US senator blames Iran for cyber attacks on banks

US Sen. Joe Lieberman on Friday blamed Iran for recent cyber attacks against the country’s financial institutions, in retaliation for economic sanctions imposed by the US and its allies and/or as payback for Stuxnet.

During a taped appearance on C-SPAN’s “Newsmakers,” Lieberman called recent distributed denial of service (DDoS) attacks against banks a “powerful example of our vulnerability”.

Lieberman, the chairman of the Homeland Security and Governmental Affairs Committee, dismissed claims posted on an Islamist extremist site a few days earlier that said the bank attacks were a retaliatory move against the controversial anti-Muslim YouTube video:

I don't believe these were just hackers who were skilled enough to cause disruption of the websites … I think it was done by Iran and [its developing cyber army].

I believe it was a response to increasingly strong economic sanctions the US and its allies have put on Iranian financial institutions. It is, if you will, a counter attack by Iran against American financial institutions.

Lieberman didn’t cough up names or other forms of evidence, saying that his sources weren’t “just people in the street,” but that he was going on “more than just theory”.

Last week, Bank of America and JPMorgan Chase suffered outages after apparent DDoS attacks, in which attackers overwhelm a website server with requests from thousands of computers.

Citigroup has also been targeted over the past year.

Beyond a tit-for-tat financial attack, Lieberman also hypothesized that the bank DDoSes are payback for Stuxnet:

[The DDoS attacks remind] us of our vulnerability, which is part of why they're doing it. It's a reminder that if we take action against [Iran's] nuclear development program, they have the ability to strike back at us.

In June, it was reported that the Stuxnet virus was part of a US and Israeli intelligence operation called “Operation Olympic Games” whose objective was to electronically reconnoiter and then attack the Iranian nuclear program. According to the claims, the Stuxnet project started under President George W. Bush and expanded under President Barack Obama.

Lieberman’s allegations that Iran’s behind the bank attacks are, like initial links of Stuxnet to a sophisticated US and/or Israeli attack on Iranian nuclear facilities, also pure allegation, served up with no detail.

But just because the chairman of the Homeland Security and Governmental Affairs Committee doesn’t scribble lists of names, dates and IP addresses for reporters doesn’t mean it’s all just sensationalist fluff.

Allegations are just allegations, but the DDoS attacks, although they amount to less technically sophisticated cyber warfare than Stuxnet, are certainly real.

Also on Friday, Reuters echoed Lieberman, reporting that the repeated financial institution attacks are part of a broad Iranian cyber campaign targeting the United States.

Reuters’s unnamed sources haven’t concluded whether the attacks are coming from the Iranian government, groups working on its behalf, or patriotic citizens responding to the regime’s call for a cyber army to attack Iran’s enemies.

Regardless of the veracity of allegations against Iran, good security advice stays the same.

Businesses should maintain a heightened level of awareness, apply all appropriate security patches, update its anti-virus defenses, and ensure constant diligence in monitoring and quick response to malicious events.

_{Iranian flag and binary images, courtesy of Shutterstock.}