Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

DDoS attacks against banks raise question: Is this cyberwar?

Ellen Messmer | Oct. 25, 2012
It's been a month of crippling denial-of-service attacks on websites operated by U.S. banks and financial services firms. A terrorist organization called Al-Qassam takes credit online, but now the attacks are being blamed on Iran.

At least some of these DDoS attacks against Israeli targets arose from networks in Saudi Arabia, and retaliation from Israeli hackers calling themselves IDF-TEAM ended up going after targets such as the Saudi Stock Exchange and the Abu Dhabi Securities Exchange, according to reports from the Israeli news organization Haaretz.com. Saudi Arabia this year has suddenly become a center of attention in other ways, too.

In August, Saudi Arabia's national energy company, Saudi Aramco, had to fend off a targeted malware attack against its enterprise systems, repairing 30,000 workstations that were infected with a malicious virus dubbed Shamoon wiping out data content, with a group calling itself the "Cutting Sword of Justice" claiming responsibility for the attack. A similar malware attack hit RasGas of Qatar.

To top it off, Saudi Arabia this year suddenly came out of nowhere to become the top spam-sending country in the world this year, according to a Trend Micro report this week. However since DDoS attacks and spam distribution are often carried out by exploiting compromised computers, it's not necessarily clear who is actually behind an attack.

"Iranians have done conflict by proxy very effectively for 30 years, so adding cyberattacks into it isn't surprising," says Chris Bronk, professor in information technology policy at Rice University.

The sanctions against Iran, such as the SWIFT banking network cut-off, mean the country "is squeezed at this point." Does this all add up to cyberwar? Bronk says so far this has been a murky conflict falling far short of any call for bombs and invasions.

There's also speculation that because the U.S. and Israel are believed to have originated the Stuxnet malware attack on the Iranian facility suspected of helping develop an Iranian nuclear bomb that story was broken by the New York Times this June -- that Iran is now gearing up its own cyber-weapons program to lash out at the U.S.

One of the most disturbing parts about the DDoS attacks on the U.S. banks is that the banks have not yet shown they can defend themselves, Litan says. The attackers themselves simply stopped on their own, she says, probably to try and erase their tracks so as not to get caught. "The banks knew the end points and the servers," she says. "They never nailed the people behind the attacks."

Radware, the Israeli-based firm that makes anti-DDoS gear, has voiced deep doubts that the attacks originated with shadowy Islamic group Al-Qassam but decline to say much more. Mike Smith, senior security evangelist at Akamai, is also doubtful about any Al-Qassam role.

"Before September, Al-Qassam was suicide bombers who shot people," Smith said, and they're aligned with Hamas and the Palestinians. He doubts that Al Qassam suddenly acquired cyberwarfare capabilities. Several of the banks whose websites were under attack are Akamai customers, so Smith has some perspective on how the attacks proceeded. And it's left him thinking these attacks may have been simply a distracting mechanism to throw banks off guard while cyberattackers went after what they really wanted taking over bank employee computers with ZeuS Trojan malware and the like in order to be able to steal bank funds.

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.