There was something disturbingly different about the wave of online attacks on American banks in recent weeks. Security researchers say that instead of exploiting individual computers, the attackers engineered networks of computers in data centers.
Since September, intruders have caused major disruptions to the online banking sites of Bank of America, Citigroup, Wells Fargo, US Bancorp, PNC and others.
The skill needed to carry out attacks on this scale has convinced the US government officials and security researchers that they are the work of Iran, most likely in retaliation for economic sanctions and online attacks by the US. “There is no doubt within the US government that Iran is behind these attacks,” said James A Lewis, a former official in the State and Commerce Departments and a computer security expert at the Center for Strategic and International Studies. American officials have not offered any technical evidence to back up their claims. Also, the hackers chose to pursue disruption, not money: another earmark of state-sponsored attacks, the security experts said.
“The scale, the scope and the effectiveness of these attacks have been unprecedented,” said Carl Herberger, vice president of security solutions at Radware, a security firm investigating the attacks.
A hacker group — Izz ad-Din al-Qassam Cyber Fighters — claimed responsibility in online for the attacks in online posts. But US intelligence officials say the group is actually a cover for Iran.
Researchers at Radware discovered that various cloud services and public Web hosting services had been infected with a particularly sophisticated form of malware, called Itsoknoproblembro, that was designed to evade detection by antivirus programs.
The malware has existed for years, but the banking attacks were the first time it used data centers to attack external victims.