Is Iran the perpetrator of DDoS attacks on US banks?
by Gene Michael Stover
created Monday, 2013-01-14 T 13:03:28Z
updated Monday, 2013-01-14 T 13:38:22Z
In the news this morning are stories about
some cyberattacks against US banks. Here's the skinny.
The attacks were a Distrubted Denial-of-Service
(DDoS) against some banks in the USA. There were a couple of
interesting technical twists, but for the moment, what's important is
that they increased the likelihood that you'd get a temporary error if
you tried to use your bank's web site. (That's what a
Denial-of-service attack does.)
I'll mention the technical twists later
for you programmers. It's the political part of the story that's
USA government says that "there is no doubt"
that Iran's government is the perpetrator. (Third paragraph
as well as mentioned but not quoted in most of the stories.)
(Where have we heard
"there is now doubt"
USA government offers no evidence to this claim.
(Sixth paragraph here.)
A middle-eastern hacker group called
Izz Ad-Din Al-Qassam Cyber Fighters
Iran government says "The Islamic republic of Iran
categorically denies any involvement in cyber attacks on American
banks and denounces such methods which are a violation of the
sovereignty of nations".
Since Iran mentions the sovereignty of nations, which is a damn
spot more than our own government acknowledges, since the Al-Qassam
Cyber Fighters have presented some evidence that they perpetrated the
attacks, & since "there
is now doubt", USA's claim that the Iran government
is the perpetrator sounds like fear-mongering & vilification of
Iran -- which isn't new.
It was executed from the cloud -- from computers at data centers such as
Amazon's & Google's. (None of the stories clearly say whose data
centers were used, so I'm not saying that Amazon's or Google's were used.
Just saying that it was execute from data centers such as those
run by Amazon, Google, & other organizations.)
It probably worked by using the
"itsoknoproblembro" toolkit which attacks
some security hole in PHP.
Another twist: The packet flood contained
Sounds like SSL connection requests or login attempts for the web
So these requests consumed network bandwidth as do the packets on any
DDoS attack, but they also consumed CPU time as well. In other
words, they were doubly effective.
One the banks has 40 gigabit/second bandwidth. (The implication is that
most of the banks had less.)
At its peak, the attack was spewing 70 gigabit/second,
so it sounds like the attack could seriously impact access to the web
sites of at least several banks at one time.