From Robert Windrem and Jim Miklaszewsk, NBC News: National security officials told NBC News that the continuing cyber attacks this week that slowed the websites of JPMorgan Chase and Bank of America are being carried out by the government of Iran. One of those sources said the claim by hackers that the attacks were prompted by the online video mocking the Prophet Muhammad is just a cover story.
A group of purported hackers in the Middle East has claimed credit for problems at the websites of both banks, citing the online video mocking the founder of Islam. One security source called that statement "a cover" for the Iranian government’s operations.
The attack is described by one source, a former U.S. official familiar with the attacks, as being "significant and ongoing" and looking to cause "functional and significant damage." Also, one source suggested the attacks were in response to U.S. sanctions on Iranian banks. . . .
Senior U.S. officials acknowledge that Iranian attacks have been the subject of intense interest by U.S. intelligence for several weeks. Last week, the Joint Chiefs of Staff’s Intelligence Directorate, known as J-2, confirmed continuing Iranian cyber attacks against U.S. financial institutions in a report described as "highly classified." The report was posted on internal classified U.S. government sites last Friday, September 14.
Because of the level of classification, the officials refused to provide or confirm any specifics on these attacks. . . .
The former head of cyber-security for the White House testified Thursday that “we were waiting for something like this from Iran.” Frank Cilluffo, who served as Special Assistant to the President for Homeland Security under President George W. Bush, is currently an associate vice president at George Washington University and heads the Homeland Security Policy Institute. Cilluffo testified in a previously scheduled appearance before the U.S. House of Representatives’ Committee on Homeland Security, saying “the government of Iran and its terrorist proxies are serious concerns in the cyber context. What Iran may lack in capability, it makes up for in intent. They do not need highly sophisticated capabilities—just intent and cash—as there exists an arms bazaar of cyber weapons, allowing Iran to buy or rent the tools they need or seek.”
From Jim Finkle and Rick Rothacker, Reuters: Iranian hackers have repeatedly attacked Bank of America Corp , JPMorgan Chase & Co and Citigroup Inc over the past year, as part of a broad cyber campaign targeting the United States, according to people familiar with the situation.
The attacks, which began in late 2011 and escalated this year, have primarily been "denial of service" campaigns that disrupted the banks’ websites and corporate networks by overwhelming them with incoming web traffic, said the sources.
Whether the hackers have been able to inflict more serious damage on computer networks or steal critical data is not yet known. The sources said there was evidence suggesting the hackers targeted the banks in retaliation for their enforcement of Western economic sanctions against Iran.
Iran has beefed up its cyber capabilities after its nuclear program was damaged in 2010 by the Stuxnet virus, widely believed to have been developed by the United States. Tehran has publicly advertised its intentions to build a cyber army and encouraged private citizens to hack against Western countries.
The attacks on the three largest U.S. banks originated in Iran, but it is not clear if they were launched by the state, groups working on behalf of the government, or "patriotic" citizens, according to the sources, who requested anonymity as they were not authorized to discuss the matter.
They said the attacks shed new light on the potential for Iran to lash out at Western nations’ information networks.
"Most people didn’t take Iran seriously. Now most people are taking them very seriously," said one of the sources, referring to Iran’s cyber capabilities. (photo: AFP/Getty)