Nat'l Security The cyber war counter attack by Iran begins on Citi, BOA and JP Morgan Chase - Page 4

**BigRedChief** · 09-21-2012, 06:07 PM

http://news.yahoo.com/exclusive-iran...6--sector.html

(Reuters) - Iranian hackers have repeatedly attacked Bank of America Corp , JPMorgan Chase & Co and Citigroup Inc over the past year, as part of a broad cyber campaign targeting the United States, according to people familiar with the situation.

The attacks, which began in late 2011 and escalated this year, have primarily been "denial of service" campaigns that disrupted the banks' websites and corporate networks by overwhelming them with incoming web traffic, said the sources.

Whether the hackers have been able to inflict more serious damage on computer networks or steal critical data is not yet known. The sources said there was evidence suggesting the hackers targeted the banks in retaliation for their enforcement of Western economic sanctions against Iran.

Iran has beefed up its cyber capabilities after its nuclear program was damaged in 2010 by the Stuxnet virus, widely believed to have been developed by the United States. Tehran has publicly advertised its intentions to build a cyber army and encouraged private citizens to hack against Western countries.

The attacks on the three largest U.S. banks originated in Iran, but it is not clear if they were launched by the state, groups working on behalf of the government, or "patriotic" citizens, according to the sources, who requested anonymity as they were not authorized to discuss the matter.
They said the attacks shed new light on the potential for Iran to lash out at Western nations' information networks.

"Most people didn't take Iran seriously. Now most people are taking them very seriously," said one of the sources, referring to Iran's cyber capabilities.

Iranian officials were not available for comment. Bank of America, JPMorgan and Citigroup declined to comment, as did officials with the Pentagon, U.S. Department of Homeland Security, Federal Bureau of Investigation, National Security Agency and Secret Service.
A U.S. financial services industry group this week warned banks, brokerages and insurers to be on heightened alert for cyber attacks after the websites of Bank of America and JPMorgan Chase's experienced unexplained service disruptions.
NBC reported late on Thursday that the Iranian government was behind these attacks, citing U.S. national security sources. Reuters could not verify that independently.
Tensions between the United States and Iran, which date back to the revolution in 1979 that resulted in the current Islamic republic, have escalated in recent years as Washington led the effort to prevent Tehran from getting a nuclear bomb and imposed tough economic sanctions.
DISRUPTIVE CAMPAIGN
Denial-of-service campaigns are among the oldest types of cyber attacks and do not require highly skilled computer programmers or advanced expertise, compared with sophisticated and destructive weapons like Stuxnet.
But denial-of-service attacks can still be very disruptive: If a bank's website is repeatedly shut down, the attacks can hurt its reputation, affect customer retention and cause revenue losses as customers cannot open accounts or conduct other business.

Bank of America, Citigroup and JPMorgan Chase have consulted the FBI, Department of Homeland Security and National Security Agency on how to strengthen their networks in the face of the Iranian attacks, the sources said. It was not clear whether law enforcement agencies are formally investigating the attacks.

The Iranian attackers may have used denial-of-service to distract the victims from other, more destructive assaults that have yet to be uncovered, the sources said.

Frank Cilluffo, who served as homeland security adviser to U.S. President George W. Bush, told Reuters that he knows of "cyber reconnaissance" missions that have come from Iran but declined to give specifics.
"It is yet to be seen whether they have the wherewithal to cause significant damage," said Cilluffo, who is now director of the Homeland Security Policy Institute at George Washington University.

security experts said Iran's cyber capabilities are not as sophisticated as those of the China, Russia, the United States or many of its Western allies. Jim Lewis, a former U.S. Foreign Service officer, said Iran has been testing its cyber technology against Israel and other Gulf states in recent years
.
"It's like the nuclear program: It isn't particularly sophisticated but it makes progress every year," said Lewis, who is a senior fellow at the Center for Strategic & International Studies.

2bikemike · 01-25-2013, 06:32 PM

Quote:

Originally Posted by BigRedChief

PSA and public info: Credible cyber threat to us and others has been discovered. Shit is going to get real soon.

Australia is even in on the alerts now:
http://www.theage.com.au/opinion/pol...123-2d665.html

We have been preparing for this for a couple years now at my work, so we are ahead of the game. I will say the country as a whole is way behind the 8 ball on this one. Even folks in the same industry are a bit behind.

**CrazyPhuD** · 01-25-2013, 06:35 PM

Can I cyber Iran too? I'm feeling a bit randy!

**BigRedChief** · 01-25-2013, 06:55 PM

Quote:

Originally Posted by 2bikemike

We have been preparing for this for a couple years now at my work, so we are ahead of the game. I will say the country as a whole is way behind the 8 ball on this one. Even folks in the same industry are a bit behind.

The cyber security experts tried to get a bill through congress to make them take just basic security steps to protect their networks. The republicans killed the bill. Government interfering with business. It was a bunch of BS. It was focused on utility, gas and other public "stuff" that we all use, not individual private business.

It's going to take a power outage in multiple states for people to wake the **** up and secure their networks.

**notorious** · 01-25-2013, 07:06 PM

"His name is Robert Paulson."

2bikemike · 01-25-2013, 08:28 PM

Quote:

Originally Posted by BigRedChief

The cyber security experts tried to get a bill through congress to make them take just basic security steps to protect their networks. The republicans killed the bill. Government interfering with business. It was a bunch of BS. It was focused on utility, gas and other public "stuff" that we all use, not individual private business.

It's going to take a power outage in multiple states for people to wake the **** up and secure their networks.

Thats not exactly true.

http://www.ferc.gov/industries/elect...ersecurity.asp

Cyber & Grid Security

The Energy Policy Act of 2005 (Energy Policy Act) gave the Federal Energy Regulatory Commission (Commission or FERC) authority to oversee the reliability of the bulk power system, commonly referred to as the bulk electric system or the power grid. This includes authority to approve mandatory cybersecurity reliability standards.

The North American Electric Reliability Corporation (NERC), which FERC has certified as the nation’s Electric Reliability Organization, developed Critical Infrastructure Protection (CIP) cyber security reliability standards. On January 18, 2008, the Commission issued Order No. 706, the Final Rule approving the CIP reliability standards, while concurrently directing NERC to develop significant modifications addressing specific concerns.

Additionally, the electric industry is incorporating information technology (IT) systems into its operations – commonly referred to as smart grid – as part of nationwide efforts to improve reliability and efficiency. There is concern that if these efforts are not implemented securely, the electric grid could become more vulnerable to attacks and loss of service. To address this concern, the Energy Independence and Security Act of 2007 (EISA) gave FERC and the National Institute of Standards and Technology (NIST) responsibilities related to coordinating the development and adoption of smart grid guidelines and standards.

**BigRedChief** · 01-25-2013, 09:23 PM

Quote:

Originally Posted by 2bikemike

Thats not exactly true.

http://www.ferc.gov/industries/elect...ersecurity.asp

Cyber & Grid Security

The Energy Policy Act of 2005 (Energy Policy Act) gave the Federal Energy Regulatory Commission (Commission or FERC) authority to oversee the reliability of the bulk power system, commonly referred to as the bulk electric system or the power grid. This includes authority to approve mandatory cybersecurity reliability standards.

The North American Electric Reliability Corporation (NERC), which FERC has certified as the nation’s Electric Reliability Organization, developed Critical Infrastructure Protection (CIP) cyber security reliability standards. On January 18, 2008, the Commission issued Order No. 706, the Final Rule approving the CIP reliability standards, while concurrently directing NERC to develop significant modifications addressing specific concerns.

Additionally, the electric industry is incorporating information technology (IT) systems into its operations – commonly referred to as smart grid – as part of nationwide efforts to improve reliability and efficiency. There is concern that if these efforts are not implemented securely, the electric grid could become more vulnerable to attacks and loss of service. To address this concern, the Energy Independence and Security Act of 2007 (EISA) gave FERC and the National Institute of Standards and Technology (NIST) responsibilities related to coordinating the development and adoption of smart grid guidelines and standards.

This is just a starter package. It's Windows 2000 and we need to upgrade to Windows 2008 R2 like last year.

I will not be surprised to see something major attacked with the week. And I'm not talking the small potatoes ATT attack that happened this week.

2bikemike · 01-25-2013, 09:36 PM

Quote:

Originally Posted by BigRedChief

This is just a starter package. It's Windows 2000 and we need to upgrade to Windows 2008 R2 like last year.

I will not be surprised to see something major attacked with the week. And I'm not talking the small potatoes ATT attack that happened this week.

I woud be willing to bet any attack will be in the financial sector. I don't thing the Bulk Electric system is that vulnerable.

**BigRedChief** · 01-25-2013, 09:40 PM

Quote:

Originally Posted by 2bikemike

I woud be willing to bet any attack will be in the financial sector. I don't thing the Bulk Electric system is that vulnerable.

Banks are 10X farther along than utilities. Most utilities are still allowing USB's to be plugged in by employees.

2bikemike · 01-25-2013, 11:02 PM

Quote:

Originally Posted by BigRedChief

Banks are 10X farther along than utilities. Most utilities are still allowing USB's to be plugged in by employees.

I work for a utility and I can tell you we are much further along than what you are implying.

Now there are some IPP's out there who are not on the bulk system that are not as far along and they are not necessarily required to be unless they are in the Critical Path for Black Start.

**BigRedChief** · 01-25-2013, 11:22 PM

Quote:

Originally Posted by 2bikemike

I work for a utility and I can tell you we are much further along than what you are implying.

Now there are some IPP's out there who are not on the bulk system that are not as far along and they are not necessarily required to be unless they are in the Critical Path for Black Start.

I KNOW our current state. It's the northeast ones that are the most vulnerable. It's the USB's. It's going to hurt. Already happened 5 out 6 times in a test.

LiveSteam · 01-25-2013, 11:34 PM

Has this been debunked?
BREAKING NEWS: SABOTAGE ATTACK? KEY IRANIAN NUCLEAR FACILITY HIT?

January 25, 2013

http://endtimeheadlines.wordpress.co...-facility-hit/

**BigRedChief** · 01-25-2013, 11:48 PM

Quote:

Originally Posted by LiveSteam

Has this been debunked?
BREAKING NEWS: SABOTAGE ATTACK? KEY IRANIAN NUCLEAR FACILITY HIT?

January 25, 2013

http://endtimeheadlines.wordpress.co...-facility-hit/

no the unfortunate accident with cleaning supplies inside Iran's "double secret probation" nuclear plant has nothing to do with the ATT attack or the cyber warnings issues all over the world. Pure coincidence. I mean really, how much damage can cleaning supplies really do?

LiveSteam · 01-25-2013, 11:54 PM

"double secret probation" nuclear plant

**BigRedChief** · 01-31-2013, 05:41 PM

Wall street Journal and the NY Times hacked by the Chinese military after publishing bad pr articles about China.

http://www.cbsnews.com/8301-205_162-...hacked-us-too/

**BigRedChief** · 02-01-2013, 10:55 PM

Twitter hacked. 250K account passwords compromised. China is responsible.
http://www.bloomberg.com/news/2013-0...user-data.html

09-21-2012, 06:07 PM
BigRedChief Has a particular set of skills Join Date: Dec 2003 Location: On the water Casino cash: $39727 VARSITY	The cyber war counter attack by Iran begins on Citi, BOA and JP Morgan Chase http://news.yahoo.com/exclusive-iran...6--sector.html (Reuters) - Iranian hackers have repeatedly attacked Bank of America Corp , JPMorgan Chase & Co and Citigroup Inc over the past year, as part of a broad cyber campaign targeting the United States, according to people familiar with the situation. The attacks, which began in late 2011 and escalated this year, have primarily been "denial of service" campaigns that disrupted the banks' websites and corporate networks by overwhelming them with incoming web traffic, said the sources. Whether the hackers have been able to inflict more serious damage on computer networks or steal critical data is not yet known. The sources said there was evidence suggesting the hackers targeted the banks in retaliation for their enforcement of Western economic sanctions against Iran. Iran has beefed up its cyber capabilities after its nuclear program was damaged in 2010 by the Stuxnet virus, widely believed to have been developed by the United States. Tehran has publicly advertised its intentions to build a cyber army and encouraged private citizens to hack against Western countries. The attacks on the three largest U.S. banks originated in Iran, but it is not clear if they were launched by the state, groups working on behalf of the government, or "patriotic" citizens, according to the sources, who requested anonymity as they were not authorized to discuss the matter. They said the attacks shed new light on the potential for Iran to lash out at Western nations' information networks. "Most people didn't take Iran seriously. Now most people are taking them very seriously," said one of the sources, referring to Iran's cyber capabilities. Iranian officials were not available for comment. Bank of America, JPMorgan and Citigroup declined to comment, as did officials with the Pentagon, U.S. Department of Homeland Security, Federal Bureau of Investigation, National Security Agency and Secret Service. A U.S. financial services industry group this week warned banks, brokerages and insurers to be on heightened alert for cyber attacks after the websites of Bank of America and JPMorgan Chase's experienced unexplained service disruptions. NBC reported late on Thursday that the Iranian government was behind these attacks, citing U.S. national security sources. Reuters could not verify that independently. Tensions between the United States and Iran, which date back to the revolution in 1979 that resulted in the current Islamic republic, have escalated in recent years as Washington led the effort to prevent Tehran from getting a nuclear bomb and imposed tough economic sanctions. DISRUPTIVE CAMPAIGN Denial-of-service campaigns are among the oldest types of cyber attacks and do not require highly skilled computer programmers or advanced expertise, compared with sophisticated and destructive weapons like Stuxnet. But denial-of-service attacks can still be very disruptive: If a bank's website is repeatedly shut down, the attacks can hurt its reputation, affect customer retention and cause revenue losses as customers cannot open accounts or conduct other business. Bank of America, Citigroup and JPMorgan Chase have consulted the FBI, Department of Homeland Security and National Security Agency on how to strengthen their networks in the face of the Iranian attacks, the sources said. It was not clear whether law enforcement agencies are formally investigating the attacks. The Iranian attackers may have used denial-of-service to distract the victims from other, more destructive assaults that have yet to be uncovered, the sources said. Frank Cilluffo, who served as homeland security adviser to U.S. President George W. Bush, told Reuters that he knows of "cyber reconnaissance" missions that have come from Iran but declined to give specifics. "It is yet to be seen whether they have the wherewithal to cause significant damage," said Cilluffo, who is now director of the Homeland Security Policy Institute at George Washington University. security experts said Iran's cyber capabilities are not as sophisticated as those of the China, Russia, the United States or many of its Western allies. Jim Lewis, a former U.S. Foreign Service officer, said Iran has been testing its cyber technology against Israel and other Gulf states in recent years . "It's like the nuclear program: It isn't particularly sophisticated but it makes progress every year," said Lewis, who is a senior fellow at the Center for Strategic & International Studies.
Posts: 59,936

01-25-2013, 06:35 PM	#47
CrazyPhuD Meow Join Date: Jun 2005 Casino cash: $5150	Can I cyber Iran too? I'm feeling a bit randy! __________________ "Political correctness is a doctrine, fostered by a delusional, illogical minority, and rabidly promoted by an unscrupulous mainstream media, which holds forth the proposition that it is entirely possible to pick up a t*rd by the clean end"
Posts: 8,158

01-25-2013, 07:06 PM	#49
notorious I Lay Wood for a Living Join Date: May 2005 Location: Who knows? Casino cash: $39904	"His name is Robert Paulson."
Posts: 55,795

01-25-2013, 11:34 PM	#56
LiveSteam The Constitutional Choo choo Join Date: Dec 2009 Location: homeof43conferencetitles Casino cash: $26862	Has this been debunked? BREAKING NEWS: SABOTAGE ATTACK? KEY IRANIAN NUCLEAR FACILITY HIT? January 25, 2013 http://endtimeheadlines.wordpress.co...-facility-hit/
Posts: 30,681

01-25-2013, 11:54 PM	#58
LiveSteam The Constitutional Choo choo Join Date: Dec 2009 Location: homeof43conferencetitles Casino cash: $26862	"double secret probation" nuclear plant
Posts: 30,681

01-31-2013, 05:41 PM	#59
BigRedChief Has a particular set of skills Join Date: Dec 2003 Location: On the water Casino cash: $39727 VARSITY	Wall street Journal and the NY Times hacked by the Chinese military after publishing bad pr articles about China. http://www.cbsnews.com/8301-205_162-...hacked-us-too/ __________________ “Be yourself; everyone else is already taken.” /Oscar Wilde
Posts: 59,936

02-01-2013, 10:55 PM	#60
BigRedChief Has a particular set of skills Join Date: Dec 2003 Location: On the water Casino cash: $39727 VARSITY	Twitter hacked. 250K account passwords compromised. China is responsible. http://www.bloomberg.com/news/2013-0...user-data.html __________________ “Be yourself; everyone else is already taken.” /Oscar Wilde
Posts: 59,936

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode