- ‘Welcome to the edge of freedom’: Biden’s boots touch down in DMZ
- Obama: Hole U.S. ‘digging out of’ requires billions more in unemployment benefits
- Obama’s regulatory agenda will cost U.S. economy $143B next year: report
- Patriot Act author on James Clapper: Fire, prosecute him
- Russia P.M. Medvedev: No amnesty for political prisoners
- Michigan GOP Senate hopeful reminds government is the ‘servant’
- Christmas, by Congress: Members mull a 15-cent tax on trees
- U.S. unemployment falls to five-year low of 7 percent; 203K jobs added
- World mourns Nelson Mandela and celebrates his life; burial set for Dec. 15
- Bill O’Reilly reminds: Nelson Mandela ‘was a communist’
Bank attacks step up cyberwar
Question of the Day
A series of sophisticated foreign cyberattacks against the websites of U.S. banks represents a serious escalation in global cyberconflict, according to security specialists and former officials.
“These are significant attacks,” retired U.S. cyberwarrior Lt. Gen. Harry D. Raduege said. “They should be considered a warning of the cyber cold war.”
Sen. Joe Lieberman, Connecticut independent and the chairman of the Senate Homeland Security committee, says he believes Iranian special forces were behind the attacks, which have struck a half-dozen major U.S. banks over the past two weeks.
If that is true, it would make the attacks the first foreign cyberstrike aimed at disrupting U.S. critical infrastructure and affecting the daily lives of ordinary Americans, rather than attempting to penetrate computer networks at government agencies or private firms to spy on them.
The attacks prevented many customers from getting online for up to a day or more, according to statements by the banks and reports on social media sites. They appear aimed at undermining customer confidence, according to Mr. Raduege, now chairman of the Deloitte Center for Cyber Innovation.
“If you have been attacked like this, it can hurt customer confidence and it can hurt your brand,” he said. Companies “must have cyberpolicy and strategy” to counter such attacks and protect their reputation, he added.
But temporary Web difficulties generally do not cause banks to lose customers, noted information security consultant Adam L. Rice.
“No one likes the bad press, which is the point of the attacks. But studies have shown that people will probably not quit their banks because” of attacks such as these, Mr. Rice said.
The attacks flooded the banks’ websites with fake Internet terrific, meaning real users could not get through to log on, in same cases for several days. Known as a “distributed denial of service,” or DDoS, attack, this brute-force tactic is one of the oldest and simplest cyberattacks to stage — especially against entities such as banks, which have very secure computer architecture.
“For highly protected environments, it is easier to perform a DDoS [attack] than performing an intrusion or other more advanced attacks,” said Jaime Blasco of the European cybersecurity company Alienvault.
The hackers advertised online to recruit volunteers — known as “hacktivists” — to join in the attack, using a special program users can download, which turns their computer into an Internet weapon the hackers control.
But given the high Internet-traffic capacity of the target websites, Mr. Blasco added, it was doubtful that hacktivists could have achieved the impact they did unaided.
“It is very likely that other actors have been involved using other more advanced techniques” to generate traffic to block the sites, he said.
Mr. Lieberman said last week that he believed Tehran was behind the attack, specifically a special unit of Iran’s Revolutionary Guard Corps.
“I don’t believe these were just random hackers,” he said on C-SPAN. “I think this was done by Iran and the Quds Force, which has its own developing cyberattack capability.”
Mr. Lieberman said he thought the efforts targeted banks because of U.S. financial sanctions against Iran. “It is if you will, a counterattack in response to our sanctions against Iranian financial institutions,” he said.
The Web attacks on U.S. banks come as the White House confirmed that it, too, had been the target of hackers recently.
This attack was launched via a targeted email sent to user of an unclassified network, a White House official told The Washington Times in a statement. “In this instance the attack was identified, the system was isolated, and there is no indication whatsoever” that any data had been stolen, the official said.
Mr. Raduege dismissed the attack as “one of the millions of low-level daily attacks against government agencies and private companies a part of the daily cyber cold war.”
He said that any cyberattack could be sorted into one of three categories: The lowest was what he called “tactical, a cold war … a small ‘W’ war” — the continuing daily assault by cyberspies, criminals and other malefactors against government and private sector systems.
The second was “operational” — serious attacks actually aimed at disrupting infratsructure such as the bank attacks. At this level, he said, “There is political confrontation … a lot of accusations flying back and forth [between countries] a lot of finger pointing.”
The third level was “strategic” — attacks designed to destroy infrastructure, kill citizens or cause financial devastation. At this level, said Mr. Raduege, there is “military confrontation … that’s the one we want to stay away from.”
Banks and other big commercial entities can easily buy services to mitigate these kinds of attacks, said Mr. Rice, who was previously head of security for the world’s largest Internet service wholesaler, Tata Communications.
Service providers “have enormous capacity, so they absorb the attack, clean it [of the fake traffic], and pass [the real visitor’s traffic] along [to the website] clean,” said Mr. Rice. But these DDoS mitigation services are very expensive.
“If a bank’s Web page is down for a few hours … then an apology is [usually] much cheaper than the service,” Mr. Rice said.
© Copyright 2013 The Washington Times, LLC. Click here for reprint permission.
About the Author
Shaun Waterman is an award-winning reporter for The Washington Times, covering foreign affairs, defense and cybersecurity. He was a senior editor and correspondent for United Press International for nearly a decade, and has covered the Department of Homeland Security since 2003. His reporting on the Sept. 11 Commission and the tortuous process by which some of its recommendations finally became ...
- Britain eyes new powers to thwart Islamic extremists
- In global op, feds help seize websites selling fake goods
- Privacy board springs to life after NSA revelations
- Morocco trains 500 imams to counter spread of radical Islam
- Rice promises 'progressive' Asia tilt on women's rights, climate change
Latest Blog Entries
- Bill OReilly reminds: Nelson Mandela was a communist
- Kill team: Obama war chiefs widen drone death zones
- Obama administration issues permits for wind farms to kill more eagles
- Spike in battlefield deaths linked to restrictive rules of engagement
- Activists urge Obama to go rogue, sidestep Congress
- Craigslist killers: Police say newlyweds stabbed man for thrills
- Obama: Hole U.S. 'digging out of' requires billions more in unemployment benefits
- Rush Limbaugh: Obama trying to make Mandela death about himself
- Obamas call to close Vatican embassy is 'slap in the face' to Roman Catholics
- Colorado judge: Bakery owner discriminated against gay couple
Independent voices from the The Washington Times Communities
Entertainment News and Reviews from Washington, D.C. and beyond.
Great discoveries in the world of restaurants and chefs fulfill the quest for delicious food and cooking.
Television commentary, reviews, news and nonstop DVR catch-up by Lisa King Dolloff and friends.
Red Alert focuses on the hottest political topics in the nation and calls Americans to action.
White House pets gone wild!