Cyber Jihad

Iran steps up cyber attacks on U.S. financial institutions

January 6, 2013

Iran is continuing aggressive cyber attacks against U.S. financial institutions and officials say the U.S. government has failed to take steps to halt the electronic strikes.

The sophisticated denial-of-service cyber attacks have been underway for several months and involve Iranian-origin hackers who flood banking and financial institution web sites with massive log-in attempts that disrupt or halt remote banking services.

"The are going after the same types of sites," said an intelligence official familiar with reports of the attacks.

The official criticized the Obama administration for failing to protect American corporations from what the official said were state-sponsored cyber attacks.

Critics in government and the private sector say the U.S. government remains unprepared to respond to such coordinated covert cyber attacks.

Several government agencies, including the military’s U.S. Cyber Command, U.S. intelligence agencies, the Department of Homeland Security, and the FBI are responsible for dealing with cyber attacks. Yet the White House is in charge of directing any counterattacks on nation-states and so far has refused to authorize aggressive action, such as retaliatory counter cyber attacks.

The intelligence official suggested that the administration is reluctant to take action because of the president’s conciliatory policies toward Iran. President Barack Obama failed to back Iran’s democratic opposition in 2009 and has taken limited diplomatic action against Iran’s illicit nuclear program.

The administration appears to be treating the Iranian cyber attacks as a law enforcement matter rather than covert warfare.

White House National Security Council spokesman Tommy Vietor declined to comment when asked why the administration has failed to respond to the attacks.

FBI spokeswoman Jennifer Shearer also declined to comment on what she said were "ongoing matters."

The hackers called the attacks Operation Ababil and stepped up their efforts last week, prompting PNC Bank to warn customers about the disruptions.

PNC Bank disclosed in a statement Jan. 3 that a number of U.S. banks, including PNC, were dealing with "unusually high volume of traffic at their Internet connections."

"This volume of traffic is consistent with threatened cyber attacks on the U.S. banking system and is designed to cause access delays for legitimate Internet customers," the bank said.

The bank said some customers have been unable to conduct business remotely as a result of security efforts to mitigate the attacks.

The bank sought to assure customers that the website is protected by "sophisticated encryption strategies" that protects data and accounts.

"While this situation is an access issue and not an issue of account security, it is always important to remember to protect yourself by not sharing personal or financial information on any non-secure sites," the bank stated.

Cyber security analysts said an Iranian group called the Izz ad-Din al-Qassam Cyber Fighters carried out the attacks.

On the hacker forum, the group said in a statement posted Dec. 25 that a "second phase" of their attacks were underway over the past several weeks.

The group said it has targeted JPMorgan Chase & Co., Bank of America Corp, Citigroup Citibank, Wells Fargo & Company, U.S. Bancorp, PNC Financial Services Group, BB&T Corporation, SunTrust Banks, and Regions Financial Corporation.

One cyber forensic specialist, who spoke on condition of anonymity, said the al-Qassam Cyber Fighters claim to be a group of private hackers but their activities appear state-sponsored.

"Except for their statements they have no presence and it feels much more like a state-sponsored action," meaning backed by the Tehran regime, the specialist said.

Iranian officials have been quoted in state-run press accounts as promising to conduct cyber attacks against the United States and other western states in retaliation for cyber attacks against Iran’s nuclear program.

The hackers can move up to 70 gigabytes of data per second at their targets and they have been detected renting "botnets," collections of robot computers used in conducting the attacks, the specialist said.

The attacks are called distributed denial of service attacks and use hijacked computers that are networked to conduct mass numbers of log-in attempts at banking web sites.

One malicious technique used by the group is server administrative access software called "itsoknoproblembro" that has been linked to the attacks.

Denial of service attacks have been used by sophisticated cyber warfare units to conduct cyber espionage and cyber reconnaissance, potentially more destructive techniques than denying service.

Ten major U.S. banks were hit by the cyber attacks in September during the first wave of attacks.

Around the time the attacks were detected, the Pentagon’s Joint Chiefs of Staff stated in a report that the cyber strikes on financial institutions were Iranian-backed aggression.

"Iran’s cyber aggression should be viewed as a component, alongside efforts like support for terrorism, to the larger covert war Tehran is waging against the west," the report, dated Sept. 14, stated.

A Treasury Department statement in February stated that Iran’s Ministry of Intelligence and Security, the civilian spy agency, has assisted the terrorist group Hezbollah with "multiple joint projects … in computer hacking."