Feeds

back to article US gov blames Iran for cyberattacks on American banks

Denial-of-service attacks against US banks' web systems were the work of Iran rather than Islamic activists, says a former American government official. A group called the Izz ad-Din al-Qassam Cyber Fighters claimed responsibility for two waves of cyber-attacks against US banks including US Bancorp, Bank of America, Citigroup, …

COMMENTS

This topic is closed for new posts.
Silver badge
Pirate

Glass house dwellers beware

As the USA has a vast cyber-border to protect, perhaps it was foolish launching electronic attacks against regimes that don't toe the US line?

8
2
Silver badge
Meh

Harbinger of Doom

The Iranians should take note in 2014 America will have withdrawn its troops from Afganistan.......

Either keep a low profile and make friends

Develop a nuclear arsenal

Or annoy the Demi God USA and expect swift regime change

The choice as they say, is with you.

2
3

Re: Harbinger of Doom

in 2014, the USA will be even more broke than today, and even less capable of launching an attack on Iran.

in 2014, the petro-dollar empire will be history, and Iran will sell all it's oil for gold, to Turkey, India and China.

1
1
Bronze badge
Childcatcher

Iran vs BofA

Looks like a win-win to me.

2
0

next step in media brainwashing:

it was iran/nkorea who stole all your money from our banks, we swears its dem internets terrorist.

13
2
Facepalm

"Denial-of-service attacks against US banks' web systems were the work of Iran rather than Islamic activists, says a former American government official."

Well, that makes it OK then!

"A group called the Izz ad-Din al-Qassam Cyber Fighters claimed responsibility for two waves of cyber-attacks against US banks including US Bancorp, Bank of America, Citigroup, Wells Fargo that took place in September and December. The stated reason for the "protest" attacks was religious outrage over the continuing presence on YouTube of the inflammatory Innocence of Muslims video on YouTube."

That makes sense - some idiot puts a video on YouTube that you don't like so you take down banking websites in retaliation. Because, of course, the banks are behind all of the Muslim oppression going on after all...

3
2
Silver badge

Both Ways?

So, on the one hand the Iranian state is not skilled enough to bring down one of the USAs fancy drones, but on the other hand a rag-tag group of script kiddies can trash a major bank.

I'm a little confused.

10
1
Bronze badge

Re: Both Ways?

It ain't like the banks are competent...

1
0

Re: Both Ways?

it's called propaganda

2
1
Thumb Down

Nothing in this strikes me to have had "sophistication"

Automated scanners of vulnerable PHP/web applications have been around since god knows when. Uploading a PHP script that then does the DDOS isn't hard...

5
0
Facepalm

Tit-for-Tat

Guess the US shoudn't have started playing cybergames if they didn't want them to play back

5
2
MrT
Bronze badge

"itsoknoproblembro..."

... what? Has Joe Dolce moved to Tehran and taken up hacking?

2
0

Re: "itsoknoproblembro..."

Shud upper your face

2
0
Gold badge
Unhappy

Re: "itsoknoproblembro..."

But wait till you see what's hiding inside "bigaccordionsolo"

Be afraid. Be very afraid.

1
0
Mushroom

Re: "itsoknoproblembro..."

not to mention "abeeback" and "astalavistababy"

1
0
Bronze badge
Headmaster

Sure, the servers must be "paned"...

but they're probably also pwned.

1
0
Silver badge

Adamant?

Nonetheless, unnamed US intelligence officials appear adamant that the Izz ad-Din al-Qassam Cyber Fighters is actually a cover for Iran.

Being adamant isn't exactly a sign of intelligence, it's a sign of being bone headed. There are better ways to prove something.

9
0
Anonymous Coward

Re: Adamant?@Ole Juul

"Being adamant isn't exactly a sign of intelligence, it's a sign of being bone headed. There are better ways to prove something."

Well, invading Iraq to prove that Hans Blix was wrong didn't quite achieve the desired objective, but even so you've got to wonder how they'd set about proving Iran's guilt.

0
0
Stop

Another Excuse to go Boom

This sounds a lot like the WMD debate. We are just looking for an excuse the drop bombs on someone. The cyber attack (maybe) meets kinetic retaliation. First Iran and then the headlines will read "US Govt thinks attack may originate in UK." Then, we can launch planes against the evil UK from Ramsbury.

2
1
Silver badge

Tizzy dat him Alka-Sam Cyber Fighters?

"“There is no doubt within the US government that Iran is behind these attacks,”

There is no doubt within the US govnm't of a lot of things that just ain't so. This may well be one of them.

8
1
Silver badge

Re: Tizzy dat him Alka-Sam Cyber Fighters?

"There is no doubt within the US government".

FTFY.

Doubt is a sign of intelligence.

1
0
Gold badge
FAIL

Because *only* a nation state could run PHP scripts.

"The 'itsoknoproblembro' tool was designed and implemented as a general purpose PHP script injected into a victim’s machine allowing the attacker to upload and execute arbitrary Perl scripts on the target’s machine."

Is this ex USG guy f**king kidding us?

No zero day vulns (or rather multiple zero day vulns).

No complex development language.

No assembler.

It's PHP. FFS.

I've no doubt that there plenty of US officials who would like it to be the Iranian government.

Too bad it just did not take that level of competency.

Fail for anyone thinking it needs to be a govt and the sysadmins who let this thing exist. Find it and kill it.

2
0
Silver badge

Re: Because *only* a nation state could run PHP scripts.

But PHP stands for "Persian Hacker Pro", nay?

2
0
Gold badge
Happy

Re: Because *only* a nation state could run PHP scripts.

"But PHP stands for "Persian Hacker Pro", nay?"

Voted up for neat word play.

0
0

Re: Because *only* a nation state could run PHP scripts.

The datacenter I'm hosted at gets ddosed with about 20Gbit every day pretty much all day. It peaks at about 60Gbit once a month or so(my sysadmin also works for the datacenter from time to time so we get access to all kinds of fun statistics). I never did find out who is behind it... guess its Iran.

I always liked to imagine banks have a better setup then I have but my fairly cheap plan makes it so I don't notice a thing from the ddos except during the 60Gbit peaks or when they target me specifically with such an amount instead of for some reason spreading the attack across several random servers in the datacenter(although in that case its the upstream provider nullrouting my ip's instead of letting the datacenters firewall farm deal with it).

1
0
Gold badge
FAIL

To clarify which sysadmins I'm talking about.

I mean the ones whose web servers have been infected by it.

You allow PHP script uploads.

You let them have run privileges.

You don't notice it starting a process (or 10).

OK so this thing can sneak through a malware scanner.

It's not like it leaves no footprint on every server it's infected.

0
0
Bronze badge
FAIL

Not a novel attack at all

I wonder what took someone so long. I came up with this method well over ten years ago (calling it packetstorm with all of the cited features), and while I DO have a military background (none in cyberwarfare fwtw), it's not like it's hard to conceive. So either the Iranians haven't got their game face on or it really was cyberactivist.

I also wonder about my national leadership here. Usually we finish (frequently win) one war before we start, or become the receiving end, of another. I guess the people in Washington, D. C., like a challenge. If they keep this up, I'm going to have to seriously think about gearing up a defensive here. Getting caught in a cross-fire situation is a bitch.

1
0
Anonymous Coward

Re: Not a novel attack at all

"Usually we finish (frequently win) one war before we start, or become the receiving end, of another."

I struggle to see any sizeable war in the past half century that the US (and usually the UKas well) have engaged in that has been won, unless you regard winning purely as the defeat of your opponent's armed forces.

WW2 was won because the main protagonists were militarily defeated and then reconstructed as prosperous, peaceful democracies. But since then, we've achieved a draw in Korea, abject defeat in Vietnam, been all but thrown out of Iraq, are in the process of running away from an unreconstructed Afghanistan. And our stand-off war in Libya left the place running to such a high standard that the US ambassador could be murdered. The common theme for the last three is that the plan was only military, and afterwards nobody had a clue, and nobody wanted to have a clue. None of these three nations look to be on a path to prosperity or any form of credible democracy (elections not withstanding), and remain rife with violence, crime and corruption.

1
0
Gold badge
Happy

Re: Not a novel attack at all

"I struggle to see any sizeable war in the past half century that the US (and usually the UKas well) have engaged in that has been won, unless you regard winning purely as the defeat of your opponent's armed forces."

Well Mr AC you might be shocked to find that militarily that is exactly how victory is defined.

However guerrilla warfare is more difficult. You might like to look at "Who dares wins" by Tony Geraghty. Not all the wars the British Army made the media. Sadly it predates the results in Northern Ireland. Leaving Vietnam to the Australians and New Zealanders to assist in might have been one of the UK governments better decisions. Did Canada help out as well? I don't think so.

As for post victory planning it was Colin Powell who described the man in the State Dept thinking about what to do in Iraq as the "Stupidest motherf***er he'd ever met."

0
0
Big Brother

«... but as the NYT points out "American officials have not offered

any technical evidence to back up their claims".» But you see, US officials, unlike the rest of us, are not constrained by evidence or lack of same - they are still running that old «faith-based reality» meme. One shouldn't, however, go so far as to congratulate these officials for this «innovation» - telling lies about the other side goes a long way back. Remember British propaganda about the Boche bayonetting babies in Belgium during the Great War ?...

Henri

3
0
This topic is closed for new posts.