Iranian hackers target largest US banks: US Sources

Reuters, Saturday 22 Sep 2012

Iranian hackers lash out at Bank of America Corp, JP Morgan Chase & Co and Citigroup Inc as a response to Western sanctions imposed on Iran, say sources

Iranian hackers
Iranian hackers have repeatedly attacked Bank of America Corp (BA.N), JPMorgan Chase & Co (JPM.N) and Citigroup Inc (C.N) over the past year, as part of a broad cyber campaign targeting the United States, according to people familiar with the situation. (Photo: Reuters)

Iranian hackers have repeatedly attacked Bank of America Corp, JP Morgan Chase & Co and Citigroup Inc over the past year as part of a broad cyber campaign targeting the United States, according to people familiar with the situation.

The attacks, which began in late 2011 and escalated this year, have primarily been "denial of service" (DDOS) campaigns that disrupted the banks' websites and corporate networks by overwhelming them with incoming web traffic, said sources.

They said there was evidence suggesting the hackers targeted the three banks in retaliation for their enforcement of Western economic sanctions against Iran. Whether the hackers have been able to inflict more serious damage on computer networks or steal critical data is not yet known.

Iran has beefed up its cyber capabilities after its nuclear programme was damaged in 2010 by the Stuxnet virus, widely believed to have been developed by the United States. Tehran has publicly advertised its intentions to build a cyber army and has encouraged private citizens to hack targets in Western countries.

The attacks on the three largest US banks originated in Iran, but it is not clear if they were launched by the state, groups working on behalf of the government, or "patriotic" citizens, according to the sources, who requested anonymity as they were not authorised to speak to the press on the matter.

The hackers also targeted other US companies, the sources said without giving specifics. They said the attacks shed new light on the potential for Iran to lash out at Western nations' information networks.

"Most people didn't take Iran seriously. Now most people are taking them very seriously," said one of the sources, referring to Iran's cyber capabilities.

Iranian officials were not available for comment.

Bank of America, JP Morgan Chase and Citigroup declined to comment, as did officials with the Pentagon, the US Department of Homeland Security, the Federal Bureau of Investigation, the National Security Agency and Secret Service.

A US financial services industry group this week warned banks, brokerages and insurers to be on heightened alert for cyber attacks after the websites of Bank of America and JP Morgan Chase experienced service disruptions.

Senator Joseph Lieberman, chairman of the Senate's Homeland Security and Governmental Affairs Committee, said Friday that he believes Iran was behind the attacks.

"I think this was done by Iran and the Quds Force, which has its own developing cyber attack capability," Lieberman said during a taping of C-SPAN's "Newsmakers" programme. The Quds Force is a covert arm of Iran's Revolutionary Guards.

"I believe it was a response to the increasingly strong economic sanctions that the United States and our European allies have put on Iranian financial institutions," Lieberman said.

Tensions between the United States and Iran, which date back to the revolution in 1979 that resulted in the current Islamic republic, have escalated in recent years as Washington has led the effort to prevent Tehran from developing nuclear capabilities, imposing tough economic sanctions.

DDOS campaigns are among the oldest types of cyber attacks and do not require highly skilled computer programmers or advanced expertise, compared with sophisticated and destructive weapons like Stuxnet.

But DDOS attacks can still be very disruptive. If a bank's website is repeatedly shut down, the attacks can hurt its reputation, affect customer retention and cause revenue losses as customers cannot open accounts or conduct other business.

Bank of America, Citigroup and JP Morgan Chase have consulted the FBI, Department of Homeland Security and National Security Agency on how to strengthen their networks in the face of the Iranian attacks, the sources said. It was not clear whether law enforcement agencies are formally investigating the attacks.

The Iranian attackers may have used DDOS attacks to distract their targets from other, more destructive assaults that have yet to be uncovered, the sources said.

Frank Cilluffo, who served as homeland security adviser to former US President George W. Bush, told Reuters he knows of "cyber reconnaissance" missions that have come from Iran, but declined to give specifics.

"It is yet to be seen whether they have the wherewithal to cause significant damage," said Cilluffo, who is now director of the Homeland Security Policy Institute at George Washington University.

Security experts said Iran's cyber capabilities are not as sophisticated as those of China, Russia, the United States or many of its Western allies. Jim Lewis, a former US Foreign Service officer, said Iran has been testing its cyber technology against Israel and other Gulf states in recent years.

"It's like the nuclear programme: it isn't particularly sophisticated but it makes progress every year," said Lewis, who is a senior fellow at the Centre for Strategic and International Studies.

Short link: