US banks prepare for Iranian cyberattacks as retaliation for sanctions

As the United States ...

Posted: Nov 10, 2018 1:29 PM
Updated: Nov 10, 2018 1:29 PM

As the United States reinstated economic sanctions on Iran on Monday, American banks were gearing up for retaliatory Iranian cyberattacks.

Bank executives believe Iranian hackers could attempt to disrupt financial services, perhaps as they did between 2011 and 2013 -- with denial-of-service attacks that interrupted bank websites and other internet financial services.

Banking institutions

Banking, finance and investments

Business, economy and trade

Consumer banking

Continents and regions

Crime, law enforcement and corrections

Criminal offenses

Cyber attacks

Digital crime

Digital security

Embargoes and sanctions

Government and public administration

Government bodies and offices

International relations

International relations and national security

Iran

Iran nuclear development

Middle East

Middle East and North Africa

North America

Politics

Technology

The Americas

United States

Unrest, conflicts and war

US federal government

White House

Cyberterrorism

National security

Terrorism

Terrorism and counter-terrorism

Last week, CNN got rare access to a major American bank's highly guarded cybersecurity defense center in New York, where monitor screens listed "Iranian hackers" as the top "trending threat" at the moment. (North Korea ranked closely behind.) The bank's top cybersecurity executive said his team is bracing for a reprisal, because Iran "might lash out" as a result of the reimposed sanctions.

The bank requested not to be identified, citing a concern that Iran would single it out and direct hackers to attack the institution. The industry as a whole is already on guard, the bank said.

United States Cyber Command, the hacking force within the Department of Defense, said it is working along with other government efforts to counter "malicious cyber activity."

"Iran, while more limited (than some other countries) in the sophistication of their cyber capabilities, (has) demonstrated a greater willingness to conduct destructive cyberattacks that are well beyond the norms of state behavior in peacetime," Lt. Col. Audricia Harris told CNN in an email.

Companies in the private sector may experience attacks first. Two former federal government officials and several cybersecurity experts confirmed to CNN that major American banks are concerned about Iranian retaliation, though the banks themselves declined to comment.

This week, the Trump administration reimposed all the economic penalties that the Obama administration lifted as part of the 2015 Iranian nuclear deal. The reinstated sanctions added almost 700 targets to the US sanctions list, including 50 Iranian financial institutions, making it harder for these targets to engage in business worldwide. The Iranian government has made public statements about its intention to defy US sanctions.

An industry of private security contractors has grown up to protect major banks and other companies from hackers. They have recently warned their clients to heighten their defenses.

"Banks are taking a hard look at Iranian threat actors right now. We've advised all of our clients in the critical infrastructure space to consider the historic hostile actions of Iranian actors given this new development," said John Hultquist, director of research at FireEye, a cybersecurity firm that provides services to major banks.

The banking industry's privately run group that coordinates defenses against cyberattacks -- the Financial Services Information Sharing and Analysis Center -- told CNN it has not seen Iran prepare to attack yet.

"There's no evidence I've seen that the threat is imminent," FS-ISAC CEO Bill Nelson told CNN on Wednesday. "But we were able to effectively defend and respond in 2012. We're certainly better off than we were then."

According to public accusations made two years ago by the Department of Justice, Iran launched massive cyberattacks against the US banking sector from 2011 until 2013. Iranian hackers flooded American financial institutions with garbage computer traffic, jamming the banks' internet services. The attacks started in December 2011 then ramped up in September 2012, when it significantly disrupted customer access to the websites of Bank of America, JPMorgan Chase, Wells Fargo, US Bank and PNC Bank.

At the time, the cyberattack was the largest ever. The cybersecurity firm CrowdStrike called it "unprecedented." The Obama administration's DOJ later indicted seven Iranians who allegedly conducted the cyberattack while working at two companies "on behalf" of the Islamic Revolutionary Guard Corps.

Joshua Motta saw those attacks firsthand while he worked at Cloudflare, an internet service that protects websites from these kinds of aggressive floods of traffic. At the time, he said, "the industry was unprepared." He's now CEO of the cyberinsurance company Coalition, which provides coverage for small businesses like credit unions and regional banks. Motta said they should be preparing for Iran's vengeance.

"This is on everyone's radar. It is almost with 100% certainty the hacking campaign will resume after sanctions," Motta told CNN this week. "And I don't think it's going to be limited to banks." Energy infrastructure, for example, could also come under threat, as it did from Russia earlier this year, according to the Department of Homeland Security.

If Iran does attack the United States, corporations will be faced with hackers whose skills have grown since 2012, according to CrowdStrike.

"They've gotten better in the last six years at intrusion activity. The experience they've gained -- launching wave after wave of destructive attacks against Saudi Arabia -- has helped them increase their capabilities. They are much more formidable," said Dmitri Alperovitch, CrowdStrike's co-founder and chief technology officer.

Since the 2011-2013 Iranian cyberattacks, the US military has taken a more aggressive position against such threats -- one that could result in an immediate counterstrike against Iran.

As CNN reported in September, the US military has been given more authority to launch preventative cyberattacks. A classified Obama administration directive that forced American government hackers to seek the president's approval before launching retaliatory cyberstrikes deemed to have "significant consequences" was replaced by the Trump administration's National Security Presidential Memorandum 13, or NSPM 13.

President Trump's directive, which came into effect September 20, "effectively reversed those restraints" put into place by the previous President, White House national security adviser John Bolton told reporters at the time. "Our hands are not tied as they were in the Obama administration," he said.

"It is now the policy of the United States to shoot back to deter (an) adversary's cyber operations. If we could get into their network, we could destroy their computers. We could take down the Islamic Revolutionary Guard Corps network affecting the banks," said Jason Healey, a senior research scholar at Columbia University's School for International and Public Affairs who is working on a paper about the more aggressive policy and its potential consequences.

This more aggressive cyberwarfare policy carries a risk of escalating tensions, Healey and other experts said. But Healey acknowledged the tensions with Iran are there already.

US Cyber Command, the military's hackers, "want to get in there and grapple, get close and throw elbows, make the adversaries fight for their computer infrastructure," Healey said.

Terre Haute
Cloudy
49° wxIcon
Hi: 61° Lo: 36°
Feels Like: 45°
Robinson
Cloudy
50° wxIcon
Hi: 60° Lo: 38°
Feels Like: 45°
Indianapolis
Cloudy
47° wxIcon
Hi: 59° Lo: 36°
Feels Like: 44°
Rockville
Cloudy
47° wxIcon
Hi: 60° Lo: 34°
Feels Like: 42°
Casey
Cloudy
49° wxIcon
Hi: 58° Lo: 38°
Feels Like: 45°
Brazil
Cloudy
49° wxIcon
Hi: 61° Lo: 35°
Feels Like: 45°
Marshall
Cloudy
49° wxIcon
Hi: 59° Lo: 35°
Feels Like: 45°
Showers and possible storms this evening.
WTHI Planner
WTHI Temps
WTHI Radar

Latest Video

Image

Linton Moves into First Place in the SWIAC

Image

Rose Ends Their Regular Season with a Double Header Sweep

Image

Linton Takes Down Shakamak on the Diamond

Image

Loyalty day parade is back

Image

Community service project

Image

Bowling tournament continues

Image

ISU graduation

Image

ISU commencement ceremony

Image

Saturday Evening Forecast Update

Image

Saturday Morning Forecast Update

WTHI Events

 

Illinois Coronavirus Cases

(Widget updates once daily at 7 p.m. CT)

Cases: 1351395

Reported Deaths: 24524
CountyCasesDeaths
Cook54101710035
DuPage898211274
Will74840987
Lake66683981
Kane57921769
Winnebago32808470
Madison30352518
McHenry28331285
St. Clair27722512
Peoria22888300
Champaign20475144
Sangamon18572234
McLean17969178
Tazewell16803280
Rock Island14816307
Kankakee14040208
Kendall1289491
LaSalle12405241
Macon10651197
DeKalb9786119
Vermilion9481131
Adams8391122
Williamson7383129
Whiteside7119170
Boone664472
Ogle605581
Grundy583774
Clinton574890
Coles566194
Knox5509140
Jackson499464
Henry491263
Livingston478684
Effingham471572
Stephenson471081
Woodford470175
Macoupin467181
Marion4456115
Franklin442774
Monroe435093
Jefferson4259120
Lee412852
Randolph412684
Fulton387954
Morgan385781
Logan383757
Montgomery370373
Bureau368482
Christian363673
Fayette316455
Perry315260
Iroquois298566
McDonough280746
Jersey268749
Douglas257935
Saline256153
Lawrence240225
Shelby228637
Union224840
Crawford211426
Bond202924
Cass198224
Jo Daviess180324
Warren178946
Pike178652
Clark178433
Ford177246
Wayne176452
Hancock174831
Carroll174236
Richland174040
White169026
Edgar168539
Washington163625
Moultrie160126
Mason149345
De Witt148624
Clay147943
Piatt147614
Mercer145133
Greene143233
Johnson142314
Wabash134612
Massac133340
Cumberland128919
Menard122212
Jasper114918
Marshall104818
Hamilton83115
Schuyler7405
Brown7026
Pulaski6837
Stark63423
Edwards56812
Henderson52514
Calhoun5162
Putnam4793
Scott4781
Alexander46611
Gallatin4584
Hardin38412
Pope3154
Out of IL00
Unassigned02353

Indiana Coronavirus Cases

(Widget updates once daily at 8 p.m. ET)

Cases: 727764

Reported Deaths: 13397
CountyCasesDeaths
Marion995211738
Lake53461965
Allen40457675
St. Joseph35506550
Hamilton35489408
Elkhart28433441
Tippecanoe22359218
Vanderburgh22284396
Porter18668307
Johnson17905377
Hendricks17180315
Clark12930191
Madison12592339
Vigo12431246
Monroe11858170
LaPorte11821210
Delaware10648185
Howard9865216
Kosciusko9378117
Hancock8251140
Bartholomew8052155
Warrick7771155
Floyd7649177
Grant7027174
Wayne7026199
Boone6679101
Morgan6555139
Dubois6150117
Marshall6005111
Dearborn579277
Cass5788105
Henry5688103
Noble558883
Jackson500872
Shelby490296
Lawrence4505120
Harrison434772
Gibson434692
Clinton427053
DeKalb426484
Montgomery423588
Whitley394739
Huntington389080
Steuben383857
Miami380666
Knox371890
Jasper363847
Putnam358860
Wabash353379
Adams340654
Ripley339170
Jefferson328881
White313254
Daviess295899
Wells291081
Decatur284292
Fayette279262
Greene277385
Posey271033
Scott265453
LaGrange265370
Clay259146
Washington240032
Randolph239781
Spencer232031
Jennings229549
Starke215453
Fountain212046
Sullivan211142
Owen198156
Fulton194740
Jay192530
Carroll188320
Orange182654
Perry182637
Rush172925
Vermillion168543
Franklin167735
Tipton162445
Parke145916
Blackford134632
Pike133234
Pulaski116445
Newton107234
Brown101641
Crawford99314
Benton98414
Martin88315
Warren81715
Switzerland7848
Union70810
Ohio56411
Unassigned0414