The Washington Post has reported that major U.S. banks are enlisting the assistance of the National Security Agency (NSA), the world's largest electronic spying agency, to combat recent, massive hacks against banking websites.
Unidentified hackers have significantly disrupted the websites of financial institutions including Bank of America, J.P. Morgan Chase, Wells Fargo, Citigroup, U.S. Bancorp, Capital One, PNC, HBSC, Fifth Third Bank, HSBC, and SunTrust. The highly-sophisticated electronic attacks have been ongoing for about one year, but escalated in September. Radware vice president Carl Herberger has stated: “The scale, the scope and the effectiveness of these attacks have been unprecedented … There have never been this many financial institutions under this much duress.”
Hackers have allegedly used infected servers to wage DDoS, or “denial-of-service,” attacks that slow or crash the banks' computer servers by overwhelming them with traffic. But these particular DDoS assaults are unusually powerful and sophisticated because, rather than using individual computers, hackers have hijacked entire data centers, harnessing the combined resources to hurl massive amounts of traffic at their targets. Computer security researcher and former U.S. government official James A. Lewis noted that the volume of traffic recently used against U.S. bank websites is “multiple times” the amount that Russia used against at Estonia in a 2007 DDoS assault that almost incapacitated the smaller country.
Sources report that the hackers appear to be exploiting increasing consumer and corporate reliance on cloud computing, which involves the use of “clouds” of up to thousands of networked computer servers (largely operated by Google and Amazon). Computer security experts have stated that the attackers hijacked the computing power of these networks to wage cyber assaults against bank websites, effectively “crafting their own private clouds” – either by exploiting existing corporate clouds or by creating their own networks of individual machines.
Investigators note that not only are the attackers using data centers all over the world, but they have apparently also infected some cloud and web hosting services with the Itsoknoproblembro malware. Itsoknoproblembro was designed to thwart detection by antivirus programs and to make it difficult to tie it to a particular source.
According to former NSA official Richard George, although its missions focus on espionage and military computer systems, the agency also has authority to assist private-sector corporations whose operations are significant to U.S. national security. George stated that, recently, the agency has aided roughly 10 companies annually in combating hacks. In 2010, Google recruited the NSA's help after the company was allegedly hacked by China. Other government agencies – including the FBI, Department of Homeland Security, Department of Justice, and Treasury Department – have also collaborated lately with the private sector, giving corporate officials advance warning of DDoS attacks and even granting hundreds of classified security clearances to bank employees.
Hacker group Izz ad-Din al-Qassam Cyber Fighters has claimed responsibility for the recent spate of bank attacks, stating that they were acts of retaliation for a video mocking the Prophet Muhammad. But some have dismissed the group's claim, since the attacks began before the offending video was posted online.
U.S. officials are blaming Iran for the hacks. They say that the cyber assaults are part of a “grudge match” in retaliation for economic sanctions and for attacks on Iranian computer systems – including reported U.S./Israel collaboration on the Stuxnet virus, which in 2010 destroyed centrifuges at one of Iran's nuclear facilities. However, U.S. officials have provided no technical evidence to support their accusations, and Iran has denied involvement in the attacks.