Did U.S. Cyberattacks On Iran Backfire On American Banks?

This is a guest post by FSClub friend Tom Groenfeldt.

Michael Joseph Gross raises some fascinating, and
disturbing, questions in “Silent War,” in the July issue of Vanity
Fair.

Apparently drawing on extensive contacts in the rarified
world of extremely talented hackers, and finding some corroboration from
government and ex-government types, Gross recounts a consumer attack on ARAMCO
that did a full wipe of the hard drives on 30,000 company PCs.

“For good measure, as a kind of calling card, the hackers
lit up the screen of each machine they wiped with a single image, of an
American flag on fire.” A hacker told Gross the attack wasn’t sophisticated,
but it was effective — it overwrote the memory on each computer five or six
times.

At least U.S. officials think Iran is attacking American interests in
retaliation for the cyberattacks the U.S., Israel and perhaps other Western
countries are waging against Iran’s nuclear program — in particular the Stuxnet
attack. Gross cites David E. Sanger of the New York Times for his reporting on
Stuxnet and his book, “Confront and Conceal,” which has prompted one of the
Obama administration’s FBI probes into leaks.

Gross said that Wes Brown, a skilled hacker, announced
Mosquito, a program that could lodge on a computer, steal information and be
updated or switched out by remote control at a hacker conference a few years
ago. Two years after the hacker conference where he described the concept, a
program called Flame with similar properties began infecting computers in the
Middle East. Another program, called Duqu began collecting information about
the computer systems controlling industrial machinery, mostly in Iran and
Sudan.

Gross details a string of successful attacks against
American allies in the Middle East
and includes speculation on the roles Russia, Iran, and Hezbollah might be
playing in them.

Last September a new round of cyberattacks was launched
against U.S. banks including Bank of America 
followed by a string of firms including JPMorgan Chase,
Citi, Wells Fargo,
U.S. Bancorp, PNC, HSBC and BB&T.
Gross quoted PNC CEO James Roher “We had the longest attack of all banks” and
added “cyber attacks are very real, living things and if we think we are safe
that way, we’re just kidding ourselves.” It was the last time any bank
executive spoke in public about cyber attacks.

The hackers are skillful at moving around defenses that
banks erect, adapting to the shields and continuing their attacks, and so far
they appear to be to show how vulnerable the U.S. is, not to steal money or
information.

One bank has spent $10 million to fix its problems and,
writes Gross, bankers view this as a cost they incur because of the U.S.
government.  Last year, before the attacks began, the hackers who go by
the name Qassam Cyber Fighters, said that the U.S. had driven Iran’s currency
nearly to the point of collapse by telling lies about Iran.

The stakes are high; an AP Twitter hack in April that two
explosions in the White House had injured President Obama knocked $136 billion
off the Dow Jones Industrial Average for several minutes.

As Wes Brown pointed out to Gross, you don’t have to be a
nation state to do this. “You just have to be really smart.”

The U.S. is playing offense at the same time. Gross said
that the government is developing or acquiring bugs or openings in American
products from Apple,
Google and Microsoft so it has access to information on their networks and
programs. President Barack Obama on Friday had to tell Americans that the
National Security Agency (NSA) isn’t listening to all their phone calls or
reading all their emails, although it probably has the ability to use its
metadata to pull up whatever it wants. The Guardian newspaper in the UK and the
Washington Post broke the story of the continued monitoring, which began under
President George W. Bush, on Thursday.

“He was speaking a day after it emerged that the
administration had been secretly collecting the phone records of citizens and
amid reports that it was also tapping into the servers of the country’s biggest
internet and social media companies, allowing emails, audio and video files,
photos and documents to be gathered,” reported
Geoff Dyer and Anna Fifeld in the Financial Times.

German and French officials raised concerns about data
privacy, and the revelations are apt to cause problems in the U.S.-EU trade
agreement talks, since Europeans have much stronger privacy rules than the U.S.

The revelations also came at an inopportune time in two
other aspects. Obama is meeting the new Chinese leader, ZI Jinping and was
expected to raise the issue of China’s vast cyber-espionage program against
American companies and government units. The American may find himself playing
defense.

It also comes at the same time the U.S. military is
prosecuting Bradley Manning for releasing classified information, a charge he
has already pled guilty to.

Edward
Luce, at the Financial Times calls the estimated 854,000 employees and
contractors and $80 billion working in U.S. intelligence the “data intelligence
complex,” distinguishing it from the military industry complex President Dwight
Eisenhower warned about.

This post was
originally published on Forbes.com