Iranian cyber attacks against U.S. financial institutions have resulted in false claims by U.S. officials and cybersecurity experts that the State of Iran was behind them. The fact is that while Iran is developing a capable cyber warfare division, the distributed denial of service attacks against U.S. banks have been part of a hacktivist protest organized by Izz ad-Din al-Qassam a.k.a Qassam Cyber Fighters called Operation Ababil. The group first announced its plans on September 18th 2012 on Pastebin.
Dear Muslim youths, Muslims Nations and are noblemen
When Arab nations rose against their corrupt regimes (those who support Zionist regime) at the other hand when, Crucify infidels are terrified and they are no more supporting human rights. United States of America with the help of Zionist Regime made a Sacrilegious movie insulting all the religions not only Islam.
All the Muslims worldwide must unify and Stand against the action, Muslims must do whatever is necessary to stop spreading this movie. We will attack them for this insult with all we have.
All the Muslim youths who are active in the Cyber world will attack to American and Zionist Web bases as much as needed such that they say that they are sorry about that insult.
We, Cyber fighters of Izz ad-din Al qassam will attack the Bank of America and New York Stock Exchange for the first step. These Targets are properties of American-Zionist Capitalists. This attack will be started today at 2 pm. GMT. This attack will continue till the Erasing of that nasty movie. Beware this attack can vary in type.
Down with modern infidels.
On September 19th, they expanded their financial targets to include JPMorganChase.
On September 25th, they posted another announcement to Pastebin (which has since been removed but can be read here) which stated that they’ll be expanding the attacks:
So as we promised before, the attack will be continued until the removal of that sacrilegious movie from the Internet.Therefore, we suggest a Timetable for this week attacks. Knowing which times the banks and other targets are out of service, the customers of targeted sites also can manage to do their jobs as well and have a rest while the specific organization is under attack.We shall attack for 8 hours daily, starting at 2:30 PM GMT, every day.
We repeat again the attacks will continue for sure till the removal of that sacrilegious movie.We invite all cyberspace workers to join us in this Proper Act. If America’s arrogant government do not submit, the attack will be large and larger and will include other evil countries like Israel, French and U.Kingdom indeed.Tuesday 9/25/2012 : attack to Wells Fargo site, www.wellsfargo.comWednesday 9/26/2012 : attack to U.S. Bank site, www.usbank.comThursday 9/27/2012 : attack to PNC site, www.pnc.com Weekends: planning for the next week’ attacks.Mrt. Izz ad-Din al-Qassam Cyber Fighters”
The method of attack (Distributed Denial of Service – DDoS) is unsophisticated and only temporarily effective (DDoS attacks can’t last forever). Botnets no longer have to be created, they can be rented so a protest like this one can be up and running in just a few days. More importantly, Arabic and Israeli hackers have both discovered the value of crowd-sourced “opt-in” botnet attacks where they enlist volunteers to turn their computers over to be controlled by the Botnet’s command and control server. When the cause is sufficiently motivating, you can rapidly stand up a powerful DDoS attack force that can overwhelm the largest of commercial web servers, even those running multinational financial institutions that serve millions of customers daily for very little expense.
However, this is clearly not an attack against the U.S. by Iran. Iran has spent at least two years developing a cyber warfare division within the Islamic Revolutionary Guard Corps. It has an excellent Computer Emergency Response Team (MAHER) and it has the advantage of being the victim of multiple sophisticated cyber attacks from the West and Israel including Stuxnet, Flame, DuQu, Gauss, Wiper, Shamoon, and others yet to be discovered. Iran benefits from the technical assistance of Russia’s Kaspersky Labs and ITU-IMPACT and has demonstrated its own technical skill in capturing the RQ-170 drone last year. If the IRGC were to mount a cyber attack against the West, it would be a) covert and b) sophisticated. It would be an insult to Iran’s pride if the best it could come up with in attacking the West was something that caused a minor inconvenience to U.S. banking customers. Iranian hackers have performed sophisticated hacks against the Internet’s DNS system and digital certificate authorities. In comparison, these DDoS attacks are childs-play and attempts to make them more than they are by Senator Lieberman and by various cybersecurity experts have either political or commercial motivations.
@jl2l @TomRyan @Contagio It truly is a form of proliferation, right? It would be so incapacitating and the damage would be felt globally.
@jl2l @TomRyan @Contagio Thats the impression I got from reading the report I read that was written 10+ years ago. The cyber Kill switch that can take out comms, etc. I wonder if we will get there. Iran Dark 030.
@JHR @TomRyan @Contagio The US has a unplug switch, most of the internet is routed through us, but its not as simple as click on a icon of Iran and then clicking a off button, in switching it off we would most likely also shut off other countries/user in the region. The better option is to drop a e-bomb and fry out their network.
@jeffreycarr What are your thoughts on ThreatPost? It is run by Kaspersky Labs. Reading an article about new smartphone malware that turns the camera into a spying device (supposedly developed by Naval Surface Warfare in conjunction with Indiana University).
@TomRyan @Contagio I think we have an "off switch" in place to shut down any countries capabilities. I wonder if we will tap that and use it if necessary. But if we do, we loose our spy/intel capabilities. I am just wondering if Iran got way out of hand, if we would knock their capabilities out. I notice that COUNTIES and some STATES outsource their data to HP or another processing contractor somewhere in another part of the world and when that data is hacked, so much intel is released. Like the Tri-Care and Verizon hits within the past 24 months. Somebody wanting to find somebody, now has full access. This concerns me. I think the counties and states are very vulnerable. Just my opinion. Its like corps. and agencies are playing "catch up".