Iran Denies Hacking American Banks, Censors Google

Iranian official says bank attack blame is a smoke screen for the U.S. to continue launching cyber attacks against Iran.

Mathew J. Schwartz, Contributor

September 24, 2012

5 Min Read

11 Security Sights Seen Only At Black Hat

11 Security Sights Seen Only At Black Hat

11 Security Sights Seen Only At Black Hat (click image for larger view and for slideshow)

The Iranian government Sunday criticized recent reports that Iran has been launching attacks against U.S. banks for the past year.

"Iran has not hacked the U.S. banks," Gholam Reza Jalali, the head of Iran's Civil Defense Organization, told the country's semi-official Fars News Agency. Furthermore, it reported, Jalali said "that these reports are aimed at demonizing Iran in cyberspace to portray the country as a global threat to cyber security and justify the U.S. and Israeli cyber attacks on Iran." That reference to attacks refers to reports that the U.S. and Israeli governments developed the Stuxnet virus that sabotaged equipment at an Iranian uranium enrichment facility.

Jalali's comments came after NBC News reported Thursday that a former U.S. official, speaking on condition of anonymity, said that the attacks against U.S. banks were both "significant and ongoing," as well as aimed at causing "functional and significant damage."

Evidence of such attacks seemed to appear Tuesday, when both the Bank of America and JPMorgan Chase websites experienced periodic outages. That same day, a group calling itself the "Cyber fighters of Izz ad-din Al qassam" had announced, via Pastebin, "Operation Ababil," which it said was aimed at disrupting the websites of Bank of America, the New York Stock Exchange, and Chase, in retaliation for the release of the Innocence of Muslims film that mocks the founder of Islam.

According to the former government official quoted by NBC, however, those claims were merely "a cover" for an Iranian government operation.

[ Read Bank Hack Attacks Show Need For Industry Cooperation. ]

Meanwhile, Reuters reported Friday, also based on anonymous sources, that the country's three largest banks--Bank of America, JPMorgan Chase & Co, and Citigroup--have been repeatedly targeted by distributed denial-of-service attacks. The attacks reportedly began in late 2011, were launched from inside Iran, and might have been used as cover for launching more sophisticated and targeted attacks. But the sources told Reuters that it was unclear whether the attacks were launched by elements of the Iranian government, groups hired by the government, or "'patriotic' citizens."

In response to those news reports, the Fars News Agency criticized the use of anonymous sources, noting that the anonymous interviewees "did not present any evidence to corroborate their claims against Iran."

Meanwhile, Sen. Joseph I. Lieberman (I-Conn.), who chairs the Homeland Security and Governmental Affairs Committee, took to the airwaves Friday to blame Iran for the attacks. "I don't believe these were just hackers who were skilled enough to cause disruption of the websites," Lieberman told C-SPAN, reported The Washington Post. "I think this was done by Iran and the Quds Force, which has its own developing cyberattack capability." The Quds Force is a special unit of the Revolutionary Guard, which is a branch of Iran's military.

According to Lieberman, the Iranian attacks were likely in response to "the increasingly strong economic sanctions that the United States and our European allies have put on Iranian financial institutions."

On a related note, a joint alert released Wednesday by the FBI, Financial Services Information Sharing and Analysis Center, and the Internet Crime Complaint Center, warned that online criminals recently have been targeting employees at financial institutions with "spam and phishing e-mails, keystroke loggers, and remote access trojans (RATs)," as well as Zeus variants, in an effort to steal their log-in credentials. According to the alert, the stolen credentials have been used to successfully execute fraudulent wire transfers, resulting in the criminals transferring between $400,000 and $900,000 at a time into overseas accounts.

In the wake of Stuxnet, as well as other cyberattacks such as the Flame malware that might have also been commissioned by the U.S. government, Iran reportedly is advancing its 12-month-old plan to create its own Internet for key government and military agencies. As a result, that could see many of the country's computers disconnected from the public Internet, according to news reports. But with that plan apparently progressing, information security experts have voiced concerns that ordinary Iranians could find themselves trapped on an Iranian intranet, disconnected from the public Internet.

On a related note, an Iranian official recently told the country's semi-official Iranian Labor News Agency (ILNA) that Google and Gmail access would be blocked inside the country, in response to the dissemination of the Innocence of Muslims film. "Google and Gmail will be filtered throughout the country until further notice," Abdolsamad Khoramabadi, an Iranian official who works for the government body that's in charge of online censorship and computer crimes, told Ilna, reported the Guardian Sunday.

Will Iran carry through on that threat? At least one Iranian Gmail and Google user reported Monday that he'd been unable to access either site since Sunday night.

Mobile employees' data and apps need protecting. Here are 10 ways to get the job done. Also in the new, all-digital 10 Steps To E-Commerce Security special issue of Dark Reading: Mobile technology is forcing businesses to rethink the fundamentals of how their networks work. (Free registration required.)

About the Author(s)

Mathew J. Schwartz


Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights