Clues about who's behind recent cyber attacks on US banks
A Middle Eastern hacktivist group appeared to claim responsibility for massive denial-of-service cyber attacks on websites of six US banks. Some experts now say that claim is a 'false flag' to divert attention from the real attackers.
(Page 3 of 3)
That uniformity is unlike the technological flailing of an army of activists, busily downloading malicious botnet software onto their own computers and letting fly, he says, having seen such an event before.Skip to next paragraph
Subscribe Today to the Monitor
During the December 2010 hacktivist-inspired "Operation Avenge Assange," Akamai was hit by DDoS attacks in the range of 2 gigabits to 4 gigabits per second, indicating perhaps 3,000 to 7,000 attackers at any one moment. In the bank DDoS cases last month, the attacks were 15 to 30 times more powerful, implying as many as 65,000 attackers – many more than apparently participated, he says.
"This whole thing looks like someone trying to create confusion about what they're doing – a false flag," Smith says. "Look, the only primary sources or evidence that this is a hacktivist attack are two postings on Pastebin, and anyone can do that."
That leaves the usual suspects, he says: Eastern European cybercrime groups trying to cover their operations, or a state actor, such as Iran, seeking revenge for US-led economic sanctions or past Stuxnet cyberattacks on its nuclear-fuel refining facilities.
"When you have something like fraud, followed by DDoS, it's almost always Eastern Europeans running fraud scams, because that's what they're good at and they like that," Smith continues. "But I've heard people talk about nation state actors. It could be."
Lending some credence to the cybergang theory, the Federal Bureau of Investigation on Sept. 17 published a "fraud alert" that advised financial services firms that cybercriminals might soon be disrupting websites to prevent banks from noticing a jump in fraudulent wire transfers. Two days later, industry group Financial Services Information Sharing and Analysis Center raised its threat level, too.
Others, however, insist that Iran remains a likely suspect. Iran has been working to build its cyberwarfare capabilities. Last month, Iranian officials claimed that a cyberteam known as Iranian DataCoders Security Team had hacked nearly 400 Israeli websites.
Sen. Joseph Lieberman (I) of Connecticut, chairman of the Senate Homeland Security and Governmental Affairs Committee, last month publicly blamed Iran, fingering its Quds Force, a military unit. Iran's government has denied any involvement in the bank attacks.
But that hasn't stopped fingers from pointing privately in Iran's direction.
"I was told it was 'Iran' without being told the exact details of how this was determined before Lieberman said his thing," says a Washington-based cyberexpert who asked not to be named. "Everyone says it came from Iran."