Iranian hackers have repeatedly attacked Bank of America Corp, JPMorgan Chase & Co and Citigroup Inc over the past year as part of a broad cyber campaign targeting the US, according to people familiar with the situation.
The attacks, which began late last year and escalated this year, have primarily been “denial of service” campaigns that disrupted the banks’ Web sites and corporate networks by overwhelming them with incoming Web traffic, the sources resaid.
They said there was evidence suggesting the hackers targeted the three banks in retaliation for their enforcement of Western economic sanctions against Iran. Whether the hackers have been able to inflict more serious damage on computer networks or steal critical data is not yet known.
Iran has beefed up its cybercapabilities after its nuclear program was damaged in 2010 by the Stuxnet virus, widely believed to have been developed by the US. Tehran has publicly advertised its intentions to build a cyberarmy and encouraged private citizens to hack Western countries.
The attacks on the three largest US banks originated in Iran, but it is not clear if they were launched by the state, groups working on behalf of the government, or “patriotic” citizens, according to the sources, who requested anonymity as they were not authorized to discuss the matter.
The hackers also targeted other US companies, the sources said, without giving specifics. They said the attacks shed new light on the potential for Iran to lash out at Western nations’ information networks.
“Most people didn’t take Iran seriously. Now most people are taking them very seriously,” one of the sources said, referring to Iran’s cybercapabilities.
Iranian officials were not available to comment.
Bank of America, JPMorgan Chase and Citigroup declined to comment, as did officials with the Pentagon, US Department of Homeland Security, FBI, National Security Agency and Secret Service.
A US financial services industry group this week warned banks, brokerages and insurers to be on heightened alert for cyber attacks after the Web sites of Bank of America and JPMorgan Chase experienced service disruptions.
US Senator Joseph Lieberman, chairman of the Senate’s Homeland Security and Governmental Affairs Committee, said on Friday that he believed Iran was behind the attacks.
“I think this was done by Iran and the Quds Force, which has its own developing cyber attack capability,” Lieberman said during a taping of C-SPAN’s Newsmakers program.
The Quds Force is a covert arm of Iran’s Revolutionary Guards.
“I believe it was a response to the increasingly strong economic sanctions that the United States and our European allies have put on Iranian financial institutions,” he said.
Tensions between the US and Iran, which date back to the revolution in 1979 that resulted in the current Islamic republic, have escalated in recent years as Washington has led the effort to prevent Tehran from getting a nuclear bomb and imposed tough economic sanctions.
Denial-of-service campaigns are among the oldest types of cyber attacks and do not require highly skilled computer programmers or advanced expertise, compared with sophisticated and destructive weapons like Stuxnet. However, denial-of-service attacks can still be very disruptive: If a bank’s Web site is repeatedly shut down, the attacks can hurt its reputation, affect customer retention and cause revenue losses as customers cannot open accounts or conduct other business.