Attacks/Breaches
10/22/2012
04:52 PM
50%
50%

Who Is Hacking U.S. Banks? 8 Facts

Hackers have labeled the bank website disruptions as grassroots-level reprisal for an anti-Islamic film. But is the Iranian government really backing the attacks?
Previous
2 of 8
Next


The attackers have been targeting some of the country's largest financial institutions. On Oct. 16, in the fifth week of the banking attacks, CapitalOne even saw its online banking and corporate sites get disrupted by attackers for a second time, in what was the first repeat attack. Meanwhile, on Oct. 18, HSBC confirmed that not just its U.S. websites but also some global websites had been disrupted by attackers.

"HSBC servers came under a denial of service attack which affected a number of HSBC websites around the world," according to an Oct. 18 statement issued by the bank on the day it was attacked. "This denial of service attack did not affect any customer data, but did prevent customers using HSBC online services, including internet banking." By later that day, however, the bank said it had restored service.

While the outages are annoying for customers, they could also spell lost revenue for the businesses involved. Accordingly, might these bank website attacks portend a future in which hacktivists regularly seek to cause economic damage to U.S. businesses as a form of protest, or even low-grade cyber warfare? Secretary of Defense Leon Panetta, in a recent speech delivered to the Business Executives for National Security, suggested that possibility, as he warned how "a destructive cyber terrorist attack could paralyze the nation." Speaking of the attacks on bank websites, he said: "While this kind of tactic isn't new, the scale and speed was unprecedented."

Many cybersecurity watchers saw Panetta's speech as a thinly veiled threat to Iran. In recent weeks, U.S. government officials--again, speaking anonymously in media interviews, and referencing what they said were classified intelligence reports--have said that the signature of the banking attacks has been traced to a group of fewer than 100 information security specialists, all based at Iranian universities and technology companies, who are backed by the Iranian government.

In light of those allegations, the Cyber fighters of Izz ad-din Al qassam have sought to shift the question of Iranian government backing back to the Innocence of Muslims film. "With a little searching, we still found the anti-Islamic offensive film on the Internet. Thus the chain of cyber attacks on U.S. banks will continue this week," they wrote in a Pastebin post previewing the fifth week of attacks.

RECOMMENDED READING

Iran Denies Hacking American Banks, Censors Google

PNC Bank Hit By Crowdsourced Hacktivist Attacks

Bank Site Attacks Trigger Ongoing Outages, Customer Anger

Bank Hacks: 7 Misunderstood Facts

Hackers Launch New Wave Of U.S. Bank Attacks

U.S. Bank Hacks Expand; Regions Financial Hit

Bank Hacks: Iran Blame Game Intensifies

DOD: Hackers Breached U.S. Critical Infrastructure Control Systems

Previous
2 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Leo Regulus
50%
50%
Leo Regulus,
User Rank: Apprentice
10/24/2012 | 4:52:32 PM
re: Who Is Hacking U.S. Banks? 8 Facts
Very disappointed in Editor's choice of article format. This has been extensively discussed in the past.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6090
Published: 2015-04-27
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix...

CVE-2014-6092
Published: 2015-04-27
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...

CVE-2015-0113
Published: 2015-04-27
The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation...

CVE-2015-0174
Published: 2015-04-27
The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVE-2015-0175
Published: 2015-04-27
IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.