- Selfies at Funerals blog creator retires after Obama flub: ‘Our work here is done’
- New Obama adviser Podesta is against Keystone but will steer clear of pipeline deliberations
- 40 Australian adults, children found in ‘one of the worst accounts of incest ever made public’
- Venezuela’s Maduro calls on student ‘price vigilantes’ to hit the streets, report businesses
- Atheists smug as Hindus join Satanists to demand display at Oklahoma Statehouse
- Bow before Valkyrie, NASA’s ‘superhero robot’ entry in DARPA challenge
- 10-year-old Pennsylvania boy suspended for pretend bow-and-arrow shooting
- Tea partiers turn on Capitol Hill budget deal
- Budget deal to get quick vote in the House
- Comma on!: Twitter erupts over Obama-Castro ‘marriage’
Bank attacks step up cyberwar
A series of sophisticated foreign cyberattacks against the websites of U.S. banks represents a serious escalation in global cyberconflict, according to security specialists and former officials.
“These are significant attacks,” retired U.S. cyberwarrior Lt. Gen. Harry D. Raduege said. “They should be considered a warning of the cyber cold war.”
Sen. Joe Lieberman, Connecticut independent and the chairman of the Senate Homeland Security committee, says he believes Iranian special forces were behind the attacks, which have struck a half-dozen major U.S. banks over the past two weeks.
If that is true, it would make the attacks the first foreign cyberstrike aimed at disrupting U.S. critical infrastructure and affecting the daily lives of ordinary Americans, rather than attempting to penetrate computer networks at government agencies or private firms to spy on them.
The attacks prevented many customers from getting online for up to a day or more, according to statements by the banks and reports on social media sites. They appear aimed at undermining customer confidence, according to Mr. Raduege, now chairman of the Deloitte Center for Cyber Innovation.
“If you have been attacked like this, it can hurt customer confidence and it can hurt your brand,” he said. Companies “must have cyberpolicy and strategy” to counter such attacks and protect their reputation, he added.
But temporary Web difficulties generally do not cause banks to lose customers, noted information security consultant Adam L. Rice.
“No one likes the bad press, which is the point of the attacks. But studies have shown that people will probably not quit their banks because” of attacks such as these, Mr. Rice said.
The attacks flooded the banks’ websites with fake Internet terrific, meaning real users could not get through to log on, in same cases for several days. Known as a “distributed denial of service,” or DDoS, attack, this brute-force tactic is one of the oldest and simplest cyberattacks to stage — especially against entities such as banks, which have very secure computer architecture.
“For highly protected environments, it is easier to perform a DDoS [attack] than performing an intrusion or other more advanced attacks,” said Jaime Blasco of the European cybersecurity company Alienvault.
The hackers advertised online to recruit volunteers — known as “hacktivists” — to join in the attack, using a special program users can download, which turns their computer into an Internet weapon the hackers control.
But given the high Internet-traffic capacity of the target websites, Mr. Blasco added, it was doubtful that hacktivists could have achieved the impact they did unaided.
“It is very likely that other actors have been involved using other more advanced techniques” to generate traffic to block the sites, he said.
Mr. Lieberman said last week that he believed Tehran was behind the attack, specifically a special unit of Iran’s Revolutionary Guard Corps.
“I don’t believe these were just random hackers,” he said on C-SPAN. “I think this was done by Iran and the Quds Force, which has its own developing cyberattack capability.”
Mr. Lieberman said he thought the efforts targeted banks because of U.S. financial sanctions against Iran. “It is if you will, a counterattack in response to our sanctions against Iranian financial institutions,” he said.
The Web attacks on U.S. banks come as the White House confirmed that it, too, had been the target of hackers recently.
This attack was launched via a targeted email sent to user of an unclassified network, a White House official told The Washington Times in a statement. “In this instance the attack was identified, the system was isolated, and there is no indication whatsoever” that any data had been stolen, the official said.
Mr. Raduege dismissed the attack as “one of the millions of low-level daily attacks against government agencies and private companies a part of the daily cyber cold war.”
He said that any cyberattack could be sorted into one of three categories: The lowest was what he called “tactical, a cold war … a small ‘W’ war” — the continuing daily assault by cyberspies, criminals and other malefactors against government and private sector systems.
The second was “operational” — serious attacks actually aimed at disrupting infratsructure such as the bank attacks. At this level, he said, “There is political confrontation … a lot of accusations flying back and forth [between countries] a lot of finger pointing.”
The third level was “strategic” — attacks designed to destroy infrastructure, kill citizens or cause financial devastation. At this level, said Mr. Raduege, there is “military confrontation … that’s the one we want to stay away from.”
Banks and other big commercial entities can easily buy services to mitigate these kinds of attacks, said Mr. Rice, who was previously head of security for the world’s largest Internet service wholesaler, Tata Communications.
Service providers “have enormous capacity, so they absorb the attack, clean it [of the fake traffic], and pass [the real visitor’s traffic] along [to the website] clean,” said Mr. Rice. But these DDoS mitigation services are very expensive.
“If a bank’s Web page is down for a few hours … then an apology is [usually] much cheaper than the service,” Mr. Rice said.
© Copyright 2013 The Washington Times, LLC. Click here for reprint permission.
About the Author
Shaun Waterman is an award-winning reporter for The Washington Times, covering foreign affairs, defense and cybersecurity. He was a senior editor and correspondent for United Press International for nearly a decade, and has covered the Department of Homeland Security since 2003. His reporting on the Sept. 11 Commission and the tortuous process by which some of its recommendations finally became ...
- Democrats proceed with Mayorkas vote despite pending investigation
- Game players don't think peace has a chance in Syria
- NSA monitored 'World of Warcraft' players
- New Internet security challenge arises for cybercops
- Britain eyes new powers to thwart Islamic extremists
Latest Blog Entries
By Donald Lambro
Growth spikes are little more than trend-free anomalies
- Tea partiers turn on Capitol Hill budget deal
- Rand Paul: Budget deal 'shameful,' 'huge mistake'
- Leon Panetta named as source of 'Zero Dark Thirty' scriptwriters information
- Teen thugs in DC run wild -- even while wearing GPS ankle bracelets
- New budget accord saves $23 billion -- after $65 billion spending spree
- CARSON: Why did the founders give us the Second Amendment?
- American bourbon now better than Scottish whiskey: U.K.-born expert
- Obama takes 'selfie' at Mandela's funeral service
- VEGAS RULES: Harry Reid pushed feds to change ruling for casino's big-money foreigners
- U.S. pilot scares off Iranians with 'Top Gun'-worthy stunt: 'You really ought to go home'
Independent voices from the The Washington Times Communities
Uncensored exploration of issues concerning current events, civil liberties, American political advocacy, and the political and social issues facing military veterans.
An objective, analysis-based perspective of D.C. sports as seen through the eyes of lifelong D.C. sports enthusiast, John Heibel.
All of the world’s problems, solved on your back porch
Extraordinary day at Redskins Park
White House pets gone wild!
Let it snow