Iran may be behind a massive and sustained campaign of cyber-attacks against numerous Western financial institutions, including Citigroup, Capital One and HSBC, we learned last week. The strikes exploit banks’ Web site encryption, which encode customers’ online transactions to keep them secure, but it also increases traffic volume.
|Cyber-attacks on bank Web sites use encryption and cloud computing networks to cause online traffic jams.|
Enough of this traffic causes a jam that can completely halt business on these Web sites. So attackers seize control of sprawling cloud computing networks, using them to inundate these Web sites with encrypted requests in order to deny service to their target’s customers, hence the name Distributed Denial of Service (DDoS) attacks.
“Even the well-defended Web sites of banking titans such as Wells Fargo, Bank of America and JP Morgan Chase have suffered connection problems under the weight of the recent onslaughts,” TechDailyNews Senior Editor Paul Wagenseil wrote last week. “Web sites can be cut off from the rest of the Internet, which for online banks adds up to a lot of lost business.”
Web sites for most midsize enterprises can handle about one gigabit per second, according to an expert in The New York Times last week. One victimized bank could handle 40 gbps, but some attacks were as strong as 70 gbps.
“The DDoS attacks against the bank sites are several orders of magnitude higher than the attacks led by the hacktivist movement Anonymous against PayPal, MasterCard and dozens of government sites over the past few years,” Wagenseil said. “The bank attacks … have often used a DDoS tool called ‘ItsOKNoProblemBro’ to hijack and launch attacks from other Web servers, greatly amplifying the bandwidth of the bogus requests.”
And ItsOKNoProblemBro-infected servers are “bRobots.” Get it?
But It’s Not O.K. — And There Is A Problem, Bro
If turning a Web site’s encryption against itself isn’t cruel enough, attackers use the same types of cloud computing networks that many businesses employ to help solve their Big Data storage problems. The New York Times characterized this as “transforming the online equivalent of a few yapping Chihuahuas into a pack of fire-breathing Godzillas.”
But the DDoS attacks don’t compromise anyone’s account or steal any money; they are extraordinarily difficult to trace; and they are far more sophisticated that what one would expect from a garden variety hacker. That has some experts thinking that Iran is sponsoring these attacks in retaliation for U.S.-led economic sanctions in the United Nations, and three U.S.-led cyber-attacks on Iran in as many years.
|State-sponsored cyber-attacks can be a form of asymmetric warfare.|
Some see this as a form of asymmetric warfare, off-the-battlefield combat typically engaged against an opponent with significantly greater military might. U.S. Defense Secretary Leon Panetta addressed the threat in October, shortly after these attacks surfaced.
“Potential aggressors should be aware that the United States has the capacity to locate them and to hold them accountable for actions that may try to harm America,” Panetta said. “For these kinds of scenarios, the department has developed the capability to conduct effective operations to counter threats to our national interests in cyberspace.”
On the Cold Warpath
The stakes are high, but Iran denies being behind the attacks. Hackers known as Izz ad-Din al-Qassam Cyber Fighters have claimed responsibility, citing an inflammatory online video. But the group is really a front for Iran, according to U.S. intelligence officials.