Bank Hackers Deny They’re Agents of Iran

A slew of American officials have blamed Iran for attacks on the servers of Bank of America, Well Fargo, HSBC, and other western banks. But the hackers taking credit for the sophisticated distributed denial-of-service strikes say that’s all wrong; they claim they hit the financial institutions because they were pissed off about “The Innocence of Muslims,” the infamous viral video making fun of the Prophet Muhammad. Tehran didn’t have a thing to do with it.

“We are not dependent on any government. We merely wanted to protest against the insulting movie,” people claiming to be part of the Izz ad-Din al-Qassam Cyber Fighters tell the Flashpoint Partners research group in an interview (.pdf).

There’s no telling if the denial is legitimate — or if the people being interviewed are behind the bank attacks at all. But the interviewees are dead on when they say that ”there are some ones who want to portray this action [the bank hacks] as political.” Shortly after the U.S. Defense Secretary talked about the bank jobs, unnamed American officials began whispering that they were the work of Iran.

The bank attacks this fall weren’t typical DDOS operations, which merely seek to overload servers with junk traffic. For one, they generated up to 100 gigabits per second of data — 10 to 20 times more than what it usually takes to knock a site offline. The attackers overwhelmed routers, servers, and server applications all at once; typical DDOSers target just one. They specifically targeted the banks’ Domain Name Server architecture, which translates website names (“cash.com”) into numerical internet-protocol addresses. And their traffic largely came from legitimate IP address, making it tough for the banks to filter. The websites for PNC Bank, Wells Fargo, Bank of America, and other institutions buckled in quick succession; customers had trouble transferring funds and paying bills online.

Prolexic, a company that specializes in stopping these sorts of attacks, blamed a toolkit called “itsoknoproblembro” for the DDOS assaults. The Cyber Fighters took responsibility as each site went down. But some security researchers believed the attacks to be so sophisticated, they could’ve only been pulled off with government help. ”This isn’t consistent with what hacktivists are capable of,” Michael Smith, a security specialist at Akamai, said in September.

Pretty soon, American politicians starting blaming one government in particular: the one in Tehran. ”I think this was done by Iran and the Quds Force, which has its own developing cyber-attack capacity,” Sen. Joe Lieberman told C-Span around the same time. “And I believe it was in response to the increasingly strong economic sanctions that the United States and our European allies have put on Iranian financial institutions.” The press began to speculate that the bank attacks were in some way a payback for the U.S.-led campaign of online sabotage against Iran’s nuclear program.

In October, Defense Secretary Leon Panetta raised the stakes further, warning of a cyber strike “as destructive as the terrorist attack of 9/11.” He then presented as harbingers of the coming catastrophe an attack on the Saudi energy company ARAMCO — as well as the DDOSes on the banks. “While this kind of tactic isn’t new, the scale and speed was unprecedented,” he added.

In the following day, anonymous U.S. officials told reporters that Iran was behind both attacks, without sharing details about why they thought this was so.

The al-Qassam group says that’s baloney, claiming that they’re merely “volunteer hackers which share the beliefs about [the] insulting video and [the] protest against it.”

When Flashpoint asked if the organization was “supported or funded by any government,” the group’s representatives simple answered: “Nope.”

There’s no guaranteeing the group is telling the truth, of course. Nor is there any assurance that the people who spoke with Flashpoint are really from the al-Qassam organization. The interviewees even claim that some statements previously attributed to the group are false. That’s one of the tricky things about cyber security. While the systems for tracing an attack back to a particular computer are much improved, there are often lingering questions about who’s really behind the hack.