Iranian Government May Be Behind Recent Cyber Attacks
Over the last several months, U.S. banks have been subjected to a series of cyber attacks apparently aimed at disrupting normal operations. A volunteer cyber militia group has taken credit for the attacks, saying they are to protest the anti-Islam video that has angered the Muslim world. But U.S. officials and cybersecurity experts are increasingly convinced the government of Iran is behind the attacks. Tom Gjelten talks to Melissa Block.
MELISSA BLOCK, HOST:
If you bank online and have had trouble logging in lately, maybe your bank has come under a cyber attack. In the last few months, hackers have disrupted operations of at least nine U.S. financial institutions and cyber-security experts are increasingly convinced the government of Iran is responsible. NPR's Tom Gjelten has been the following the story. He joins me now. And, Tom, what are we talking about here? How serious are these attacks?
TOM GJELTEN, BYLINE: Melissa, these are what are called denial-of-service attacks. Basically, the hackers send so much traffic to a website that they just overwhelm it, shut it down. They actually hijack thousands of computers remotely and have them just barrage the bank with messages sent automatically all at once. So it disrupts operations, but there's no money taken. That's one reason experts don't think a criminal group has been behind these attacks.
Also, data aren't stolen. It doesn't seem like the object is espionage. That could steer you away from some other actors, China, for example. Hacktivist groups like Anonymous have done denial-of-service attacks like this before. But these bank attacks have been so widespread and so sophisticated that experts think a nation state is probably behind it. Plus, it's been happening a long time. I first heard of an attack on the Bank of America early last year. Officials were telling me even then about signs of Iranian involvement. And then the attacks ramped up again in September and again last month. So as you say, at least nine banks have been affected so far.
BLOCK: And if a nation state is in fact responsible, what's the evidence that that nation state is, in fact, Iran?
GJELTEN: There's nothing really hard that has been made public. In this area, it's very hard to identify the origin of an attack. There has been a claim of responsibility for these attacks from a group calling itself the al-Qassam Cyber Fighters. They say they're doing it in retaliation for that anti-Islam video on YouTube. They deny any government sponsorship. But as I say, the sophistication of the attacks leads experts to think a hacktivist group wouldn't do it on its own.
So that raises the question: What government would have the motivation to do this? And the Iranians have made it clear they hold the U.S. partly responsible for the cyber attacks directed against their nuclear facilities, the Stuxnet worm, for example. And one other thing, Melissa, these attacks have happened simultaneously with the big cyber attack on Aramco, the state oil company in Saudi Arabia which is an archrival of Iran, also attacks against the International Atomic Energy Agency which is monitoring Iran's nuclear program. So there's a pattern here of targets that have some kind of Iranian connection.
BLOCK: Well, let's walk that through. Why would Iran be going after these banks but just disrupting service, not taking anything?
GJELTEN: It seems like this is a political statement. The banks - this group that claimed responsibility for the attack said the banks represent material values as opposed to religious values. Now, if the attackers wanted to do actual damage, you might expect them, for example, to go after power plants, telecommunications facilities, critical infrastructure. So far, that does not seem to be the intent. Of course, it could come to that. These attacks on the oil company in Saudi Arabia, for example, did destroy data and equipment.
BLOCK: And how are the banks defending themselves?
GJELTEN: It's very hard to defend against this type of attacks. There are some cyber-security firms that are trying to develop new tools, new defense systems, but it's hard. Interestingly enough, some of these companies are actually interested in hitting back, trying to go on the offense. I've been told of at least one bank that actively looked to buy cyber-weapons to use against the hackers, they didn't get very far. That's a very risky thing to do legally.
BLOCK: OK. NPR's Tom Gjelten on our national security team. Tom, thanks so much.
GJELTEN: You bet.
(SOUNDBITE OF MUSIC)
AUDIE CORNISH, HOST:
You're listening to ALL THINGS CONSIDERED from NPR News. Transcript provided by NPR, Copyright NPR.