
The banks of JP Morgan Chase and Bank of America are being increasingly targeted this week, in a systematic denial-of-service (DoS) attack against their websites. National security officials told NBC News that the cyber attacks are originating from the government of Iran and as a result, the cyber threat level was raised from “elevated” to “high”. The attacks began last year but have picked up in intensity this week, possibly after the attackers obtained more sophisticated attack tools (and more zero-day vulnerabilities were discovered). Iranian groups have claimed responsibility and cited the recent videos mocking Prophet Muhammad as the reason. United States officials claim this is nothing more than a cover story for Iran’s true intent.
The attacks began in January 2012 but have peaked in intensity this week. The consumer facing websites of Bank of America were unavailable to customers on Tuesday while JP Morgan Chase’s site was down on Wednesday. Citibank has also been a target. The attack is described by one source, a former U.S. official familiar with the attacks, as being “significant and ongoing” and looking to cause “functional and significant damage.” Last week, the Joint Chiefs of Staff’s Intelligence Directorate, known as J-2, confirmed continuing Iranian cyber attacks against U.S. financial institutions in a report described as “highly classified.”
One source suggested the attacks were in response to U.S. sanctions on Iranian banks. The true purpose of the attacks is not yet known and the question remains, what would a national government gain by launching a DoS attack against public facing websites? It is possible that the attacks are simply decoys intended to divert IT personnel’s attention while more sophisticated attacks are launched targeting other systems (e.g. the nation’s grid). DoS attacks have been used to divert attention in the past. Sutxnet, considered the world’s most sophisticated computer worm, was first discovered on July 15, 2010 and is widely believed to have been state sponsored (United States and Israel). Stuxnet utilized an unprecedented four zero-day vulnerabilities in its attack vectors which allowed its authors to pawn Siemens industrial control systems. On the day it was discovered, a DDoS attack against servers related to security information was initiated in order to divert attention away from the worm and slow down investigators.