Friday, September 28, 2012

Fact-checking the Iranian DDoS Attacks Against US Banks

There's a boat-load of misinformation being dispensed by CNN and Bloomberg about the DDoS attacks targeting our largest U.S. banks. Since this involves erroneous quotes from certain cyber security executives along with a U.S. Senator, I think a little fact-checking is in order.

Bloomberg: "Cyber attacks on the biggest U.S. banks, including JPMorgan Chase & Co. (JPM) and Wells Fargo (WFC) & Co., have breached some of the nation’s most advanced computer defenses and exposed the vulnerability of its infrastructure, said cybersecurity specialists tracking the assaults."

FALSE. This was a Distributed Denial of Service (DDOS) attack. Nothing was "breached". The web servers which hosted the banks' online services were overwhelmed by "calls" and couldn't handle them all.

Bloomberg: "Such a sustained network attack ranks among the worst-case scenarios envisioned by the National Security Agency, according to the U.S. official, who asked not to be identified because he isn’t authorized to speak publicly."

FALSE. There's no one that I know at the NSA (past or present) who believes that customer inconvenience resulting from a DDOS attack against their bank's website is a "worst-case scenario". That's utterly ridiculous.

Bloomberg: "The initial planning for the assault pre-dated the video controversy, making it less likely that it inspired the attacks, according to (Dmitri) Alperovitch and (Rodney) Joffe, both of whom have been tracking the incidents. A significant amount of planning and preparation went into the attacks, they said. “The ground work was done to infect systems and produce an infrastructure capable of launching an attack when it was needed,” Joffe said."

CNN: "To get hold of all the servers necessary to launch such huge attacks, the organizers needed to plan for months, Alperovitch said. The servers had to be compromised and linked together into a network called a "botnet."

FALSE. This attack did not take months to plan for two reasons: 1) This was a crowd-sourced opt-in botnet commonly used in social activism (aka hacktivist) attacks, and 2) No one needs to create a botnet from scratch anymore. You can find them to rent on pretty much any hacker forum world-wide.

CNN: "Sen. Joe Lieberman, an Independent from Connecticut, said in a C-SPAN interview on Wednesday that he believed the attacks were launched by Iran.
"I don't believe these were just hackers who were skilled enough to cause disruption of the websites," he said. "I think this was done by Iran ... and I believe it was a response to the increasingly strong economic sanctions that the United States and our European allies have put on Iranian financial institutions."

BULLSHIT.  There are lots of good reasons for tensions to exist between Iran and the U.S. but this isn't one of them. If you read the excellent open source analysis done by Dancho Danchev you'll see that this was nothing more than Islamic activists protesting the "Innocence of Muslims" video.

Paste bin notice by Qassam Cyber Fighters group
If Senator Lieberman thought this would be a good opportunity to do some Iran-bashing in order to drum up support for his cyber security legislation, he mis-calculated. This statement by the Senator only serves to reinforce the feeling by many that Congress is out of touch with the problem and is in no position to create new cyber security controls or policies.

1 comment:

  1. This article will teach you easy ways to go about the process of ordering and reordering checks. Be it for personal or business use, you will never have to pass this duty to some other person or procrastinate and delay reordering checks again.
    custom check designs

    ReplyDelete