- The Washington Times - Monday, October 1, 2012

A series of sophisticated foreign cyberattacks against the websites of U.S. banks represents a serious escalation in global cyberconflict, according to security specialists and former officials.

“These are significant attacks,” retired U.S. cyberwarrior Lt. Gen. Harry D. Raduege said. “They should be considered a warning of the cyber cold war.”

Sen. Joe Lieberman, Connecticut independent and the chairman of the Senate Homeland Security committee, says he believes Iranian special forces were behind the attacks, which have struck a half-dozen major U.S. banks over the past two weeks.

If that is true, it would make the attacks the first foreign cyberstrike aimed at disrupting U.S. critical infrastructure and affecting the daily lives of ordinary Americans, rather than attempting to penetrate computer networks at government agencies or private firms to spy on them.

The attacks prevented many customers from getting online for up to a day or more, according to statements by the banks and reports on social media sites. They appear aimed at undermining customer confidence, according to Mr. Raduege, now chairman of the Deloitte Center for Cyber Innovation.

“If you have been attacked like this, it can hurt customer confidence and it can hurt your brand,” he said. Companies “must have cyberpolicy and strategy” to counter such attacks and protect their reputation, he added.

But temporary Web difficulties generally do not cause banks to lose customers, noted information security consultant Adam L. Rice.

“No one likes the bad press, which is the point of the attacks. But studies have shown that people will probably not quit their banks because” of attacks such as these, Mr. Rice said.

The attacks flooded the banks’ websites with fake Internet terrific, meaning real users could not get through to log on, in same cases for several days. Known as a “distributed denial of service,” or DDoS, attack, this brute-force tactic is one of the oldest and simplest cyberattacks to stage — especially against entities such as banks, which have very secure computer architecture.

“For highly protected environments, it is easier to perform a DDoS [attack] than performing an intrusion or other more advanced attacks,” said Jaime Blasco of the European cybersecurity company Alienvault.

The hackers advertised online to recruit volunteers — known as “hacktivists” — to join in the attack, using a special program users can download, which turns their computer into an Internet weapon the hackers control.

But given the high Internet-traffic capacity of the target websites, Mr. Blasco added, it was doubtful that hacktivists could have achieved the impact they did unaided.

“It is very likely that other actors have been involved using other more advanced techniques” to generate traffic to block the sites, he said.

Mr. Lieberman said last week that he believed Tehran was behind the attack, specifically a special unit of Iran’s Revolutionary Guard Corps.

“I don’t believe these were just random hackers,” he said on C-SPAN. “I think this was done by Iran and the Quds Force, which has its own developing cyberattack capability.”

Story Continues →