Messages left anonymously on the Pastebin website claim that a Middle Eastern hacktivist group – "Cyber fighters of Izz ad-din Al qassam," allied to the military wing of Hamas – was responsible for the attacks. The messages said the attacks are a response by thousands in the region angered by "Innocence of Muslims," a video made in the US and posted on YouTube that Muslims consider an affront to the Prophet Muhammad.
But experts say it appears that at least two attacks were occurring at once – one by a group of individuals, and the other by an entity controlling a relatively small number of powerful, high-speed Internet Web servers. Any attacks by activists during that time were only a veil masking a powerful, orchestrated attack conducted either by cybercriminals or possibly by Iran in retaliation for harsh economic sanctions, these experts say.
"On this particular attack, an Islamic group has claimed responsibility by saying they are doing the attacks for ideological motives," Dan Holden, director of research for the Security Engineering & Response Team at Arbor Networks, says in an e-mail interview. "If true, this would be classic hacktivism. However, Arbor thinks this could be a 'false flag' operation to divert attention away from the real attackers."
A leading indicator is the source of the digital firepower. The attack now appears to have emanated almost entirely from just 300 to 400 very powerful machines – Web servers – rather than from thousands of irate hacktivists allowing their own personal computers to be used to attack websites, Arbor and others say. These Internet workhorses, which usually employ their powerful processors to display many Web pages to the public simultaneously, were infiltrated and compromised – then used to attack the six banks.