LOS ANGELES – A shadowy but well-organized hacker group in the Middle East has disrupted the electronic banking operations of America’s largest financial institutions in recent days, underscoring U.S. vulnerability to online terrorism.
A group identifying itself as Izz ad-Din al-Qassam Cyber Fighters attacked the websites of Wells Fargo, U.S. Bancorp and Bank of America. The strikes left customers temporarily unable to access their checking accounts, mortgages and other services.
The banks said account and personal information for their tens of millions of online and mobile customers were not compromised. Still, experts said the size and ferociousness of the attacks highlight the broader threat posed by electronic crime and the susceptibility of financial targets.
Of particular concern, experts said, is that the attackers used the Internet to warn the institutions ahead of time – but the banks still couldn’t repel the assaults.
“The banks put a lot of effort into cyber security. But they’re so desirable as a target, even with all that effort they still have problems,” said James Lewis, an expert at the Center for Strategic and International Studies in Washington. “If you can pull together enough resources, you can overwhelm any defense temporarily.”
The attacks on banks began last week on the largest institutions in the country: JPMorgan Chase, Citigroup and Bank of America. They spread to Wells Fargo on Tuesday and U.S. Bank on Wednesday. Another attack has been threatened against PNC Financial Services on Thursday.
The U.S. government and banks have been working feverishly to learn more about the attackers. A financial executive not authorized to speak publicly described a “war room” where bankers were coordinating efforts with the Department of Homeland Security.
Izz ad-Din al-Qassam is the name of the military wing of Hamas, the political party that governs the Gaza Strip. Experts say the attacks appear to have originated from the Middle East, though it isn’t clear who is behind them or the motivation.
But on Tuesday the group posted a manifesto on the Internet saying attacks would continue until a video insulting the Islamic prophet Muhammad was removed from the Internet. That video, “Innocence of Muslims,” has caused violent clashes in the Middle East, and led to the attack of the U.S. embassy in Libya.
Dmitri Alperovitch, a computer security expert investigating the recent attacks, said they are the latest in a series of cyber assaults by the group. The attacks were not only on financial firms, he said, although he declined to identify other industries. Alperovitch said Izz ad-Din al-Qassam has demonstrated “advanced capabilities.”
He said it was unlikely that the anti-Islamic video alone had triggered the attacks. He said his firm, CrowdStrike Inc., has linked the group to attacks on other targets since January, long before the trailer for the anti-Islamic film was posted on YouTube.
Wells Fargo, based in San Francisco, had intermittent service interruptions all day Tuesday, distressing many of its 21 million online customers.
Similar problems occurred Wednesday at U.S. Bank. The Minneapolis-based bank said it was experiencing unusually high Web traffic and that the coordinated attacks were “very similar” to those at other major banks. “We are working very closely with federal law enforcement,” spokesman Tom Joyce said.
Pittsburgh-based PNC, facing the threatened attack on Thursday, was preparing for the worst. “We’ve seen the posting” on the Internet, PNC spokesman Fred Solomon said. “We’re taking appropriate measures.”
Security consultant Alperovitch said the volume of phony demands on bank sites was two to three times heavier than previous records for denial of service attacks, and 10 to 20 times higher than the average such attack. Still, the onslaught so far has had a “very limited impact,” resulting in only brief shutdowns of websites.
“The attacks, while very, very large and historic in that sense, are not super sophisticated,” he said. Although evidence points to a group “certainly of Middle Eastern origin,” his company could not tell whether a state or private group was behind the attacks.
Some speculation centered on whether Iran might be retaliating for economic sanctions placed on the country because of its nuclear program and enforced by U.S. banks.
“I don’t believe these were just hackers,” Senate Homeland Security Committee Chairman Joe Lieberman, I-Conn., said last week in an interview on C-SPAN’s “Newsmakers” program. “I think this was done by Iran and the Quds Force,” a secretive Iran military unit blamed for terrorist activity.
Lieberman was observing Yom Kippur and could not be reached Wednesday. The FBI and Justice Department declined to comment on the origin of the attacks.
Two bankers, who spoke on condition of anonymity, said their banks were also on the alert for cyber thieves who might use the attacks as a diversion.
(EDITORS: STORY CAN END HERE)
In a Sept. 17 bulletin, the FBI had warned of “a new trend in which cyber criminal actors are using spam and phishing emails … to compromise financial institution networks and obtain employee login information.”
The bulletin said hackers have used denial-of-service attacks as distractions at times when they have logged in to bank systems using credentials of bank executives and then have transferred funds. This happened mainly at small banks and credit unions, but also some big ones, the bulletin said.
Electronic banking is an important new frontier for banks, which say it saves them on transaction costs while making it easy for customers to run their financial lives. So disruptions like these this week can deliver a huge negative jolt.
Dani Walter, 21, a media student at Oregon State University, said she was unable to access U.S. Bank via the Internet from about 8 a.m. until noon Wednesday.
Walter said her money was untouched, but she remained worried about how future attacks could hurt the financial system.
“I was surprised that (so) many banks are that vulnerable to it,” she said. “Honestly, if they can do that, it does make me worry that they could compromise accounts too.”