Six major American banks were hit in a wave of computer attacks last week, by a group claiming Middle Eastern ties, that caused Internet blackouts and delays in online banking. The targets of last week’s computer attacks included Wells Fargo, JPMorgan Chase and Citibank. Some, including Senator Joseph I. Lieberman, have pointed accusations at Iran in the attacks, and one expert said Iran must at least have been aware of them.
Frustrated customers of Bank of America, JPMorgan Chase, Citigroup, U.S. Bank, Wells Fargo and PNC, who could not get access to their accounts or pay bills online, were upset because the banks had not explained clearly what was going on.
“It was probably the least impressive corporate presentation of bad news I’ve ever seen,” said Paul Downs, a small-business owner in Bridgeport, Pa. “This is extremely disconcerting.”
The banks suffered denial of service attacks, in which hackers barrage a Web site with traffic until it is overwhelmed and shuts down. Such attacks, while a nuisance, are not technically sophisticated and do not affect a company’s computer network — or, in this case, funds or customer bank accounts. But they are enough to upset customers.
A hacker group calling itself Izz ad-Din al-Qassam Cyber Fighters — a reference to Izz ad-Din al-Qassam, a Muslim holy man who fought against European forces and Jewish settlers in the Middle East in the 1920s and 1930s — took credit for the attacks in online posts.
The group said it had attacked the banks in retaliation for an anti-Islam video that mocks the Prophet Muhammad. It also pledged to continue to attack American credit and financial institutions daily, and possibly institutions in France, Israel and Britain, until the video is taken offline. The New York Stock Exchange and Nasdaq were also targeted.
On Friday, PNC became the latest bank to experience delays and fall offline. Customers said they had been unable to get access to PNC’s online banking site, and those that visited the bank’s physical locations were told it was because PNC, and many others, had been hacked.
Fred Solomon, a PNC spokesman, said Friday afternoon that the bank’s Web site was back online, but that it was still working to restore online bill payment. Asked why the bank was not better able to withstand such an attack, he said that while PNC had systems in place to prevent delays and disruption from hacker attacks, in this case “the volume of traffic was unprecedented.”
Representatives for other banks also confirmed that they had experienced slow Internet performance and intermittent downtime because of an unusually high volume of traffic.
Security researchers said the attack methods were too basic to have taken so many American bank sites offline. The hackers appeared to be enlisting volunteers for the attacks with messages on various sites. On one blog, they called on people to visit two Web addresses that would cause their computers to flood banks with hundreds of data requests a second. They asked volunteers to attack banks according to a timetable: Wells Fargo on Tuesday, U.S. Bancorp on Wednesday and PNC on Thursday.
But experts said it seemed implausible that this method would create an attack of this scale. “The number of users you need to break those targets is very high,” said Jaime Blasco, a security researcher at AlienVault who has been investigating the attacks. “They must have had help from other sources.”
Those sources, Mr. Blasco said, would have to be a group with money, like a nation, or botnets — networks of infected computers that do the bidding of criminals. Botnets can be rented through black market schemes that are common in the Internet underground, or lent out by criminals or governments.
Last week, Senator Joseph I. Lieberman of Connecticut, chairman of the Senate Homeland Security Committee, said in an interview on C-Span that he believed Iran’s government had sponsored the attacks in retaliation for Western economic sanctions. The hacker group rejected that claim. In an online post, it said the attacks had not been sponsored by a country and that its members “strongly reject the American officials’ insidious attempts to deceive public opinion.”
The hackers maintained that they were retaliating for the online video. “Insult to the prophet is not acceptable, especially when it is the last Prophet Muhammad,” they wrote.
It is very difficult to trace such attacks back to a particular country, security experts say, because they can be routed through different Internet addresses to mask their true origin.
But experts said they had seen an increase in such activity from Iran and in the number of so-called hacktivists, hackers who attack for political purposes rather than for profit, based in Iran.
“We absolutely have seen more activity from the Middle East, and in particular Iran has been increasingly active as they build up their cyber capabilities,” said George Kurtz, the president of CrowdStrike, a computer security company, and former chief technology officer at McAfee. “There is also a strong activist movement underfoot, which should be concerning to many large companies. The threat is real, and what we are seeing now is only the tip of the iceberg.”
James A. Lewis, a computer security expert at the Center for Strategic and International Studies, said that in this case, the attack methods used were “pretty basic” to have been state-sponsored. But he added that even if the attacks were not the work of Iran’s government, the state would be aware of them because Iran monitors its networks extensively.
For Mr. Downs, the small-business owner in Pennsylvania, such half explanations were of little consolation.
“A major bank has a problem and gives no indication of what’s happening, when it started or when it will stop,” he said. “That’s pretty freaky if it’s your own business’s money and you need to do things with it.”
<CSPAN> <NYTIMES> <ENQINET>