PNC Bank's website was disrupted on Thursday by a group of Islamic hactivists who have also claimed responsibility for downing the sites this week of Wells Fargo and U.S. Bank.
The latest attack is identical to the other two in that hundreds of thousands of computers are used to overwhelm the sites' bandwidth, said Atif Mushtaq, a security researcher for FireEye who has been monitoring the attacks.
The hactivists also claim to be behind the distributed denial of service (DDoS) attacks last week against Bank of America and JPMorgan Chase, as well as U.S. bank yesterday.
PNC has confirmed the attack. Spokesman Fred Solomon told The Chicago Tribune that the disruption affected some online customers. "We are working to restore full service to everyone," he said.
Based on the kind of traffic Mushtaq has seen, the banks' sites are being overwhelmed by requests from the computers of supporters of the hacktivists. The group, which calls itself "Mrt. Izz ad-Din al-Qassam Cyber Fighters," has used social networks, including Google+; underground sites, and their own website to recruit sympathizers.
"I'm not surprised that there are thousands and thousands of people performing this type of DDoS," Mushtaq said.
The hactivists have said that the attacks are in retaliation for a video trailer denigrating the Prophet Muhammad. The amateurish YouTube video made in the U.S. has sparked violent protests in the Middle East and other regions.
To participate in the hactivists' campaign, a supporter goes to one of two file-sharing sites and downloads a program written in a scripting language that runs in a web browser.
Once the program is running, a person only has to click on a "start attack" button to send continuous requests to the target's website. All of the traffic seen by FireEye has come from Web browsers, an indication that the attackers are not using a network of compromised machines, called a botnet. Such networks are also a popular method for launching distributed denial of service attacks, which are said to be crude but still effective.
"The bad part about this attack is it's so simple," Mushtaq said. "They're not using any botnet. They're using browsers."
Rob Rachwald, director of security for Imperva, said an all-volunteer army launching such an attack is in unusual. Hacktivists often use a combination of supporters and botnets, he said. In addition, rather than try to overwhelm the bandwidth of a large bank, attackers often find a vulnerable component in the site first and target traffic to just that area.
While he hasn't monitored the recent attacks, Rachwald said he believes the attackers are much more sophisticated. An indication of that is the fact that the hactivists posted warnings in advance, naming the targeted banks. Nevertheless, the banks were unable to prevent disruption.
Sign up for CIO Asia eNewsletters.