Since September 2012, the US financial system is under a cyber attack which is mostly centered on denying access to online banking services. The importance of the financial sector alongside its dependency on computers makes it very vulnerable to the threat, all the more so when the motives of the attackers are not financial. Most of the organizations and persons are chiefly concerned over the theft of money, identities, sensitive and even secret information.
However, the cyber threat is much more than just that. It is destructive and can paralyze organizations and states. What makes the recent attacks unique is that their purpose was to inflict functional damage on the banks rather than just financial damage; they lasted over time in a coordinated and synchronized manner and were apparently done by Iran. The head of the DNI spoke with regards to the Iranian cyber capabilities during the US senate’s intelligence committee in on January 2012, and said that Iran’s offensive cyber capabilities (against the US) had dramatically improved in recent years, both in their depth and their complexity. In his assessment, the government and even the supreme leader have reached the conclusion that Iran can allow itself to attack the US through cyber means. This saying is the background for understanding the latest events.
Let us examine several other examples. Last August, the Saudi Arabian Oil titan Aramco was cyber attacked, as was the Qatari company RasGas several weeks later through the use of a deadly virus called Shamoon. Aramco, a gas company owned by the Saudi Arabian government, experienced the largest of damages, as the virus deleted more than 30,000 computers in the organization, causing severe functional damage for two weeks. Several weeks later, RasGas in Qatar was attacked by the same virus.
The outgoing US Secretary of Defense, Leon Panetta, referred to it as “possibly the most devastating attack on a private target so far.” According to US sources, the attack was apparently carried out by Iran, in response to the embargo on the export of Iranian oil. In addition, several weeks later, there was “Operation Ababil” : a continuous and wide-scale attack on the online services of US banks and the New York Stock Exchange. The “Cyber Warriors of Iz a-Din al-Qassam” took responsibility for the attack and stated that the attacks were intended to bring about the deletion of the movie “Innocence of the Muslims. The movie ignited the violent protests of Muslims around the world, after being broadcast in Egypt on September 11, 2012. According to US defense officials, Iran was the one behind the attacks, and if that is how things are, it carries them out via the “Quds Force” – the special force of the Iranian Revolutionary Guards (IRGC) responsible for distributing and protecting the Islamic Revolution.
The Quds Force has a long history of supporting organizations such as Hezbollah in order to carry out terror activity on their behalf, and is well established among Shiite communities around the world. Iran, which was subject to some of the world’s most sophisticated cyber attacks (Stuxnet, Flame, and others) established in response a cyber defensive and offensive forces. The head of Iran‘s civil protection command, Gholam Reza Jalali, rushed to deny accusations and said that “Iran did not breach the US banks.” To the point, Jalali did not lie, and Iran did not breach the banks, because the banks weren’t breached, but rather denied service. In a more general manner, Jalali knows well that it is difficult to trace the source of the cyber attacks in a certain manner (aka "attribution problem”) and it is very easy to deny that Iran was the one that attacked, and it is difficult to prove otherwise. Iran, which was the target of the most sophisticated cyber attacks in the world, knows this well.
It is difficult to exaggerate the ramifications of attacks on the financial sector. The bank systems are based on the public trust that its financial information and money will be available. In the US, approximately 20% of the organizations conduct all of their banking activities online, and 50% carried out more than half of their activities over the web. Most of the organizations see the financial system as the one responsible for securing their money and financial information (and rightfully), and claim that they will transfer the bulk of their business activity to another bank after an attack. The more the potential of the threat materialization increases, alongside a growing dependency of online and available information, the cyber threat becomes a strategic, operational and imagery risk factor to every bank separately and to the financial sector as a whole.
One of the more common and available methods for disrupting the availability of internet sites and online services is via Distributed Denial of Service (DDOS) attacks. These attacks initially began near the end of the 1990s (1999) and since then have become more advanced. The main technique is to establish a network comprised of tens of thousands of hacked computers around the world (Botnets). The compromised computers are remotely-controlled, and are used by attackers to flood online services until the server or network cannot withstand the load and cease to provide service. This is what the “Saudi Hacker” did in the attack against Israeli online services, for example. In the latest cyber campaign, we have seen an escalation with regards to tools and methods of activity. The main attack tool was an attack toolkit named “Itsoknoproblembro” (the name is funny, but the attack is most serious). This toolkit makes use of BRO-bots – hacked serves into which the attack command is “pushed”, which differs from botnet networks where the hacked are used. In this method, the attacks take advantage of the fact that servers have more communication volume available for attacks, and the attack can be done with fewer computers. This tool was also used in an attack on one of the Israeli internet providers during Operation Pillar of Defense.
Iran is well aware of the reference problem that exists in cyber attacks. For example, Iran threatened several times that if its nuclear facilities were to be attacked, it would retaliate by bombing US bases in the gulf and launching missiles on Israel. Iran openly blamed the US and Israel for the cyber attacks on its nuclear facilities, yet did not fulfill its threats. It can be assumed that this is because that it lacks the ability to prove, beyond a shadow of a doubt, who was behind the attacks. The same problem that worked in favor of those who attacked Iran with cyber means, now works in favor of Iran in the attacks on the US banks, if it was in fact Iran. Despite several statements by US officials, this remains nothing more than speculation.