Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

Does Iran Have the Technical Expertise to Pull Off the Recent Barrage of Cyberattacks against U.S. Banks and Allies? That Depends. Does Iran Have $1 Billion?

By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

With a nod to Julius Caesar’s I came. I saw. I conquered. (veni, vidi, vici), blame for recent cyberattacks points to one source: I came. I saw. Iran.

According to a Wall Street Journal article by Siobhan Gorman and Julian Barnes, U.S. government officials came to the conclusion after they saw the potential in its new-found cybercapabilities that Iran was guilty of carrying out a barrage of attacks.

• January 2012: Potent but smaller-scale denial of service attacks against U.S. banks.

• July 2012: Cyberattack at Saudi Arabian Oil Co. unleashes a virus called ‘Shamoon,’ destroying data on 30,000 computers.

• August 2012: Cyberattack at Rasgas, a Qatari natural gas company, disabled websites and email system.

• September 2012: A group called “Qassam Cyber Fighters” announced plans for cyberattacks on U.S. banks. Powerful denial of service strikes hit Bank of America Corp, JP Morgan Chase & Co., U.S. Bancorp, PNC Financial Services Corp. and Wells Fargo & Co.

• October 2012: The Qassam Cyber Fighters issued announcements, followed by cyber strikes, involving other U.S. banks, slowing or interrupting consumer websites

Quoting unnamed U.S. officials, the WSJ article said the attacks bore “signatures” that allowed them to be traced to the Iranian government and that the hackers appeared to be a network of fewer than 100 Iranian computer-security specialists at universities and network security companies in Iran. One senior U.S. official noted, “These are not ordinary Iranians.”

Ilan Berman, a Middle East expert at the American Foreign Policy Council, observed that Iran stepped up its cybercapabilities spending at least $1 billion (the Pentagon spends about $3 billion a year) since the beginning of the year. Additionally, Iran shifted its resources from cyberdefense to developing offensive cyberweapons

Iran was once considered a second-tier cyberpower, behind China, Russia, France, Israel and the United States. Now, the question is: to what extent could Iran damage the U.S. financial system and infrastructure?

You don’t have to be a foreign policy wonk to get why Iran is in attack mode. American-led sanctions and likely joint American-Israeli cyberattacks against Iranian nuclear plants to halt Iran getting nuclear weapons are the most obvious reasons.

Again quoting former U.S. government officials, the WSJ article notes that U.S. banks were the first targets early in the year. Then attacks expanded to oil and gas companies in the Persian Gulf and Middle East over the summer. Now, U.S. banks are again under attack by even more potent cyberweapons.

While the root cause of the attacks has been the West’s attempts to keep Iran from getting nuclear weapons, the catalyst for the most recent attacks seems to have been passage of a U.S. defense bill last December that stepped up punitive sanctions against Iran. The WSJ says, “Iranian hackers initially mounted potent, but smaller-scale denial of service attacks on a group of U.S. banks in January…. The attackers were testing the banks’ responses to each assault and adjusting their tactics to penetrate banks’ defenses.”

By ThreatMetrix Posted