Wells Fargo Among Latest Banks to Suffer Possible Cyberattack
The website of Wells Fargo bank is the latest victim of what may be a sophisticated campaign of distributed denial-of-service (DDoS) attacks that affected JPMorgan Chase and Bank of America last week.
In all three cases, each bank received hundreds of complaints from users who could not access their sites. Although Chase and Bank of America stopped short of declaring that they'd been victims of an attack, security experts and at least one politician made the assertion for them.
Last week, a group calling itself the "Cyberfighters of Izz ad-din al-Qassam" took credit for the Bank of America and Chase connection issues and said the sites were attacked as retaliation for the "Innocence of Muslims" YouTube video that offensively depicts the Islamic prophet Muhammed.
"We will not tolerate insulting exalted character of the prophet of mercy and kindness. Due to the insult, we planned and accomplished a series of cyber operations against the insulting country's credit and financial centers," the group wrote on Pastebin, a favorite dumping ground for press releases and sensitive data for hackers of all stripes.
The groups said it would attack a different bank every day for eight hours until "Innocence of Muslims" was "erased" from the Internet.
News reports quoted a third Pastebin posting that named Wells Fargo, U.S. Bank and PNC Bank as targets, but unlike the earlier postings, the new posting appears to have been removed.
Unidentified national-security specialists told NBC News last week that the Pastebin postings were bogus claims meant to divert attention from the real perpetrator: the government of Iran. The experts said the attacks were so huge in force and duration that they would likely require the backing of a nation-state.
Dmitri Alperovitch, chief executive officer of security company CrowdStrike, said the "attack" on Wells Fargo was larger than most he's seen.
U.S. Sen. Joseph Lieberman (I-Conn.) said he believes the disruptions were DDoS attacks carried out by Iran's Revolutionary Guard Corps. That conjecture prompted a strong rebuttal from the Islamic Republic, which characterized the remarks as an attempt to "demonize" the country.
Other theories for the bank website outages have been raised. CSO magazine examined other possibilities, such as the outages being unconnected problems that are linked only by the heightened awareness of bank site outages. After all, this month's GoDaddy "attack" turned out to be a problem involving router tables.
Alternately, top-level cybercriminals are orchestrating attacks in order to distract the banks' security teams while money is stolen from accounts. The FBI issued an alert warning of such possibilities nearly a year ago.
If the attacks are indeed sponsored by the Iranian government, it may be in retaliation for a malware attacks carried out by the United States and Israel. In June, the U.S. admitted that it had played a role in infecting an Iranian uranium enrichment facility's computer system with the Stuxnet worm. The attack severely crippled Iran's nuclear aspirations, at least for the time being.
Other sophisticated, seemingly state-sponsored forms of malware have since been found infecting Iranian computers, including the Flame super-spyware, which appears to date back to 2007.
Follow Ben on Twitter @benkwx.