanetScale, the cloud MySQL-compatible database with advanced scaling capabilities, is now upgraded with vector storage and search.


More News

 

espbook

 

Comments




or email your comment to: comments@i-programmer.info

 

Last Updated ( Tuesday, 01 December 2015 )