Last Call

From the Department of Asymmetrical Warfare, it seems that if US cyber cowboys can go around ruining Iranian centrifuges with tailored viruses, Iranian hackers can do it the old fashioned way and launch denial of service attacks on US bank websites.

The skill required to carry out attacks on this scale has convinced United States government officials and security researchers that they are the work of Iran, most likely in retaliation for economic sanctions and online attacks by the United States. 

“There is no doubt within the U.S. government that Iran is behind these attacks,” said James A. Lewis, a former official in the State and Commerce Departments and a computer security expert at the Center for Strategic and International Studies in Washington. 

Mr. Lewis said the amount of traffic flooding American banking sites was “multiple times” the amount that Russia directed at Estonia in a monthlong online assault in 2007 that nearly crippled the Baltic nation. 

American officials have not offered any technical evidence to back up their claims, but computer security experts say the recent attacks showed a level of sophistication far beyond that of amateur hackers. Also, the hackers chose to pursue disruption, not money: another earmark of state-sponsored attacks, the experts said. 

“The scale, the scope and the effectiveness of these attacks have been unprecedented,” said Carl Herberger, vice president of security solutions at Radware, a security firm that has been investigating the attacks on behalf of banks and cloud service providers. “There have never been this many financial institutions under this much duress.” 

Since September, intruders have caused major disruptions to the online banking sites of Bank of America, Citigroup, Wells Fargo, U.S. Bancorp, PNC, Capital One, Fifth Third Bank, BB&T and HSBC. 

Well, you know it's not like we haven't orchestrated crippling sanctions against Iran's economy or anything, so.  They're going after our online banking sites.  Sure, that's about par for the course for this nifty little war, right?

Oh but this seems like propaganda, you say?  Most likely.  Dumping every bank DDoS attack on Iran for the last 4 months seems awfully sloppy on our part.  You'd think we'd be able to stop it if it was them.  Curiously, we can't.

Funny how that works.