Iran Denies Hacking American Banks, Censors Google - InformationWeek
Government // Cybersecurity
11:57 AM
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>>

Iran Denies Hacking American Banks, Censors Google

Iranian official says bank attack blame is a smoke screen for the U.S. to continue launching cyber attacks against Iran.

11 Security Sights Seen Only At Black Hat
11 Security Sights Seen Only At Black Hat
(click image for larger view and for slideshow)
The Iranian government Sunday criticized recent reports that Iran has been launching attacks against U.S. banks for the past year.

"Iran has not hacked the U.S. banks," Gholam Reza Jalali, the head of Iran's Civil Defense Organization, told the country's semi-official Fars News Agency. Furthermore, it reported, Jalali said "that these reports are aimed at demonizing Iran in cyberspace to portray the country as a global threat to cyber security and justify the U.S. and Israeli cyber attacks on Iran." That reference to attacks refers to reports that the U.S. and Israeli governments developed the Stuxnet virus that sabotaged equipment at an Iranian uranium enrichment facility.

Jalali's comments came after NBC News reported Thursday that a former U.S. official, speaking on condition of anonymity, said that the attacks against U.S. banks were both "significant and ongoing," as well as aimed at causing "functional and significant damage."

Evidence of such attacks seemed to appear Tuesday, when both the Bank of America and JPMorgan Chase websites experienced periodic outages. That same day, a group calling itself the "Cyber fighters of Izz ad-din Al qassam" had announced, via Pastebin, "Operation Ababil," which it said was aimed at disrupting the websites of Bank of America, the New York Stock Exchange, and Chase, in retaliation for the release of the Innocence of Muslims film that mocks the founder of Islam.

According to the former government official quoted by NBC, however, those claims were merely "a cover" for an Iranian government operation.

[ Read Bank Hack Attacks Show Need For Industry Cooperation. ]

Meanwhile, Reuters reported Friday, also based on anonymous sources, that the country's three largest banks--Bank of America, JPMorgan Chase & Co, and Citigroup--have been repeatedly targeted by distributed denial-of-service attacks. The attacks reportedly began in late 2011, were launched from inside Iran, and might have been used as cover for launching more sophisticated and targeted attacks. But the sources told Reuters that it was unclear whether the attacks were launched by elements of the Iranian government, groups hired by the government, or "'patriotic' citizens."

In response to those news reports, the Fars News Agency criticized the use of anonymous sources, noting that the anonymous interviewees "did not present any evidence to corroborate their claims against Iran."

Meanwhile, Sen. Joseph I. Lieberman (I-Conn.), who chairs the Homeland Security and Governmental Affairs Committee, took to the airwaves Friday to blame Iran for the attacks. "I don't believe these were just hackers who were skilled enough to cause disruption of the websites," Lieberman told C-SPAN, reported The Washington Post. "I think this was done by Iran and the Quds Force, which has its own developing cyberattack capability." The Quds Force is a special unit of the Revolutionary Guard, which is a branch of Iran's military.

According to Lieberman, the Iranian attacks were likely in response to "the increasingly strong economic sanctions that the United States and our European allies have put on Iranian financial institutions."

On a related note, a joint alert released Wednesday by the FBI, Financial Services Information Sharing and Analysis Center, and the Internet Crime Complaint Center, warned that online criminals recently have been targeting employees at financial institutions with "spam and phishing e-mails, keystroke loggers, and remote access trojans (RATs)," as well as Zeus variants, in an effort to steal their log-in credentials. According to the alert, the stolen credentials have been used to successfully execute fraudulent wire transfers, resulting in the criminals transferring between $400,000 and $900,000 at a time into overseas accounts.

In the wake of Stuxnet, as well as other cyberattacks such as the Flame malware that might have also been commissioned by the U.S. government, Iran reportedly is advancing its 12-month-old plan to create its own Internet for key government and military agencies. As a result, that could see many of the country's computers disconnected from the public Internet, according to news reports. But with that plan apparently progressing, information security experts have voiced concerns that ordinary Iranians could find themselves trapped on an Iranian intranet, disconnected from the public Internet.

On a related note, an Iranian official recently told the country's semi-official Iranian Labor News Agency (ILNA) that Google and Gmail access would be blocked inside the country, in response to the dissemination of the Innocence of Muslims film. "Google and Gmail will be filtered throughout the country until further notice," Abdolsamad Khoramabadi, an Iranian official who works for the government body that's in charge of online censorship and computer crimes, told Ilna, reported the Guardian Sunday.

Will Iran carry through on that threat? At least one Iranian Gmail and Google user reported Monday that he'd been unable to access either site since Sunday night.

Mobile employees' data and apps need protecting. Here are 10 ways to get the job done. Also in the new, all-digital 10 Steps To E-Commerce Security special issue of Dark Reading: Mobile technology is forcing businesses to rethink the fundamentals of how their networks work. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
9/28/2012 | 12:56:56 AM
re: Iran Denies Hacking American Banks, Censors Google
If Iran was in fact attacking the banking websites, why on earth would they ever admit? I would hate to be a citizen of Iran and have my internet filtered. Who honestly thinks that this is a coincidence that the hacker are rooted in Iran? Looks like the costs of these vulnerabilities is causing the banks to focus on guilty party.

Paul Sprague
InformationWeek Contributor
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll