There's also speculation that because the U.S. and Israel are believed to have originated the Stuxnet malware attack on the Iranian facility suspected of helping develop an Iranian nuclear bomb that story was broken by the New York Times this June -- that Iran is now gearing up its own cyber-weapons program to lash out at the U.S.
One of the most disturbing parts about the DDoS attacks on the U.S. banks is that the banks have not yet shown they can defend themselves, Litan says. The attackers themselves simply stopped on their own, she says, probably to try and erase their tracks so as not to get caught. "The banks knew the end points and the servers," she says. "They never nailed the people behind the attacks."
Radware, the Israeli-based firm that makes anti-DDoS gear, has voiced deep doubts that the attacks originated with shadowy Islamic group Al-Qassam but decline to say much more. Mike Smith, senior security evangelist at Akamai, is also doubtful about any Al-Qassam role.
"Before September, Al-Qassam was suicide bombers who shot people," Smith said, and they're aligned with Hamas and the Palestinians. He doubts that Al Qassam suddenly acquired cyberwarfare capabilities. Several of the banks whose websites were under attack are Akamai customers, so Smith has some perspective on how the attacks proceeded. And it's left him thinking these attacks may have been simply a distracting mechanism to throw banks off guard while cyberattackers went after what they really wanted taking over bank employee computers with ZeuS Trojan malware and the like in order to be able to steal bank funds.
The attacks follow a routine pattern each week, says Smith. On Monday, a posting online at Pastebin, said to come from Al-Qassam, announces the targeted financial institution, and on Tuesday, Wednesday and Thursday, the DDoS attacks come roaring.
The DDoS attack, proceeding methodically from website to website of the bank, reaches a stream of 65Gbps traffic. This stream hits each bank server, making it unavailable to customers, for up to about 20 hours. It moves on from website to website of the same bank. Then the pattern repeats itself at another bank, and another. He says no bank has yet found a way to fully mitigate against the attacks, though he notes there are things being done with help from ISPs and others.