Cyberwar in Iran Comes Home to U.S. Banks. Is Anyone Surprised?
It’s a fundamental truth of warfare than when you attack your enemy, you open yourself up to a retaliatory attack of some kind. It’s true enough in the real world, and now true in the realm of cyberwarfare, as well.
It appears to have been a retaliatory action by Iran that hit a batch of U.S.-based banks last fall with a series of ongoing distributed denial-of-service attacks. The New York Times says that U.S. government officials are internally blaming Iran for the attacks, which since September have disrupted the online banking operations of numerous American banks, including Bank of America, Citigroup, Wells Fargo, U.S. Bancorp and PNC.
The retaliation is for the numerous cyber attacks that have been carried out by the U.S. and Israel against Iran’s nuclear research program. The most famous of these was a sophisticated computer worm called Stuxnet that burrowed deep into industrial control systems at an Iranian uranium enrichment plant and caused centrifuges to spin out of control and explode, while computer screens monitoring their condition displayed readings that appeared normal. Others included Flame, which turned computers into sophisticated spying tools, using built-in video cameras and microphones, and Gauss, which sought to intercept bank-account information.
The educated guesses of computer security experts have all pointed to state actors in these attacks on Iran and, logically, the most motivated parties happen to be the U.S. and Israel. The governments of either country have never officially acknowledged responsibility for the attacks — they never do — but the Times reported the collaboration a year ago.
What’s disturbing in the attacks on the U.S. banks is that data centers used by cloud computing providers — none of them were named — were hijacked in some way to carry out the attacks. It stands to reason that civilian entities like data centers could be used to carry out such attacks. Cloud providers like Amazon Web Services, Google Rackspace and others are simply concentrated havens of computing muscle and capacity available for hire.
As such, like any other piece of civilian infrastructure, it appears that they can be used to carry out denial-of-service attacks, which are meant to bombard a target site with so many false requests for attention that it can’t process legitimate traffic. Not many details about how this was done have yet emerged, or whose data centers were involved. Expect those questions to linger for awhile.
The aim was not to steal money, but to disrupt the flow of it by making it hard for banking customers to access their accounts. Imagine trying to get to a bank teller window to make a deposit or withdrawal with 10 million people in the lobby: Very little real banking business would get done.
Additionally, every cyber weapon deployed by the U.S. and its allies gets studied not only by friendly security experts but by people on the other side. In time, all that collected knowledge is going to be put to use for attacks in the U.S. and other Western countries.
Anyway, expect entities acting on behalf of Iran to look for more opportunities to disrupt the flow of daily life this year. You have to remember, the U.S. is involved in an undeclared cyberwar, and you can’t exactly expect the other side to sit still. That’s war, after all.