Here's How The US Invited Iranian Hackers To Attack America's Banks

United State Cyber Command security attacksU.S. Cyber Command

Photo: U.S. Air Force/Technical Sgt. Cecilio Ricardo

In a world where you can watch cyberattacks happen in real-time, it’s no wonder that nation-states are doing little to hide the cyber arms race and low-grade cyberwar that’s taking place.However, what’s surprising is that the country leading the charge — the U.S. — may also be the one with the most to lose.

“There is a world of bytes and a world of atoms, and increasingly the world of bytes is driving the world of atoms,” Dr. Jarno Limnell, director of cyber security at Stonesoft, told us. “This is a whole new capability for these state-actors — previously there was no way to touch the U.S.”

Siobhan Gorman of WSJ reports that a government-backed group of Iranian hackers called the Qassam Cyber Fighters have sustained an assault on U.S. banks for five weeks—even after announcing its plans to attack in advance.

The Iranian hackers are using a new cyberweapon called “itsoknoproblembro” that has disrupted the websites of America’s largest banks. U.S. officials claim the attacks are in response to the crippling sanctions being imposed on Iran, but it could be as simple as the fact that the U.S. attacked them first.

In June one of Barack Obama’s aides told The New York Times that the president “repeatedly expressed concerns that any American acknowledgment that it was using cyberweapons … could enable other countries, terrorists or hackers to justify their own attacks.”

Limnell said the arms race flood gates were opened when the Obama administration took credit for the Stuxnet virus that sabotaged Iranian nuclear centrifuges. And although they were mum on the next big virus, Flame, security experts have linked Flame to Israel and the National Security Agency (NSA).

Limnell said the cyberwarfare could reach a point in which America’s traditionally overwhelming military force could be rendered obsolete by a keyboard. 

“Almost all weapons systems today run on some kind of software,” Limnell said. “Missiles are very useful if you can launch them, if you can’t launch them, they are useless. Lose power in the bits world, and you lose power in the physical world.”

Currently more than 140 countries are actively developing cyber-espionage and warfare capabilities, according to Critical Defence vice president Jeffrey Bernstein, and they aren’t going to be shy about using them.

Capabilities vary. China, which began its Information Warfare (IW) plan in 1995, has been stealing America’s business secrets for more than a decade. Russia recently stated that it’s “not making a secret of their plans to gain offensive [cyber] technologies.”

The U.S. isn’t in the best position to invite cyberwar. As RedSeal Chief Technology Officer Dr. Mike Lloyd told us when he described how easy it would be to attack the physical U.S. infrastructure: “People in glass houses shouldn’t throw stones. [And] unfortunately, it’s not just that—very simple stones can break our glass windows. We have very thin defenses.”

“People in glass houses shouldn’t throw stones. [And] unfortunately, it’s not just that—very simple stones can break our glass windows.We have very thin defenses.”

The big question is whether a cyberattack can trigger a “real world” attack.

Last year the Pentagon concluded that cyberattacks would justify a traditional military response.

And in August BBC reported on a leaked Israeli memo that spelled out  the hybrid use of cyber and military warfare in a proposed assault on Iran.

“This is the most troubling aspect of developing these weapons,” said Limnell. “What is the action of the president if an attack happens, does it immediately become kinetic?”

Limnell said the difference between traditional warfare and cyberwarfare is that often cyberwarfare includes, indeed even prioritizes, civilian targets. And like the situation with the nuclear weapons in the 50s and 60s, there are no international rules for how we can use these weapons.

Cyberwarfare is like Wild West right now, there’s a huge lack of norms and rules,” Limnell said. “We will experience some type of major problem before we learn how to use weapons in the cyber domain.”

Writers note: According to the Honeynet Project, from 09:00 to 13:51 its “honeypots” detected:

– 15,193 recognised hacker attempts in Russia

– 6,211 in Brazil

– 4,496 in Romania

– 2,931 in Poland

– 1,860 in the U.S.

– 1,492 in Argentina

– 515 in India

– 109 in Iran

SEE ALSO: CYBERSECURITY EXPERT: The US Is Vulnerable To Viruses Much Simpler Than Those It Used Against Iran >

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.