Iran Denies Hacking American Banks, Censors Google - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity

Iran Denies Hacking American Banks, Censors Google

Iranian official says bank attack blame is a smoke screen for the U.S. to continue launching cyber attacks against Iran.

11 Security Sights Seen Only At Black Hat
11 Security Sights Seen Only At Black Hat
(click image for larger view and for slideshow)
The Iranian government Sunday criticized recent reports that Iran has been launching attacks against U.S. banks for the past year.

"Iran has not hacked the U.S. banks," Gholam Reza Jalali, the head of Iran's Civil Defense Organization, told the country's semi-official Fars News Agency. Furthermore, it reported, Jalali said "that these reports are aimed at demonizing Iran in cyberspace to portray the country as a global threat to cyber security and justify the U.S. and Israeli cyber attacks on Iran." That reference to attacks refers to reports that the U.S. and Israeli governments developed the Stuxnet virus that sabotaged equipment at an Iranian uranium enrichment facility.

Jalali's comments came after NBC News reported Thursday that a former U.S. official, speaking on condition of anonymity, said that the attacks against U.S. banks were both "significant and ongoing," as well as aimed at causing "functional and significant damage."

Evidence of such attacks seemed to appear Tuesday, when both the Bank of America and JPMorgan Chase websites experienced periodic outages. That same day, a group calling itself the "Cyber fighters of Izz ad-din Al qassam" had announced, via Pastebin, "Operation Ababil," which it said was aimed at disrupting the websites of Bank of America, the New York Stock Exchange, and Chase, in retaliation for the release of the Innocence of Muslims film that mocks the founder of Islam.

According to the former government official quoted by NBC, however, those claims were merely "a cover" for an Iranian government operation.

[ Read Bank Hack Attacks Show Need For Industry Cooperation. ]

Meanwhile, Reuters reported Friday, also based on anonymous sources, that the country's three largest banks--Bank of America, JPMorgan Chase & Co, and Citigroup--have been repeatedly targeted by distributed denial-of-service attacks. The attacks reportedly began in late 2011, were launched from inside Iran, and might have been used as cover for launching more sophisticated and targeted attacks. But the sources told Reuters that it was unclear whether the attacks were launched by elements of the Iranian government, groups hired by the government, or "'patriotic' citizens."

In response to those news reports, the Fars News Agency criticized the use of anonymous sources, noting that the anonymous interviewees "did not present any evidence to corroborate their claims against Iran."

Meanwhile, Sen. Joseph I. Lieberman (I-Conn.), who chairs the Homeland Security and Governmental Affairs Committee, took to the airwaves Friday to blame Iran for the attacks. "I don't believe these were just hackers who were skilled enough to cause disruption of the websites," Lieberman told C-SPAN, reported The Washington Post. "I think this was done by Iran and the Quds Force, which has its own developing cyberattack capability." The Quds Force is a special unit of the Revolutionary Guard, which is a branch of Iran's military.

According to Lieberman, the Iranian attacks were likely in response to "the increasingly strong economic sanctions that the United States and our European allies have put on Iranian financial institutions."

On a related note, a joint alert released Wednesday by the FBI, Financial Services Information Sharing and Analysis Center, and the Internet Crime Complaint Center, warned that online criminals recently have been targeting employees at financial institutions with "spam and phishing e-mails, keystroke loggers, and remote access trojans (RATs)," as well as Zeus variants, in an effort to steal their log-in credentials. According to the alert, the stolen credentials have been used to successfully execute fraudulent wire transfers, resulting in the criminals transferring between $400,000 and $900,000 at a time into overseas accounts.

In the wake of Stuxnet, as well as other cyberattacks such as the Flame malware that might have also been commissioned by the U.S. government, Iran reportedly is advancing its 12-month-old plan to create its own Internet for key government and military agencies. As a result, that could see many of the country's computers disconnected from the public Internet, according to news reports. But with that plan apparently progressing, information security experts have voiced concerns that ordinary Iranians could find themselves trapped on an Iranian intranet, disconnected from the public Internet.

On a related note, an Iranian official recently told the country's semi-official Iranian Labor News Agency (ILNA) that Google and Gmail access would be blocked inside the country, in response to the dissemination of the Innocence of Muslims film. "Google and Gmail will be filtered throughout the country until further notice," Abdolsamad Khoramabadi, an Iranian official who works for the government body that's in charge of online censorship and computer crimes, told Ilna, reported the Guardian Sunday.

Will Iran carry through on that threat? At least one Iranian Gmail and Google user reported Monday that he'd been unable to access either site since Sunday night.

Mobile employees' data and apps need protecting. Here are 10 ways to get the job done. Also in the new, all-digital 10 Steps To E-Commerce Security special issue of Dark Reading: Mobile technology is forcing businesses to rethink the fundamentals of how their networks work. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

How SolarWinds Changed Cybersecurity Leadership's Priorities
Jessica Davis, Senior Editor, Enterprise Apps,  5/26/2021
How CIOs Can Advance Company Sustainability Goals
Lisa Morgan, Freelance Writer,  5/26/2021
IT Skills: Top 10 Programming Languages for 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/21/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll