Iran behind spate of cyber-attacks against American banking sites

The United States government is certain that a recent series of cyber-attacks against American banks was carried out by Iran in retaliation for sanctions and online attacks orchestrated by the United States, computer experts told The New York Times in a report published late Tuesday.

“There is no doubt within the US government that Iran is behind these attacks,” said James A. Lewis, a computer security expert who used to work for the US State and Commerce departments.

The wave of attacks, which took place in recent weeks, was distinctive in that instead of focusing on single computers, attackers targeted computer networks in data centers, the report said.

Such attacks, according to experts cited by the report, displayed a level of sophistication that could not be reached by amateur hackers.

There were also no indications that hackers were after money — only a disruption of services, which the report said was another hallmark of state-led attacks.

Since September, the attackers have reportedly hit a series of American banking websites — including Wells Fargo, HSBC, Bank of America, Citigroup, US Bancorp, BB&T, Fifth Third Bank, PNC and Capital One — using distributed denial of service attacks, or DDoS, attacks.

DDoS attacks disrupt service to customers of a website by directing, all at once, a deluge of traffic to the site. This is effected by way of a botnet, a “zombie” network of computers infected with a virus that can be remotely controlled by the hacker. According to experts cited in the report, the malware that created the botnet, Itsoknoproblembro, was hishgly sophisticated and, unlike other botnets, virtually untraceable.

“The scale, the scope and the effectiveness of these attacks have been unprecedented,” said Carl Herberger, vice president of security solutions at Radware, the firm that identified Itsoknoproblembro. “There have never been this many financial institutions under this much duress.”