Iran recently has mounted a series of disruptive computer attacks against major U.S. banks and other companies in apparent retaliation for Western economic sanctions aimed at halting its nuclear program, according to U.S. intelligence and other officials.
In particular, assaults this week on the Web sites of JPMorgan Chase and Bank of America probably were carried out by Iran, Sen. Joseph I. Lieberman (I-Conn.), chairman of the Homeland Security and Governmental Affairs Committee, said Friday.
“I don’t believe these were just hackers who were skilled enough to cause disruption of the Web sites,” said Lieberman in an interview taped for C-SPAN’s “Newsmakers” program. “I think this was done by Iran and the Quds Force, which has its own developing cyberattack capability.” The Quds Force is a special unit of Iran’s Revolutionary Guard Corps, a branch of the military.
Lieberman said he believed the efforts were in response to “the increasingly strong economic sanctions that the United States and our European allies have put on Iranian financial institutions.”
U.S. officials suspect Iran was behind similar cyberattacks on U.S. and other Western businesses here and in the Middle East, some dating as far back as December. A conservative Web site, the Washington Free Beacon, reported that the intelligence arm of the Joint Chiefs of Staff said in an analysis Sept. 14 that the cyberattacks on financial institutions are part of a larger covert war being carried out by Tehran.
Unlike the cyberattacks attributed to the United States and Israel that disabled Iranian nuclear enrichment equipment, experts said, the Iranian attacks were intended to disrupt commercial Web sites. Online operations at Bank of America and Chase both experienced delays this week.
In a previously undisclosed episode, Iranian cyberforces attempted to disrupt the Web sites of oil companies in the Middle East in August by routing their efforts through major U.S. telecommunications companies, including AT&T and Level 3, according to U.S. intelligence and industry officials. They spoke on the condition that their names not be used because they were not authorized to speak to the press.
The effort did not cause serious disruptions, but it was the largest attempted denial-of-service attack against AT&T “by an order of magnitude,” said an industry official. A distributed denial-of-service, or DDOS, attack is designed to overload a Web site and block access to the server or site.
The U.S. intelligence community is increasingly concerned about Iran’s improving capability to mount attacks. Director of National Intelligence James R. Clapper Jr. told Congress in February that “Iran’s intelligence operations against the United States, including cyber capabilities, have dramatically increased in recent years in depth and complexity.”
“The Iranians aren’t very good yet,” said one U.S. intelligence official, who spoke on the condition of anonymity because of the topic’s sensitivity. “But they’re getting better rapidly, and they’re motivated to get better rapidly because they believe they’ve been attacked, and they have.”
Iran announced plans last year to establish a cyber command to counter cyberattacks aimed at Iran’s networks. Researchers also reported this week that Tehran is trying to develop its own Internet in part to cut off outside access to military and government computer networks.
In 2010, nearly 1,000 uranium enrichment centrifuges were damaged at Iran’s Natanz uranium enrichment plant as a result of a computer worm, Stuxnet, that was jointly created by the United States and Israel.
Many experts have said the launch of Stuxnet — the world’s first physically destructive cyberattack — opened a Pandora’s box.
“If you are in the glass house, you should not be the one initiating throwing rocks at each other,” Gregory Rattray, chief executive officer of Delta Risk, a cybersecurity company, said at a recent conference. “We will have rocks come back at us.”
The spate of denial-of-service assaults are “from their perspective, not an escalation. It’s retaliation,” said the intelligence official. “They really, really want to do something to us.”
Both Iran’s Revolutionary Guard Corps and its Ministry of Intelligence and Security have been attempting attacks, the official said.
In the August attempt, Iran bombarded AT&T’s servers for two days, stopped for two days and then resumed the attack for two more days, the industry official said. The company was able to realign its servers to prevent the oil companies that use its service from experiencing a major loss of Web site access. But the industry official warned the next attack could be more severe.
The industry official said the affected oil companies were in Saudi Arabia and other countries in the Middle East that are taking part in an oil embargo. Some of the Web sites were temporarily disabled, but the impact was not major, the official said.
Both the industry official and the intelligence official said one of the Iranian targets has been Aramco, the Saudi Arabian national oil company. In one recent episode, the industry official said, Aramco’s Web sites were victims of a denial-of-service attack. In a more serious incident, a virus suspected of being used by Iran wiped out the hard drives of larger numbers of computers, knocking out part of the company’s system for as long as two weeks, the intelligence official said.
Describing the attacks on financial institutions, Lieberman said they are “a powerful example of our vulnerability. It’s a warning to us that if we take action against their nuclear weapons development that they have the capacity to strike back at us.
“We can’t be fearful,” Lieberman said. “Once the United States begins to get fearful of counter acts if we take action to protect our security, then we’re on the road to a much weaker and less free America.”