Iran blamed for cyber onslaught on US banks

Jan 09, 2013 by Glenn Chapman

US financial institutions are being pounded with high-powered cyber attacks that some suspect are being orchestrated by Iran as payback for political sanctions.

"There is no doubt within the US government that Iran is behind these attacks," James Lewis, a former official in the state and commerce departments and now a computer security expert at the Center for Strategic and International Studies, told the New York Times.

While the identities of those behind the online onslaught officially remain a mystery, it was clear they were using a potent new weapon for slamming bank websites with overwhelming numbers or requests for information.

The attackers infected datacenters used to host services in the Internet "cloud" and commandeered massive to back distributed (DDoS) attacks, according to security experts.

DDoS attacks have been a basic hacker weapon for quite some time, but they have typically involved using armies of personal computers tainted with viruses and coordinated to make simultaneous requests at targeted websites.

"They are essentially going from a pistol to a cannon," Radware vice president of security solutions Carl Herberger said of cyber attackers using datacenters. "That was one major achievement."

The top 20 US banks on Wednesday were being hit with a third wave of attacks, each of which has been preceded by a claim of responsibility by a group calling itself Izz ad-Din al-Qassam Cyber Fighters.

The attacks began in September of last year, according to Radware, which specializes in commercial computer security and has been investigating the cyber assaults.

"The landscape we are seeing is essentially a persistent industry sector attack that is unprecedented," Herberger said.

"There have been a number of lulls in cyber fighting, with waves concluded and re-launched."

Attackers have shrewdly tailored requests to target encrypted pages or data, which are more complicated to process and therefore tax websites more, according to Radware.

"The world of DDoS is about consuming resources fast; however you can get inside an encrypted algorithm you can multiply your effect," Herberger said. "It is a wonderful tool from a perpetrator's perspective."

Such requests are particularly nefarious because encrypted exchanges are often shielded from security software intended to guard against attacks.

It appeared that no money was taken in the attacks, but Herberger warned that the full extent of the damage had yet to be assessed.

He described how hackers sometimes use to trigger fail systems that can sometimes allow invaders to get to data.

"I call it the battering ram effect," Herberger said. "They literally batter in the front door; that is a really dark side of this world."

Attacks on banks could also be test runs for assaults on other business sectors or even smart systems controlling vital infrastructure.

"Let's suppose this is state sponsored," Herberger proposed. "Could these not be dry runs? If the banks are permeable what is the likelihood that other systems are?

John Bumgarner of the US Cyber Consequences Unit, a non-profit group that studies the impact of cyber threats, cautioned against rushing to assign blame for the attacks.

"These attackers are using the anonymity of the cyber space to mask who they are," Bumgarner said. "There is not irrefutable evidence that the Iranian government was responsible."

Explore further: Putin signs law seen as crimping social media

add to favorites email to friend print save as pdf

Related Stories

US finance sector warned of cyber attacks

Sep 19, 2012

A US financial industry group warned banks and other institutions to beware cyber attacks Wednesday, after some firms reported sporadic problems with their websites.

Wells Fargo website down in wake of threat

Sep 26, 2012

Wells Fargo's website was experiencing problems Wednesday, after a threat against US banking firms from a group pledging retaliation for an online video that has sparked unrest in the Muslim world.

Islamist group warns of new cyber attacks on US banks

Sep 25, 2012

An Islamist group on Tuesday said it will carry out new cyber attacks on US banking targets, according to SITE Intelligence Group, following similar attacks last week in response to an anti-Islam film.

Recommended for you

Putin signs law seen as crimping social media

6 hours ago

President Vladimir Putin on Tuesday signed a law requiring Internet companies to store all personal data of Russian users at data centres in Russia, a move which could chill criticism on foreign social networking ...

User comments : 8

Adjust slider to filter visible comments by rank

Display comments: newest first

TheBoyProphet
2.5 / 5 (8) Jan 09, 2013
Notice how everything these days is Iran's fault? Ten years ago it was Iraq's fault. Anything to get in and get that oil, Baby! Texas tea.
VendicarD
3.7 / 5 (3) Jan 10, 2013
What a shame the U.S. and Israel continue to attack the Iranian industrial infrastructure with computer malware.

I grant Iran a pass on this one, and note that no evidence of their involvement has been provided.

kochevnik
2.3 / 5 (3) Jan 10, 2013
Israel blew up three skyscrapers on 9/11, but the public is asked to cry for some bankster scum hobbled with a slow website as a prelude for war
AT210
1.7 / 5 (6) Jan 10, 2013
There's no evidence but they still blame Iran. Get over the paranoia & fix the obvious: your useless firewall!!
SteveL
1 / 5 (2) Jan 10, 2013
"orchestrated by Iran as payback for political sanctions."
Or Stuxnet?

"There is not irrefutable evidence that the Iranian government was responsible."

There is nothing preventing them from playing hard ball also. In either case it's hitting Emperor Obama land where it hurts.
antialias_physorg
3 / 5 (2) Jan 10, 2013
"There is no doubt within the US government that Iran is behind these attacks"

As if such a statement would mean anything these days. At the lastest since the Iraq invasion that ship has sailed.

The US government will say (and do) anything that suits its handlers. Why do they even bother putting out press releases?

Especially if they first claim: "It was Iran" and then in the very next breath admit:
While the identities of those behind the online onslaught officially remain a mystery


it was clear they were using a potent new weapon for slamming bank websites with overwhelming numbers or requests for information.

DDoS is a 'potent' NEW weapon? DDoS is the most basic of all attacks (it doesn't even do damage except for outages) - and with proper IT it's easily fended off (e.g. via DNS switching).

The encryption angle is clever, though.
dtxx
3.7 / 5 (3) Jan 10, 2013
There's no evidence but they still blame Iran. Get over the paranoia & fix the obvious: your useless firewall!!


People like you should never, never, ever be involved in these types of discussions.
Royale
5 / 5 (2) Jan 10, 2013
lol dtxx.. agreed.
A firewall has literally nothing to do with stopping DDoS attacks..

As far as 'cloud' data centers being compromised, well, we all knew that was going to happen...