Wall Street Journal: Iranian hackers renewed a campaign of cyberattacks against U.S. banks this week, targeting Capital One Financial Corp and BB&T Corp and openly defying U.S. warnings to halt, U.S. officials and others involved in the investigation into the attacks said. The Wall Street Journal
Officials Blame Tehran for Sophisticated Disruptions of Capital One and BB&T Websites; More Strikes Planned Thursday
By SIOBHAN GORMAN
WASHINGTON—Iranian hackers renewed a campaign of cyberattacks against U.S. banks this week, targeting Capital One Financial Corp and BB&T Corp and openly defying U.S. warnings to halt, U.S. officials and others involved in the investigation into the attacks said.
The attacks, which disrupted the banks’ websites, showed the ability of the Iranian group to sustain its cyberassault on the nation’s largest banks for a fifth week, even as it announced its plans to attack in advance.
U.S. officials said the attacks against banks, and others against Middle Eastern energy companies, were sponsored by the Iranian government and approved at high levels as part of a low-grade cyberwar that officials warned could lead to retaliation.
Unclear is at what point attacks on individual banks constitute an assault on the overall financial system that would call for a forceful response from the U.S. military, which has formed a “Cyber Command” to help defend government computers and critical civilian networks.
“It is a fair question,” said a senior U.S. official. “I am not sure I have the answer to it.”
Iranian officials didn’t respond to requests to comment.
BB&T worked Wednesday to restore the bank’s website, and Capital One was adding new security to its website, which was attacked on Tuesday, the banks said. BB&T operates the 11th biggest U.S. bank, and Capital One runs the 13th largest, according to a Federal Reserve ranking by consolidated assets.
In previous weeks, the group had stated which banks it would target, but its announcement posted on the Internet this week didn’t say which banks it planned to attack. The hacker group, which calls itself Qassam Cyber Fighters, said it planned further attacks Thursday.
The announcement, posted Tuesday, took a swipe at Defense Secretary Leon Panetta, who last week issued a veiled warning to Iran to stop its cyberattacks and announced that the Pentagon spends $3 billion a year on cyber defenses.
The Qassam Cyber Fighters says it is retaliating for the anti-Islamic video made in America that has caused protests in Muslim countries. U.S. officials, however, say the hackers claim privately to be attacking U.S. financial institutions and energy companies in the Persian Gulf in response to crippling sanctions that have cut oil production in half and sent the Iranian currency tumbling.
“We have a suggestion for Mr. Panetta,” the group wrote in garbled English in their announcement on the Internet. It said that instead of “spending several billions that won’t be good for you, tell your henchmen on YouTube” to remove the anti-Islamic video.
The hacking group’s statement Tuesday also said it believed that U.S. banks were “howling under pressure from the attacks.”
“They clearly specialize in computers and not Shakespearean prose—in English or Persian,” said a senior defense official, after reading the announcement. “We take all cyberthreats seriously and believe that we need to do all we can as a country to defend ourselves against them.”
The Iranian attacks started at the beginning of this year when a few U.S. banks were pounded with unusually potent so-called denial-of-service attacks, which bombard websites to try to knock them off-line.
Iranian hackers turned this summer to some oil-and-gas companies in the Middle East, where they also destroyed company data, U.S. officials said.
Last month, they renewed their cyberassaults on the U.S. financial sector, announcing plans to target specific banks on specific days.
These latest attacks, which investigators say are at least 10 times as potent as the types of denial-of-service attacks hackers have mounted in the past, have disrupted service at even the largest U.S. banks. The highly sophisticated computer attack is using a new cyberweapon called “itsoknoproblembro,” according to the computer-security firm Prolexic Technologies.
The group has now attacked at least nine different U.S. banks, in some cases knocking websites offline and slowing the performance of others.
Banks were on edge early this week in anticipation of another cyber onslaught, according to people familiar with the investigation into the Iranian hacking campaign.
Tuesday’s attack on Capital One blocked access to the bank’s website for a number of hours.
“We experienced some disruption yesterday,” said Capital One spokeswoman Tatiana Stead. “There was minimal impact to the vast majority of our customers. All of our systems are fully operational.”
She added that after “the recent events,” the bank has “taken a number of precautions which may inadvertently cause some challenges for a small number of customers visiting our website.”
A small group of Capital One customers were also unable to access the bank’s website on Wednesday as it took additional security measures to block future cyberattacks, a Capital One official said, noting that customers could still access their accounts over the phone, on mobile devices, or in person at a bank branch.
At BB&T, spokeswoman Cynthia Williams said Wednesday that the bank was experiencing “intermittent outages” on its website “due to a denial-of-service’ event.”
She emphasized that these attacks don’t target an individual accounts or the bank’s internal computer systems. Instead they cause website disruptions that delay customers’ abilities to access their accounts.
—Julian E. Barnes contributed to this article.