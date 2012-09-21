* Attacks began in late 2011, escalated this year-sources
* Hackers disrupted bank websites and networks-sources
* Attacks came after Iran beefed up cyber capabilities
* Evidence shows may be retaliation for sanctions-sources
By Jim Finkle and Rick Rothacker
Sept 21 Iranian hackers have repeatedly attacked
Bank of America Corp, JPMorgan Chase & Co and
Citigroup Inc over the past year as part of a broad cyber
campaign targeting the United States, according to people
familiar with the situation.
The attacks, which began in late 2011 and escalated this
year, have primarily been "denial of service" campaigns that
disrupted the banks' websites and corporate networks by
overwhelming them with incoming web traffic, said the sources.
They said there was evidence suggesting the hackers targeted
the three banks in retaliation for their enforcement of Western
economic sanctions against Iran. Whether the hackers have been
able to inflict more serious damage on computer networks or
steal critical data is not yet known.
Iran has beefed up its cyber capabilities after its nuclear
program was damaged in 2010 by the Stuxnet virus, widely
believed to have been developed by the United States. Tehran has
publicly advertised its intentions to build a cyber army and
encouraged private citizens to hack against Western countries.
The attacks on the three largest U.S. banks originated in
Iran, but it is not clear if they were launched by the state,
groups working on behalf of the government, or "patriotic"
citizens, according to the sources, who requested anonymity as
they were not authorized to discuss the matter.
The hackers also targeted other U.S. companies, the sources
said, without giving specifics. They said the attacks shed new
light on the potential for Iran to lash out at Western nations'
information networks.
"Most people didn't take Iran seriously. Now most people are
taking them very seriously," said one of the sources, referring
to Iran's cyber capabilities.
Iranian officials were not available to comment. Bank of
America, JPMorgan Chase and Citigroup declined to comment, as
did officials with the Pentagon, U.S. Department of Homeland
Security, Federal Bureau of Investigation, National Security
Agency and Secret Service.
A U.S. financial services industry group this week warned
banks, brokerages and insurers to be on heightened alert for
cyber attacks after the websites of Bank of America and JPMorgan
Chase experienced service disruptions.
Senator Joseph Lieberman, chairman of the Senate's Homeland
Security and Governmental Affairs Committee, said o n F riday that
he believes Iran was behind the attacks.
"I think this was done by Iran and the Quds Force, which has
its own developing cyber attack capability," Lieberman said
during a taping of C-SPAN's "Newsmakers" program. The Quds Force
is a covert arm of Iran's Revolutionary Guards.
"I believe it was a response to the increasingly strong
economic sanctions that the United States and our European
allies have put on Iranian financial institutions," he said. ()
Tensions between the United States and Iran, which date back
to the revolution in 1979 that resulted in the current Islamic
republic, have escalated in recent years as Washington has led
the effort to prevent Tehran from getting a nuclear bomb and
imposed tough economic sanctions.
DISRUPTIVE CAMPAIGN
Denial-of-service campaigns are among the oldest types of
cyber attacks and do not require highly skilled computer
programmers or advanced expertise, compared with sophisticated
and destructive weapons like Stuxnet.
But denial-of-service attacks can still be very disruptive:
If a bank's website is repeatedly shut down, the attacks can
hurt its reputation, affect customer retention and cause revenue
losses as customers cannot open accounts or conduct other
business.
Bank of America, Citigroup and JPMorgan Chase have consulted
the FBI, Department of Homeland Security and National Security
Agency on how to strengthen their networks in the face of the
Iranian attacks, the sources said. It was not clear whether law
enforcement agencies are formally investigating the attacks.
The Iranian attackers may have used denial-of-service to
distract the victims from other, more destructive assaults that
have yet to be uncovered, the sources said.
Frank Cilluffo, who served as homeland security adviser to
former U.S. President George W. Bush, told Reuters he knows of
"cyber reconnaissance" missions that have come from Iran but
declined to give specifics.
"It is yet to be seen whether they have the wherewithal to
cause significant damage," said Cilluffo, who is now director of
the Homeland Security Policy Institute at George Washington
University.
Security experts said Iran's cyber capabilities are not as
sophisticated as those of China, Russia, the United States or
many of its Western allies. Jim Lewis, a former U.S. Foreign
Service officer, said Iran has been testing its cyber technology
against Israel and other Gulf states in recent years.
"It's like the nuclear program: It isn't particularly
sophisticated but it makes progress every year," said Lewis,
who is a senior fellow at the Center for Strategic &
International Studies.