Here’s a perfect snapshot of the world today: When Iranian President Mahmoud Ahmadinejad addresses the United Nations, banking IT executives should be paying close attention. While concerns over Iran’s nuclear ambitions pay out on the global stage, even becoming a major issue in the U.S. presidential election, it’s not only the Departments of State and Defense that are involved. There’s ongoing speculation over the details, but it’s become increasingly clear that in the past few months, several U.S. financial conglomerates—Bank of America, JP Morgan Chase and Citigroup, among others—have been under cyber-attack. There’s no official confirmation of the source, but it’s increasingly believed that the hackers were based in Iran.
The specific motives are still unclear, although it’s not hard to accept that economic sanctions that have been imposed are a major factor. For the record, the Iranian government has claimed in the recent past to be building a ‘cyber army,’ and has even called for loyal citizens to hack into Western institutions.
It’s not just banks getting caught in the crossfire. Just this week, Google warned Gmail customers that “state-sponsored attackers” may be trying to compromise their computers. Google didn’t name the state doing the sponsoring, and in this case Iran claims to be among the victims.
We still don’t know much about the recent attacks—just how broad they were, and the extent of the damage caused. For the most part they seem to have been Distributed Denial of Service (DDoS) attacks, which are typically made up of waves of phony traffic that effectively shut down otherwise functional servers and badly disrupt operations. There may not have been outright data theft, but many customers were unable to conduct online transactions, leaving banks with considerable remediation and repair costs.
Industry experts believe the attacks were heavily coordinated and targeted, pursuing weak spots that were likely uncovered through extensive research and surveillance. It’s being reported that thousands of servers were hijacked for the purpose.
The attacks seem to have subsided in the past week, but looking ahead, there’s continuing cause for worry.
First, by all accounts, these were not isolated incidents or the work of malicious kids out to prove their skills. Most DDoS attacks take considerable organization, skill and resources, and the new wave was no exception. These showed sophisticated tactics backed by patience and expertise. The diversity of their origins—the ‘botnets’ could be anywhere—makes the defense even more problematic.
It’s definitely uncomfortable to be considered alongside defense contractors as part of the ‘military-industrial complex’ and become the focus of geo-political tensions. However, the undeniable reality is that the information technology infrastructure underpinning the entire economy makes a choice target. Criminal gangs out for profit are no longer the only digital threats we need to keep in mind. Cyber terrorism is now a potent weapon in international conflicts, and few actions make a more potent political statement than bringing down the financial services industry.
There’s no reason for us to stop doing what we do—that would be handing the bad guys a true victory. However, it would serve us well to be vigilant. There are no guarantees here, but no one should be surprised if there are more attacks, whether through DDoS or new virus strains. Security must be a top priority: We need to help our security specialists build the best defenses possible, and ensure that even with waves of sophisticated assaults, operations are not disrupted.