On the other hand, Since September, U.S. banks have been battling with mixed success distributed denial of service (DDoS) attacks from a self-proclaimed hactivist group called Izz ad-Din al-Qassam Cyber Fighters. Despite its claims of being a grassroots operation, U.S. government officials and security experts say the group is a cover for Iran.
“There is no doubt within the U.S. government that Iran is behind these attacks,” James A. Lewis, a former official in the State and Commerce Departments and a computer security expert at the Center for Strategic and International Studies, told The New York Times.
Mr. Lewis said the amount of traffic flooding American banking sites was “multiple times” the amount that Russia directed at Estonia in a monthlong online assault in 2007 that nearly crippled the Baltic nation.
American officials have not offered any technical evidence to back up their claims, but computer security experts say the recent attacks showed a level of sophistication far beyond that of amateur hackers. Also, the hackers chose to pursue disruption, not money: another earmark of state-sponsored attacks, the experts said.
“The scale, the scope and the effectiveness of these attacks have been unprecedented,” said Carl Herberger, vice president of security solutions at Radware, a security firm that has been investigating the attacks on behalf of banks and cloud service providers. “There have never been this many financial institutions under this much duress.”
Since September, intruders have caused major disruptions to the online banking sites of Bank of America, Citigroup, Wells Fargo, U.S. Bancorp, PNC, Capital One, Fifth Third Bank, BB&T and HSBC.
They employed DDoS attacks, or distributed denial of service attacks, named because hackers deny customers service by directing large volumes of traffic to a site until it collapses. No bank accounts were breached and no customers’ money was taken.
By using data centers, the attackers are simply keeping up with the times. Companies and consumers are increasingly conducting their business over large-scale “clouds” of hundreds, even thousands, of networked computer servers.
These clouds are run by Amazon and Google, but also by many smaller players who commonly rent them to other companies. It appears the hackers remotely hijacked some of these clouds and used the computing power to take down American banking sites.
“There’s a sense now that attackers are crafting their own private clouds,” either by creating networks of individual machines or by stealing resources wholesale from poorly maintained corporate clouds, said John Kindervag, an analyst at Forrester Research. How, exactly, attackers are hijacking data centers is still a mystery. Making matters more complex, they have simultaneously introduced another weapon: encrypted DDoS attacks.
Banks encrypt customers’ online transactions for security, but the encryption process consumes system resources. By flooding banking sites with encryption requests, attackers can further slow or cripple sites with fewer requests.A hacker group calling itself Izz ad-Din al-Qassam Cyber Fighters has claimed in online posts that it was responsible for the attacks.