US financial institutions are being pounded with high-powered cyber attacks that some suspect are being orchestrated by Iran as payback for political sanctions.
“There is no doubt within the US Government that Iran is behind these attacks,” James Lewis, a former official in the state and commerce departments and now a computer security expert at the Centre for Strategic and International Studies, told the New York Times.
While the identities of those behind the online onslaught officially remain a mystery, it was clear they were using a potent new weapon for slamming bank Web sites with overwhelming numbers or requests for information.
The attackers infected the data centres used to host services in the Internet “cloud” and commandeered massive computing power to back distributed denial of service (DDoS) attacks, according to security experts.
DDoS attacks have been a basic hacker weapon for quite some time, but they have typically involved using armies of personal computers tainted with viruses and coordinated to make simultaneous requests at targeted Web sites.
“They are essentially going from a pistol to a cannon,” Radware Vice-President of Security Solutions Carl Herberger said of cyber attackers using data centres. “That was one major achievement.”
The top 20 US banks on Wednesday were being hit with a third wave of attacks, each of which has been preceded by a claim of responsibility by a group calling itself Izz ad-Din al-Qassam Cyber Fighters.
The attacks began in September last year, according to Radware, which specialises in commercial computer security and has been investigating the cyber assaults.
“The landscape we are seeing is essentially a persistent industry sector attack that is unprecedented,” Herberger said.
“There have been a number of lulls in cyber fighting, with waves concluded and re-launched.”