Skip Links

DDoS attacks against banks raise question: Is this cyberwar?

U.S. officials blame Iran but some familiar with attacks say it's likely cybercriminals

By , Network World
October 24, 2012 12:57 PM ET

Network World - It's been a month of crippling denial-of-service attacks on websites operated by U.S. banks and financial services firms. A terrorist organization called Al-Qassam takes credit online, but now the attacks are being blamed on Iran.

Background: Iran denies launching cyberattacks on U.S. banks

So is this just another case of cybercrime, or something entirely different? Could this be cyberwar?

Within the past month, crushing blasts of 65Gbps traffic, mainly from thousands of compromised Web servers, has targeted Bank of America, Wells Fargo, US Bank, JP Morgan Chase, Sun Trust, PNC Financial Services, Regions Financial and Capital One. The attacks have effectively cut bank customers off from online services for extended periods.

Wells Fargo

An Islamic group called the Izz ad-Din Al-Qassam Cyber Fighters claimed credit for most of the distributed denial-of-service (DoS) attacks that started Sept. 18 with Bank of America. A hacktivist group associating itself with Anonymous claimed responsibility for the DDoS against HSBC that started Oct. 18. Banks have been busy apologizing to customers for service disruptions.

PNC Financial Services CEO James Rohr, acknowledging last week on CNBC that the DDoS attacks had "really pummeled us," noted cyberattacks "really disrupt this country."

That followed U.S. Secretary of Defense Leon Panetta's lengthy speech on Oct 11 before a New York business group in which he said the U.S. needs to be on guard against a "cyber Pearl Harbor." He said if attackers launched destructive attacks on America's critical infrastructure networks, the president would ask the Defense Department to respond with both cyberweapons and traditional weapons.

But respond against who, what and where?

The first round of attacks proved so severe to banks such as Wells Fargo and Bank of America that U.S. government officials are making accusations.

Sen. Joe Lieberman (I-Conn.) blamed Iran directly, while U.S. national security officials said it behind a curtain of secrecy to the media. For its part, Iran has officially denied any involvement.

Iran as the source of the cyberattacks on banks "is a good possibility" said Darren Hayes, professor in computer forensics at Pace University at the Seidenberg School of Computer Science and Information Systems.

Hayes notes that Iran last May had its own banking system disconnected from the global SWIFT financial transaction network as a sanction regarding its aspirations. Along with other international sanctions, "this is crippling their economy," Hayes said, adding he doubts the government would speak so directly about Iran if it didn't have some kind of intelligence.

Avivah Litan, a Gartner analyst specializing in security used in e-commerce and the financial industry, says the string of attacks do appear to have their origins in the Middle East where the tumult of cyber-conflict is ongoing.

Litan says her sources have examined attack code used against the U.S. banks and regard it as the same code used against Israeli targets, such as the Tel Aviv Stock Exchange and the El Al Airline website, back in January. That round of DDoS attacks last January was endorsed by the group Hamas, which is widely believed to be funded by Iran.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News