A group calling itself the "Izz ad-Din al-Qassam Cyber Fighters" has taken responsibility for the recent wave of attacks against the U.S. financial websites that started in December. The same group claimed responsibility for similar attacks launched against the same financial institutions in September.
The group claims that its DDoS campaign is in response to a film trailer mocking the prophet Muhammad not being removed from YouTube. However, some U.S. government officials and security experts are convinced that the attacks are actually the work of the Iranian government, The New York Times reported Tuesday.
The possibility of Iran being behind the attacks has been advanced before. In September, former U.S. Senator Joe Lieberman, an Independent from Connecticut, who was chairman of the Senate Committee on Homeland Security and Governmental Affairs at the time, blamed the Iranian government for the attacks against U.S. banks and said that they were probably launched in retaliation for the economic sanctions imposed on Iran.
The Iranian government officially denied its involvement and the U.S. government has not yet released any evidence that supports this claim.
That said, the sophistication of the tools used in the attacks, as well as their unprecedented scope and effectiveness, have been advanced as arguments that this DDoS attack campaign might be state sponsored.
The attacks against the U.S. financial industry from the past few months are unique in scale, organization, innovation and scope, Carl Herberger, vice president of security solutions at Israel-based network security vendor Radware, said Wednesday via email.
The company cannot comment on the origin of the attacks, because it only focuses its resources on attack detection and mitigation, Herberger said. However, in Radware's view, the DDoS attack campaign against U.S. banks has represented the longest persistent cyberattack on a single industrial sector in history, he said.
If someone in the U.S. government is indicating that the Iranians are doing it, like Lieberman did a few months ago, they're probably spot on, Scott Hammack, the CEO of DDoS mitigation vendor Prolexic, said Wednesday.
These attackers are not using the traditional "pull" command and control technology where the botnet clients periodically connect to a server to check if new instructions are available. Instead, they are using a "push" technology to send instructions in a matter of seconds to hundreds of compromised servers, Hammack said.