Fri, 21 Sep 2012 09:32 UTC
A group of purported hackers in the Middle East has claimed credit for problems at the websites of both banks, citing the online video mocking the founder of Islam. One security source called that statement "a cover" for the Iranian government's operations.
The attack is described by one source, a former U.S. official familiar with the attacks, as being "significant and ongoing" and looking to cause "functional and significant damage." Also, one source suggested the attacks were in response to U.S. sanctions on Iranian banks.
The consumer banking website of Bank of America was unavailable to some customers on Tuesday, and JPMorgan Chase on Wednesday had the same problems, which multiple sources linked to a denial-of-service attack, in which a website is bogged down by a large number of requests. A Chase spokesman said Wednesday that the consumer site was intermittently unavailable to some customers, but did not acknowledge then that there was an attack. On Thursday, Chase said slowness continued but was resolved by late afternoon Eastern Time. Bank of America acknowledged on Tuesday that its site had experienced slowness, but would not say what caused it.
Senior U.S. officials acknowledge that Iranian attacks have been the subject of intense interest by U.S. intelligence for several weeks. Last week, the Joint Chiefs of Staff's Intelligence Directorate, known as J-2, confirmed continuing Iranian cyber attacks against U.S. financial institutions in a report described as "highly classified." The report was posted on internal classified U.S. government sites last Friday, September 14.
Because of the level of classification, the officials refused to provide or confirm any specifics on these attacks. However, one official noted that Iran's uranium enrichment program had been the target of the STUXNET worm in 2010. The worm was reportedly developed by the U.S. and Israel. "The Iranians are very familiar with the environment," quipped the official.
A conservative website, FreeBeacon.com, initially reported on the Pentagon analysis, quoting it as saying, "Iran's cyber aggression should be viewed as a component, alongside efforts like support for terrorism, to the larger covert war Tehran is waging against the west." U.S officials did not deny the FreeBeacon report when queried by NBC News.
A financial services industry group, the Financial Services Information Sharing and Analysis Center, warned U.S. banks, brokerages and insurers late Wednesday to be on heightened alert for cyber attacks. FS-ISAC also raised its raised the cyber threat level to "high" from "elevated" in an advisory to members, citing "recent credible intelligence regarding the potential" for cyber attacks as its reason for the move.
The former head of cyber-security for the White House testified Thursday that "we were waiting for something like this from Iran." Frank Cilluffo, who served as Special Assistant to the President for Homeland Security under President George W. Bush, is currently an associate vice president at George Washington University and heads the Homeland Security Policy Institute. Cilluffo testified in a previously scheduled appearance before the U.S. House of Representatives' Committee on Homeland Security, saying "the government of Iran and its terrorist proxies are serious concerns in the cyber context. What Iran may lack in capability, it makes up for in intent. They do not need highly sophisticated capabilities - just intent and cash - as there exists an arms bazaar of cyber weapons, allowing Iran to buy or rent the tools they need or seek."
The statement by the purported Muslim hackers, posted on Tuesday on Pastebin, an online bulletin board, reads in full: "In the name of Allah the companionate the merciful. My soul is devoted to you Dear Prophet of Allah. Dear Muslim youths, Muslims Nations and are noblemen. When Arab nations rose against their corrupt regimes (those who support Zionist regime) at the other hand when, Crucify infidels are terrified and they are no more supporting human rights. United States of America with the help of Zionist Regime made a Sacrilegious movie insulting all the religions not only Islam. All the Muslims worldwide must unify and Stand against the action, Muslims must do whatever is necessary to stop spreading this movie. We will attack them for this insult with all we have. All the Muslim youths who are active in the Cyber world will attack to American and Zionist Web bases as much as needed such that they say that they are sorry about that insult. We, Cyber fighters of Izz ad-din Al qassam will attack the Bank of America and New York Stock Exchange for the first step. These Targets are properties of American-Zionist Capitalists. This attack will be started today at 2 pm. GMT. This attack will continue till the Erasing of that nasty movie. Beware this attack can vary in type. Down with modern infidels. Allah is the Greatest. Allah is the Greatest."
There was no report of an attack on the New York Stock Exchange.
Also on Thursday, the U.S. disclosed that it has bought $70,000 worth of air time on seven Pakistani television channels to air an ad which shows President Barack Obama and Secretary of State Hillary Clinton denouncing the anti-Islamic video. In the ad, President Obama says, "Since our founding the United States has been a nation that respects all faiths. We reject all efforts to denigrate religious beliefs of others." Clinton appears after Obama and says, "Let me state very clearly that the United States has absolutely nothing to do with this video. We absolutely reject its contents. America's commitment to religious tolerance goes back to the very beginning of our nation."
Pakistan was added Wednesday to the State Department's list of countries to which Americans should avoid travel, joining Lebanon and Tunisia, following protests across the Middle East and North Africa and the attack on the U.S. consulate in Benghazi, Libya, in which American Ambassador Chris Stevens was killed.