June 14, 2013

For nearly nine months, hacker groups thought to be based in Iran have been launching large-scale cyberattacks designed to knock U.S. bank Websites offline. But those assaults have subsided over the past few weeks as Iranian hacker groups have begun turning their attention toward domestic targets, launching sophisticated phishing attacks against fellow citizens leading up to today’s presidential election there.

Phishing email targeting Iranians. Source: Google.

Phishing email targeting Iranians. Source: Google.

Since September 2012, nearly 50 U.S. financial institutions have been targeted in over 200 distributed denial of service (DDoS) attacks, according to the U.S. Department of Homeland Security. A Middle Eastern hacking collective known as the Izz ad-Din al-Qassam Cyber Fighters has claimed credit for the assaults, and U.S. intelligence officials have repeatedly blamed the attacks on hacker groups backed by the Iranian government.

But roughly three weeks ago, experts began noticing that the attacks had mysteriously stopped.

“We haven’t seen anything for about three weeks now,” said Bill Nelson, president and CEO of the Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry coalition that disseminates data about cyber threats to member financial institutions. “It’s not clear why [the attacks stopped], but there are a lot of things going on in Iran right now, particularly the presidential elections.”

Meanwhile, data collected by Google suggests that the attackers are focusing their skills and firepower internally, perhaps to gather intelligence about groups and individuals supporting specific candidates running for Iran’s presidential seat. In a blog post published this week, Google said that it is tracking a “significant jump” in the overall volume of phishing activity in and around Iran.

“For almost three weeks, we have detected and disrupted multiple email-based phishing campaigns aimed at compromising the accounts owned by tens of thousands of Iranian users,” wrote Eric Grosse, vice president of security engineering for Google. “The timing and targeting of the campaigns suggest that the attacks are politically motivated in connection with the Iranian presidential election on Friday.”

Grosse said the attacks appear to be the work of the same group that used SSL certificates fraudulently obtained from the now-defunct Dutch certificate authority Diginotar in sophisticated Iranian phishing campaigns that spoofed Gmail and other online services in August 2011.

Jeff Bardin, chief intelligence officer at Treadstone 71, a cyber intelligence and training firm, said he expects the phishing attacks to subside following today’s election in Iran.

“They are ahead of the game this time around as opposed to 2009 when they could not control Web 2.0 and cell phone activities,” Bardin said of the Iranian government. “Since then, they have acquired or nationalized telecoms, established filters, cutoff switches for the Internet and infiltrated Facebook, Twitter, YouTube. Iran has established a high degree of surveillance and control.”

For now, it’s unclear whether the same volume of DDoS attacks against U.S. financial institutions will continue after the Iranian election is over. According to Bardin, the attacks have been increasingly ineffective as more U.S. financial institutions moved to commercial providers of DDoS protection, including companies like Akamai, Arbor Networks, Prolexic (which protects this blog) and Radware.

“We’ll see what happens after the elections, but we’re not holding our breath,” FS-ISAC’s Nelson said. “Maybe this is the end, but they’re probably just gearing up for another round.”

20 thoughts on “Iranian Elections Bring Lull in Bank Attacks

  1. Richard Steven Hack

    This “backing by the Iranian government” thing is pure speculation.

    For that matter, an IP coming out of Iran is almost irrelevant. For all we know, the Mossad has been running all this stuff. It’s not like it would be hard for them to run campaigns out of Iran as “false flag” operations.

    For that matter, does anyone remember Watergate? Does anyone believe the Democrats and Republicans don’t hack each other – or worse – in every election?

    I take all mainstream media news about Iran with a a huge grain of salt because almost all of it is uninformed and intended to be propaganda to justify another Mideast war. Virtually everything you read in the MSM about Iran’s “nuclear weapons program” is completely and deliberately erroneous. I’ve been following that issue for the last six years or more and there is ZERO evidence that Iran has any interest in nuclear weapons. It’s absolutely the exact same crap that Bush’s Iraq WMD nonsense was.

    Given the revelation today in Foreign Policy that the NSA has been hacking China for the last 15 years – the article explicitly says that the Chinese claims about US hacking are in essence completely correct – I take anything the US says about foreign hacking to be propaganda.

    Of course, we all know everyone hacks – and spies – on everyone else. So the entire discussion is political on the face of it.

    1. Jon

      And now they’re finding reasons to invade Syria as well. After they have financed, supported and militarized Al-Kaida there!! And they’ll eventually get away with that, with their massive propaganda machines…!!!! What a world we live in!!!

      1. last screw

        Yeah, thats right. Protect governments who spies on its own people, kills offenders by throwing rocks at them and doing other medieval grade deeds. And even does not feel bad about that.

        Instead blame USA, European Union etc. They are the evil ones. Get a life and open your eyes.

    2. Neej

      It isn’t pure speculation, as the article points out an Iranian based group has claimed credit for some of the attacks.

      Agreed about the Iran nuclear program – although I can understand why paranoia exists around this issue with them having capability to enrich uranium to weapons level and the countries stance on Israel and the US amongst other things.

      1. Neej

        Just reread your comment and saw “government”, sorry my mistake.

        1. Richard Steven Hack

          One minor correction: As yet, Iran does not have a demonstrated capability to enrich uranium to weapons grade. They enrich to a maximum of 20% (for use in the Tehran Research Reactor which produces medical isotopes) while weapons grade requires something north of 90%. They probably could develop that capability, but it wouldn’t be as quick as some people think – certainly not a matter of months or a year.

          They have suggested they might do so in the future for use in nuclear submarines – but that will probably take them a decade or more.

          And much of the 20% low enriched uranium has been converted to fuel plates for use in the TRR, which makes it harder to convert back for additional enrichment for use in a weapon.

    3. saucymugwump

      “there is ZERO evidence that Iran has any interest in nuclear weapons.”

      Except for all of those centrifuges, the ones damaged via Stuxnet. Please explain why a country which has zero interest in nuclear weapons possesses a gaggle of centrifuges.

      “It’s absolutely the exact same crap that Bush’s Iraq WMD nonsense was.”

      Iraq was not known to have centrifuges. The dog-and-pony show at the U.N. was a joke because Powell confused anodized aluminum tubes used for artillery and non-anodized aluminum tubes used for centrifuges. Powell deserves to be put on the same low level as Rumsfeld and Cheney — though in his case it was due to incompetence — because he did not bother to ask whether anodized aluminum was a suitable material for centrifuges. I knew this was a red flag when I heard the speech and I am not in the metallurgy business.

      “I take anything the US says about foreign hacking to be propaganda.”

      You need to remove your anti-USA blinders. Read Der Spiegel and you will learn that Chinese companies have stolen an enormous quantity of IP from German companies.


      1. Neej

        First it should be noted that my knowledge is nothing beyond that of a casual interest nature so I may well be wrong …

        But that said, as I understand it, the same process is used to enrich uranium for use as nuclear fuel as is used to enrich uranium to weapons grade though the concentrations are vastly higher for it to be suitable for use in weapons. However, there is little evidence beyond paranoia, as far as I can tell, that Iran is intent on developing nuclear weapons at this point in time although it does seem to have actively done so in the past.

        The media generally (I hesitate to use the term “mainstream media” as that term is loaded for various reasons) is intent on reporting what Western governments *say* and don’t seem interested in providing analysis on what is actually *happening*. I’m not alleging deliberate conspiracy or anything like this, it boils down to not being much of a story if it’s reported that one power says this but “this” doesn’t appear to be happening and most people, including myself, will read entertaining over accurate.

        Entertaining in this case being that a country (USA) that my country (AU is allied to “believes” that another country is developing nuclear weapons in the vicinity of our interests (Israel, Iraq, shipping routes etc).


        1. Richard Steven Hack

          You’re correct. Iran’s use of nuclear technology is strictly for peaceful use. It has long been admitted even by the West that Iran needs nuclear energy to offset the energy needs of their expanding population and economy, otherwise they’ll be using all their oil for internal needs rather than selling it to finance their infrastructure in a couple decades.

          The only time they had a nuclear weapons “program” – and “program” is stretching it as according to the Defense Intelligence Agency input to the Iran National Intelligence Estimate in 2007, it was mostly “paper studies” – was when they were afraid Saddam in Iraq had one. The instant Saddam was overthrown and Iran achieved influence in the new Shia-led Iraqi government in 2003, they stopped their program.

          Subsequently Ayatollah Khamenei declared nuclear weapons to be “un-Islamic” and forbidden to Muslims.

          More importantly, Iran’s officials have repeatedly acknowledged that they understand that Iran has no “use case” for nuclear weapons, as they have no immediate nuclear enemies in their neighborhood (Pakistan, their only nuclear armed neighbor, is not a direct threat) and they cannot begin to compete with Israel in terms of a nuclear arsenal and delivery systems, let alone the US.

          Iran’s military doctrine is strictly defensive and they have little or no ability to project military power outside their borders aside from a few hundred ballistic missiles which can reach outside their borders. Those missiles are Iran’s preferred technology over nuclear weapons and so far they have been restricted to ranges covering their only immediate enemy in the region – Israel. There is little evidence that they seek to expand those ranges to threaten Europe or anyone else, let alone the US.

          People wishing to understand the situation should follow the goingtotehran.com site, as well as campaigniran.org, Asia Times (atimes.com) and Antiwar.com. On those sites you’ll find articles debunking pretty much everything you read on Iran in the MSM.

          1. saucymugwump

            Hack opined that “Ayatollah Khamenei declared nuclear weapons to be ‘un-Islamic’ and forbidden to Muslims”

            Ayatollah Ali Khamenei also said that “promoting and teaching [music] is not compatible with the highest values of the sacred regime of the Islamic Republic.”

            Islam has the philosophy of Taqiyya which allows Muslims to lie to infidels in order to protect Islam.

            The first Ayatollah Khomeini called marriage to a prepubescent girl “a divine blessing,” having married a ten-year-old girl in his late 20s. He advised Muslim men to “Do your best to ensure that your daughters do not see their first blood in your house.”

            In other words, the Ayatollahs are all religious nuts and not people we should take seriously.

            Hack opined that we “should follow the goingtotehran.com site, as well as campaigniran.org, Asia Times (atimes.com) and Antiwar.com.”

            You choose to believe four totally obscure websites of questionable merit — Asia Times’ comments on North Korea are often laughable — yet you denigrate Der Spiegel, BBC News, Radio Free Asia, Radio Free Europe, and other highly respected publications as “the MSM.”

            I am sure that Neda Agha-Soltan, the young woman who was assassinated by Iranian militia, with her death shown around the world on YouTube, would consider you to be a dangerously naive fool in the mold of Neville Chamberlain.

          2. aja

            Yes, I am sure that they are building 30+ nuclear facilities in deep underground bunkers just to generate electricity.

            You probably also believe that there is a reasonable explanation for their refusal to ship to Russia spent uranium fuel rods and byproduct plutonium.

            I also imagine that in your mind it makes perfect sense that a government that’s working in advanced intercontinental ballistic missiles with north korea, that has worked towards developing nuclear weapons (evidence found by the IAEA and the UN besides all the evidence found by the US, Europe and Israel) is a peaceful government.

            You probably think that the fact that they sponsor murderous terrorist organizations like Hezbollah which hide behind woman and children in schools and hospital makes them very moral, peaceful and reasonable people.

            The icing in the cake was your comment that they enriched uranium to 20% (instead of 5% which is what’s needed for electricity generation) for their “medical” research reactor…seariously? I must have missed all the headlines about Iranian cancer treatment and x-ray imaging technology that iran must have developed and exported in order to require tons of enriched uranium.

            So one of two things are happening here. Either you work for the iranian government or your are one of the most naive and stupid characters that I have ever encountered. Either way, because of people like you we are about to turn nuclear the most dangerous and unstable region on the planet because opposite to what you suggested neither the G20 countries have the will to impose and enforce sanctions nor I see Obama attacking Iran (hopefully Israel will if it becomes necessary). I really hope that you work for the Iranian government because otherwise you are a complete idiot.

  2. SPy

    9/11 was an Inside job . Nano thermite was used to pull building down .Molted metal was seen weeks after initial collapse . Kerosine can not do that to the metal but thermite can ?

    Us government are just a bunch of criminals and they are Full of it 2gether with mossad .

    This story is B>S

    1. richard head

      Hey Look, it’s Mahmoud Ahmadinejad posting as SPy.

  3. Susan Vento

    Hi there,
    I just have a quick question about your blog! Please email me when you get a chance.

  4. Mohamad Hallal

    I heard that there was no internet in Iran before and during the elections 😉

  5. Peter T

    After the stuxnet attacks, the Iranian government was planning to completely cut of their country from the rest After the stuxnet attacks, the Iranian government was planning to completely cut of their country from the rest of the Internet. While it didn’t happen yet, they have very strict control and traffic monitoring in place therefore any large scale attack coming out of Iran must be known and tolerated (that is passively supported) by their government. So yes, we can call it government backed attacks, and reassigning them to fight a “cyber civil war” wasn’t really surprising, given the nature of their internal power struggles.of the Internet. While it didn’t happen yet, they have very strict control and traffic monitoring in place therefore any large scale attack coming out of Iran must be known and tolerated (that is passively supported) by their government. So yes, we can call it government backed attacks, and reassignign “cyber civil war” – althoug

Comments are closed.