Iranian cyber attacks against U.S. financial institutions have resulted in false claims by U.S. officials and cybersecurity experts that the State of Iran was behind them. The fact is that while Iran is developing a capable cyber warfare division, the distributed denial of service attacks against U.S. banks have been part of a hacktivist protest organized by Izz ad-Din al-Qassam a.k.a Qassam Cyber Fighters called Operation Ababil. The group first announced its plans on September 18th 2012 on Pastebin.
Dear Muslim youths, Muslims Nations and are noblemen
When Arab nations rose against their corrupt regimes (those who support Zionist regime) at the other hand when, Crucify infidels are terrified and they are no more supporting human rights. United States of America with the help of Zionist Regime made a Sacrilegious movie insulting all the religions not only Islam.
All the Muslims worldwide must unify and Stand against the action, Muslims must do whatever is necessary to stop spreading this movie. We will attack them for this insult with all we have.
All the Muslim youths who are active in the Cyber world will attack to American and Zionist Web bases as much as needed such that they say that they are sorry about that insult.
We, Cyber fighters of Izz ad-din Al qassam will attack the Bank of America and New York Stock Exchange for the first step. These Targets are properties of American-Zionist Capitalists. This attack will be started today at 2 pm. GMT. This attack will continue till the Erasing of that nasty movie. Beware this attack can vary in type.
Down with modern infidels.
On September 19th, they expanded their financial targets to include JPMorganChase.
On September 25th, they posted another announcement to Pastebin (which has since been removed but can be read here) which stated that they’ll be expanding the attacks:
So as we promised before, the attack will be continued until the removal of that sacrilegious movie from the Internet.Therefore, we suggest a Timetable for this week attacks. Knowing which times the banks and other targets are out of service, the customers of targeted sites also can manage to do their jobs as well and have a rest while the specific organization is under attack.We shall attack for 8 hours daily, starting at 2:30 PM GMT, every day.
We repeat again the attacks will continue for sure till the removal of that sacrilegious movie.We invite all cyberspace workers to join us in this Proper Act. If America’s arrogant government do not submit, the attack will be large and larger and will include other evil countries like Israel, French and U.Kingdom indeed.Tuesday 9/25/2012 : attack to Wells Fargo site, www.wellsfargo.comWednesday 9/26/2012 : attack to U.S. Bank site, www.usbank.comThursday 9/27/2012 : attack to PNC site, www.pnc.com Weekends: planning for the next week’ attacks.Mrt. Izz ad-Din al-Qassam Cyber Fighters”
The method of attack (Distributed Denial of Service – DDoS) is unsophisticated and only temporarily effective (DDoS attacks can’t last forever). Botnets no longer have to be created, they can be rented so a protest like this one can be up and running in just a few days. More importantly, Arabic and Israeli hackers have both discovered the value of crowd-sourced “opt-in” botnet attacks where they enlist volunteers to turn their computers over to be controlled by the Botnet’s command and control server. When the cause is sufficiently motivating, you can rapidly stand up a powerful DDoS attack force that can overwhelm the largest of commercial web servers, even those running multinational financial institutions that serve millions of customers daily for very little expense.
However, this is clearly not an attack against the U.S. by Iran. Iran has spent at least two years developing a cyber warfare division within the Islamic Revolutionary Guard Corps. It has an excellent Computer Emergency Response Team (MAHER) and it has the advantage of being the victim of multiple sophisticated cyber attacks from the West and Israel including Stuxnet, Flame, DuQu, Gauss, Wiper, Shamoon, and others yet to be discovered. Iran benefits from the technical assistance of Russia’s Kaspersky Labs and ITU-IMPACT and has demonstrated its own technical skill in capturing the RQ-170 drone last year. If the IRGC were to mount a cyber attack against the West, it would be a) covert and b) sophisticated. It would be an insult to Iran’s pride if the best it could come up with in attacking the West was something that caused a minor inconvenience to U.S. banking customers. Iranian hackers have performed sophisticated hacks against the Internet’s DNS system and digital certificate authorities. In comparison, these DDoS attacks are childs-play and attempts to make them more than they are by Senator Lieberman and by various cybersecurity experts have either political or commercial motivations.