U.S. “intelligence officials” believe Iran could be the force behind a number of attacks on banking institutions in the United States, according to the New York Times. The attacks, which started in September 2012, focus not on stealing money, but on knocking the bank websites offline.
Financial institutions have had reinstate their websites after cyber attacks overload them, knocking them offline. The affected banks include Bank of America, Wells Fargo, Capital One, HSBC, and Citigroup.
When VentureBeat reached out to Bank of America, the institution said it had no comment on the suggestion that Iran could be behind the attacks.
But James A. Lewis, the director and senior fellow for the technology and public policy program at the Center for Strategic and International Studies, told the Times, “There is no doubt within the U.S. government that Iran is behind these attacks.”
Lewis previous served as an official within the U.S. State Department and the Commerce Department.
The cyber aggression comes in the form of denial of service attacks. These attacks send packets of information at a rate much higher than a server’s ability to process them, overloading the server, and shutting down the website. It’s a fairly common attack since the onset of Anonymous, a group of hackers known for taking political stances and for their propensity to protest using denial of service attacks.
As Forrester analyst John Kindervag notes to the Times, however, the suspected hackers are using more sophisticated methods in their DDoS attacks. Where these attacks are usually launched from individual computers, it seems the attackers have rallied whole cloud networks to send off huge amounts of traffic to the bank servers.
That means Iran, if it is the culprit behind the attacks, could either be building its own private cloud network or somehow stealing less secure, but already established private clouds from other companies. With networks being used to launch the DDoS attacks, that banks are being hit by a substantial force.
Officials also believe the attackers are using a new form of DDoS called encryption denial of service. Since banks process a number of encrypted transactions dealing with the type of data they do, attackers can send hundreds of thousands of encryption requests to overload the servers.
Tactics as complex as these support the idea that the attacks are state sponsored.
A number of groups have come forward to claim the attacks, such as Izz ad-Din al-Qassam Cyber Fighters, who say they attacked the banks because of an offensive video. Others such as a cyber criminal known by the handle “vorVzakone,” posted intent to hack the banks in a campaign called “Project Blitzkrieg” on a Russian forum in September. VorVzakone , however, suggested attackers would hit the banks with malware and actually steal information rather than just knock down websites. Still, McAfee gave weight to vorVzakone’s post, saying Project Blitzkrieg is a “credible threat.”
It seems officials think the former group may just be a front for state sponsored attacks out of Iran, which could be retaliating for recent cyber attacks believed to be joint efforts by the U.S. and Israel. The attacks could also be connected to economic sanctions against the country in recent years.