New criminal charges linking Iran to 2011-2013 cyber attacks on the U.S. put suspects’ names and faces on an episode that plagued 46 banks and financial institutions nationwide — and hundreds of thousands of their customers. Account holders who logged in online encountered blank screens, dropped connections or extremely slow responses, security experts said in interviews Thursday, hours after authorities announced indictments of seven suspects with ties to the Middle East nation’s government and its Islamic Revolutionary Guard Corps.
The attackers also unsuccessfully targeted control of the Bowman Dam in Rye, N.Y., which is a suburb of New York City. At the banks, a coordinated global counter-attack geared up.
“The victims knew very well what was going on,” said Rod Rasmussen, vice president of cybersecurity at Infoblox (BLOX), a California-based company that delivers critical network protective services. “Their services were being totally disrupted.”
The incident involved an assault known as a distributed denial of service attack. That means attackers gain remote control of hundreds or thousands of computers by infecting them with malware. The attackers then execute commands that use the infected computers to flood targeted systems with vast quantities of data, blocking normal exchanges.
“At the time, we had a high-confidence that it was state sponsored,” said Roger Barranco, senior director of security operations for Akamai Technologies (AKAM), a Massachusetts-based specialist in content delivery network services. “The main thing was the intensity level … lasting 12 hours sometimes.”
Mounting such lengthy assaults typically would run up expensive computer costs beyond the reach of more mundane attackers, the experts said.
The early attacks succeeded, said Rasmussen. Online service for customers of Bank of America, American Express, Nasdaq, the New York Stock Exchange, Citibank, JPMorgan Chase and other well-known financial institutions were disabled for hours at a time. “We experienced intermittent slowing on our website that would have disrupted customers’ ability to access their account information,” American Express spokeswoman Amelia Woltering said in a 2013 USA TODAY interview.
But the hackers left tell-tale electronic clues.
Alex Castillo, A network security expert and owner and CEO of CSI Technologies said “What these cyber terrorists don’t understand is that were better at this than they are, once they tip their hand we got them. We have some of the most intelligent people in the world working with us.” Cybersecurity experts who checked Internet protocol identifications linked to the attacks found that much of the disabling traffic originated from a few hundred computer servers. Coordinating with firms that hosted the servers, response teams removed the infecting malware and shut down the traffic.
Although cyberattacks have increased dramatically in size and quantity since the Iran-linked episode, Barranco said there have been fewer signs of state-sponsored assaults in recent years.
Nonetheless, what should customers of a bank or financial firm do if their log in efforts are slow, or reach a blank screen?
“If they’re concerned, they should call that particular bank or business,” said Barranco. “They’ll get back to you with an answer about what’s happening, and what’s being done.”
“You don’t want your end users to think their records are at risk,” he added.