By Keith Johnson
Who’s really responsible for a recent series of cyberattacks on American banks? If United States officials and politicians are to be believed, the government of Iran and its so-called “terrorist” proxies are to blame. However, some information security experts have cast doubt on this allegation, while others insist that the attacks are an obvious false-flag operation whose perpetrators have multiple, far-reaching objectives.
Word of compromised computer banking systems first surfaced in late September, when Wells Fargo, Bank of America, JP Morgan Chase and other financial institutions reported falling victim to computer network attacks that temporarily blocked many of their customers from engaging in online banking. Since then, Capital One, BB&T, HSBC and Regions banks have also reported experiencing similar disruptions to their websites.
An obscure group—identifying itself as the Izz ad-din al-Qassam Cyber Fighters—claimed responsibility for the first wave of attacks as retaliation for the amateurish Innocence of Muslims film that mocked the Islamic prophet Mohammed and sparked protests throughout the Middle East.
However, almost immediately following this announcement, unidentified U.S. national security officials allegedly told NBC News that this claim was just “a cover” story for the Iranian government’s cyberterrorism operations. Similarly, on October 12, another unnamed U.S. official told The Wall Street Journal that the recent attacks against U.S. banks bore “signatures” traced to “a network of fewer than 100 Iranian computer-security specialists at universities and network security companies in Iran.”
The alleged source went on to say “These are not ordinary Iranians,” and added that the “hackers don’t have the resources to mount major attacks without the support and technical expertise of the government.”
Despite the government’s claims, tracing a computer hack to its original source is far from conclusive. “In most cases, if the attacker is highly skilled, it is nearly impossible to clearly determine the origin of an event, and even more difficult to ascertain if the attack was state-sponsored or instigated by individual actors,” writes Anthony M. Freed at Security Bistro. “The use of multiple proxies, Internet routing tricks, employing compromised systems belonging to a third party and the use of spoofed [Internet computer] addresses can all be easily coordinated to give the appearance that an attack is originating far from the actual source.”
Cesar Cerrudo, an information security specialist and chief technology officer for IO/Active Labs, is also at odds with the government’s allegations.
“It’s very easy to attack some group of people or some country and make it look like it came from another country,” Cerrudo said in a recent post for network security magazine Dark Reading. “You can engage them into cyberwar via a third party.”
As an example, Cerrudo cites a 2010 hack that targeted China’s Baidu search engine by a group claiming to be the Iranian Cyber Army. “The Chinese were surprised that Iranians had attacked them,” said Cerrudo. “After that, the Chinese attacked Iran. But it turns out it wasn’t actually Iran behind the Baidu attack. Someone else attacked the Chinese to get them to attack the Iranians.” (Some say the so-called Iranian Cyber Army is or was a group of Russian hackers based outside Iran.)
Although no one can be sure who perpetrated the recent hacks on U.S. banks, many are asking the obvious question: Cui bono? (Who benefits?)
“With President Obama ready to sign an executive order to control the Internet in the name of cybersecurity, could it be more obvious that this ‘cyberattack’ is a total setup?” asked Eric Blair on the popular website Activist Post. “Especially since all versions of Internet control legislation have failed to pass in normal government channels both domestically and internationally,” he added.
Susanne Posel of another popular website, Occupy Corporatism, wrote: “Framing Iran for the American banking system’s computer failure kills two birds with one stone. Not only would the banking cartels be able to shut down all banking computers (and simultaneously siphon the remaining money in their customers’ accounts) but also use this fake cyberattack to engage the American public against Iran and justify their highly anticipated military strike.”
In a recent edition of the computer magazine Information Security, other theories were explored that have received little attention in the media. Among the possible culprits considered are hacktivist groups like Anonymous and Russian crime syndicates.
But in terms of motive and capability, Israelis top the list. Not only do they consider Iran to be the greatest threat to their existence, but they’ve also demonstrated a proficiency in cyberwarfare through the creation of sophisticated viruses that have been successfully used against Iran’s infrastructure. Recently, a new virus dubbed “mini-Flame” has targeted banks in Lebanon and Iran.
Mike Rivero, a former NASA employee and webmaster of the website What Really Happened, suspects that Israel is behind the recent attacks, and believes Israel will likely follow it up with a complete take-down of U.S. financial computers that will falsely be blamed on Iran.
“This also gets Wall Street and Washington, D.C. off the hook,” he said, “because now the financial meltdown is an act of war, rather than the result of decades of Wall Street crime and corruption and the predations of private central banks.”