Cyber war

I will refrain from comment - I might say something I shouldn't!

Cyberwar speeds up: US blames Iran for renewed attacks on American banks

Iranian hackers intent on disrupting the United States’ financial sector are once again on the attack, this time with US officials claiming America's biggest banks have been hit as a cyberwar against the country's Middle East adversary intensifies.

RT,

18 October, 2012

Capital One Financial Corp. and BB&T Corp. are two of the latest targets in a renewed assault on America’s online-infrastructure as hackers identified as members of a shadowy group of Iranians irate with the US policy wage a computer-controlled war for the fifth straight week.

The Qassam Cyber Fighters are taking credit for the latest attack and say it’s in response to the anti-Islamic “Innocence of Muslims” movie produced in America that has also been blamed for a string of violent protests in the Arab World in recent weeks.

"We have a suggestion for Mr. Panetta," the hackers write in a message to the US Secretary of Defense posted this week on the Internet. Instead of "spending several billions that won't be good for you, tell your henchmen on YouTube" to remove the video.

There could be more to the malicious assault than just that, however, as the Wall Street Journal cites unnamed US officials who suggest the cyberstrike is in retaliation for the American-endorsed sanctions on Iran that have all but crippled that country’s oil exports and crumbled the worth of the Islamic Republic’s currency.

That isn’t to say that the latest series of assaults comes amid a one-sided war, though. While US officials remain largely off the record when disclosing America’s own cyberassaults, the country has been credited with relentlessly ravaging Iran’s computer networks. And although the US is believed to have fired the first shot in a secretive cyberwar, they very well might also make the last.

When quizzed on how soon Iranian action will prompt the US to respond to cyberattacks with the world’s most heavily-armed military, a senior US official speaking anonymously tells the Journal, “It’s a fair question,” but adding, “I am not sure I have the answer to it.”

That admission echoes a warning Sec. Panetta put forth earlier this month. During a cybersecurity address in New York, the Pentagon chief said, “If we detect an imminent threat of attack that will cause significant physical destruction in the United States or kill American citizens, we need to have the option to take action against those who would attack us, to defend this nation when directed by the president.”

The United States has not formally admitted their alleged role in starting and speedily intensifying a cyberwar with Iran, but the nation’s involvement has been all but verified. The Stuxnet computer worm that targeted Iranian nuclear facilities in years past has been tied to the US by security experts both in the States and abroad, and just recently two similar but separate viruses, Flame and Gauss, have been linked to the US.

“Stuxnet of 2009 had a large piece of code similar to that of Flame, so apparently creators of Stuxnet and Flame were working in close collaboration,” Kaspersky Lab chief security expert Aleks Gostev said this year.

In June, an expose in the New York Times confirmed America’s involvement in Stuxnet by way of an Obama administration official’s first-hand knowledge of the White House’s role.

Last month, both Russia’s Kaspersky and the United States’ Symantec said they had further linked Flame and thus Stuxnet to another string of malware after conducting intense forensic analysis of Flame’s command-and-Control servers. “Based on the code from the servers, it can be said that they were working with at least three other programs similar to Flame. The code names of those programs are IP, SP and SPE,” Gostev told RT.

Kaspersky senior researcher Roel Schowenberg had previously insisted “We are now 100 percent sure that the Stuxnet and Flame groups worked together,” a testament to New York Times reporter David Sanger’s revelations in his June 1 investigative piece that both viruses were used by first the George W Bush administration — then the Obama White House — under the branding of a program called “Olympic Games.” Mike McConnell, the former director of national intelligence at the National Security Agency under President Bush, told Reuters in January that the US indeed has had “the ability to attack, degrade or destroy” foreign computer networks and that it had worked in the past. Even still, the White House has refused to openly admit their role.

This week, MiniFlame, a variant of the already identified virus, was found targeting Lebanese computer systems. Kaspersky Chief Gostev called the malware “a high-precision attack tool” that can “conduct more in-depth surveillance and cyber espionage,” though declined to elaborate what ties the programmers responsible may have with the United States. The US does, however, have a vested interest in disrupting systems in Lebanon, where the Iran-backed militant group Hezbollah manages their home base.

Kaspersky has also compared the new virus to Gauss, a so-called cousin of the earlier identified malware, saying, "If Flame and Gauss were massive cyber-espionage operations, infecting thousands of users, then Mini-Flame is a high-precision, surgical attack took.”

Despite these shadowy attacks waged at America’s adversaries, the US intelligence community is adamant that a cyber-war will strike home at any moment, seemingly disregarding any actions their own engineers may be having in escalating the odds of a strike.

When Sec. Panetta spoke in New York last month, he rallied for the US government to get the ball moving on a thorough cybersecurity act in the wake of Congress’ failed attempts to compromise on legislation.

“There is no substitute for comprehensive legislation, [but] we need to move as far as we can in the meantime,” Panetta said. “We have no choice because the threat we face, as I’ve said, is already here.”

Meanwhile, Capitol One spokeswoman Tatiana Stead tells the Journal that the latest slew of Iranian attacks caused “minimal impact to the vast majority of our customers” but all systems were fully operational after a few hours.