Cyber-attackers out to destroy data and not just disable it

Advertisement
By David E. Sanger and Nicole Perlroth, The New York Times | Updated: 29 March 2013 11:32 IST
American Express customers trying to gain access to their online accounts Thursday were met with blank screens or an ominous ancient type face. The company confirmed that its website had come under attack.

The assault, which took American Express offline for two hours, was the latest in an intensifying campaign of unusually powerful attacks on U.S. financial institutions that began last September and have taken dozens of them offline intermittently, costing millions of dollars.

JPMorgan Chase was taken offline by a similar attack this month. And last week, a separate, aggressive attack incapacitated 32,000 computers at South Korea's banks and television networks.

The culprits of these attacks, officials and experts say, appear intent on disabling financial transactions and operations.

Advertisement

Corporate leaders have long feared online attacks aimed at financial fraud or economic espionage, but now a new threat has taken hold attackers, possibly with state backing, who seem bent on destruction.

"The attacks have changed from espionage to destruction," said Alan Paller, director of research at SANS, a cybersecurity training organization. "Nations are actively testing how far they can go before we will respond."

Security experts who studied the attacks said they were part of the same campaign that took down the websites of Wells Fargo, Bank of America and others over the past six months. A group that calls itself the Izz ad-Din al-Qassam Cyber Fighters has claimed responsibility for those attacks.

Advertisement

The group says it is retaliating for an anti-Islamic video posted on YouTube last fall. But U.S. intelligence officials and industry investigators say they believe that the group is a convenient cover for Iran.

Just how tight the connection is - or whether the group is acting on direct orders from the Iranian government - is unclear. Government officials and bank executives have failed to produce a smoking gun.

Advertisement

North Korea is considered the most likely source of the South Korean attacks, although investigators are still struggling to follow the digital trail, a process that could take months. The North Korean government of Kim Jong Un has openly declared that it is seeking out online targets in its neighbor to the south to exact economic damage.

Representatives of American Express confirmed that the company was under attack Thursday but said that there was no evidence that customer data had been compromised. An FBI spokesman did not respond Thursday to a request for comment about the American Express attack.

Advertisement

Spokesmen for JPMorgan Chase said they would not talk about the recent attack there, its origins or its consequences.

The largest contingent of instigators of attacks in the private sector, government officials and researchers say, remains Chinese hackers intent on stealing corporate secrets. But the U.S. and South Korean bank attacks underscore a growing fear that the two countries now worrying banks, oil producers and governments may be Iran and North Korea, not because of their skill but because of their brazenness.

Neither country is considered a superstar in this area. But the appeal of digital weapons is similar to that of nuclear capability: It is a way for an outgunned, outfinanced nation to even the playing field.

"These countries are pursuing cyberweapons the same way they are pursuing nuclear weapons," said James A. Lewis, a computer security expert at the Center for Strategic and International Studies in Washington. "It's primitive; it's not top of the line, but it's good enough, and they are committed to getting it."

U.S. officials are weighing their response options, but the issues involved are complex.

At a meeting of banking executives, regulators and representatives from the Homeland Security and Treasury departments in December, some attendees pushed the United States to hit back at the hackers, while others argued that doing so would only lead to more aggressive attacks, according to two people at the meeting.

The difficulty of deterring such attacks was also the focus of a White House meeting earlier this month with President Barack Obama and business leaders including Jamie Dimon, chief executive of JPMorgan Chase; Brian T. Moynihan of Bank of America; Rex W. Tillerson of Exxon Mobil; Randall L. Stephenson of AT&T and others.

Obama's goal was to erode the business community's intense opposition to federal legislation that would give the government oversight of how companies protect "critical infrastructure," like banking systems and energy and cellphone networks. That opposition killed a bill last year, prompting Obama to sign an executive order promoting increased information-sharing with businesses.

"But I think we heard a new tone at this latest meeting," an Obama aide said later. "Six months of unrelenting attacks have changed some views."

Lewis, the cybersecurity expert, agreed.

"The Iranian attacks have tilted private sector opinion," he said. "Hence the muted reaction to the executive order versus squeals of outrage. Companies are much more concerned about this and much more willing to see a government role."

When hackers believed by U.S. intelligence officials to be Iranians hit the world's largest oil producer, Saudi Aramco, last year, they did not just erase data on 30,000 Aramco computers; they replaced the data with an image of a burning U.S. flag. In the assault on South Korea last week, some affected computers displayed an ominous image of skulls.

"This attack is as much a cyber-rampage as it is a cyberattack," Rob Rachwald, a research director at FireEye, a computer security firm, said of the South Korea attacks.

In the past, such assaults typically occurred through a denial-of-service attack, in which hackers flood their target with Web traffic from networks of infected computers until it is overwhelmed and shuts down. One such case was a 2007 Russian attack on Estonia that affected Estonian banks, the Parliament, ministries, newspapers and broadcasters and nearly crippled the small Baltic nation.

With their campaign against U.S. banks, the hackers suspected of being Iranian have taken that kind of attack to the next level. Instead of using individual personal computers to send Web traffic to each bank, they infected powerful, commercial data centers with sophisticated malware and instructed them to simultaneously fire at each bank, giving them the horsepower to inflict a huge attack.

As a result, the hackers were able to take down the consumer banking sites of American Express, JP Morgan Chase, Bank of America, Wells Fargo and other banks with exponentially more traffic than hit Estonia in 2007.

In the attack on Saudi Aramco last year, the culprits did not mount that type of assault; instead, they created malware designed for greatest effect, coded to spread to as many computers as possible.

Likewise, the attacks last week on South Korean banks and broadcasters were far more sophisticated than coordinated denial-of-service attacks in 2009 that briefly took down the websites of South Korea's president and its Defense Ministry and those of the U.S. Treasury Department, the Secret Service and the Federal Trade Commission. Those attacks were mostly annoyances; they largely did not affect operations.

But this time around in South Korea, the attackers engineered malware that could evade popular South Korean anti-virus products, spread it to as many computer systems as possible, and inserted a time bomb to take out all the systems at once for greatest impact.

The biggest concern, Lewis said "We don't know how they make decisions. When you add erratic decision making, then you really have something to worry about."

© 2013, The New York Times News Service

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement

Related Stories

Popular Mobile Brands
  1. OTT Releases of the Week (Oct 13th - Oct 19th): What to Stream This Weekend?
  2. Honor's Robot Phone With a Pop-Up Camera Will Debut at MWC 2026
  3. Amazon Diwali Sale 2025: Best Deals on Smartwatches for Runners
  4. Redmi Note 15 Series India Launch Timeline, Price and Features Leaked
  5. OnePlus 15 Launch Details Likely to Be Announced on October 17
  6. Vivo Announces OriginOS 6 for Vivo and iQOO Handsets Globally
  7. Oppo Watch S With Temperature Monitoring Launched at This Price
  8. Google Offers Up to 2TB of Storage Across Gmail and Photos for Rs. 11
  9. Oppo Find X9 Pro, Find X9 Launched With Dimensity 9500 SoC: See Price
  10. Samsung Galaxy S26 Ultra Design, Black Colourway Leaked via Case Maker
  1. OnePlus 15 China Launch Date Announced; to Debut Alongside OnePlus Ace 6
  2. Exploding Dry Ice May Explain Mars’ Puzzling Dune Patterns, Study Finds
  3. Dark Matter Might Leave A Faint Colour Mark In Light, Say Scientists
  4. Baaghi 4 Starring Tiger Shroff Reportedly Set to Land on OTT: Everything You Need to Know
  5. M3gan 2.0 OTT Release Date Revealed: Know When and Where to Watch Sci-Fi Horror Film Online
  6. Satellites Capture Record-Breaking 20-Metre Waves Crossing Entire Oceans
  7. Scientists Discover Parasitic Worms That Hunt Using Static Electricity
  8. SpaceX Launches 21 Satellites With Second Falcon 9 Launch Of The Year
  9. Bridgerton Season 4 To Begin Streaming on Netflix in 2026: Know When and Where to Watch it Online
  10. Samsung Galaxy S26 Ultra Design, Black Colourway Leaked via Case Manufacturer
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.