By Richard Kaplan.
On 21 September 2012, attacks attributed to Iranian Hackers conducted a “Denial of Service Attack” on the Bank of America Corporation, JP Morgan Chase & Company and Citigroup Inc. In addition to the attack on 21 September, there have been a series of attempted penetrations over the past year, as part of a broad “Cyber Campaign” targeting the United States.
The attacks, which began in late 2011 and escalated this year, have been primarily cyber attacks that have disrupted banking websites and corporate networks by saturating them with massive incoming e-mail traffic that simply overwhelmed these networks. “Denial of Service Attacks” can be accomplished by an individual hacker or group of hackers, as well as “State Sponsored” entities.
On any given day, computer networks that support financial, communications, transportation, defense, energy and all other sectors that support the operation of the national critical infrastructure of the United States, are continually “Scanned and Probed” for vulnerabilities that could be exploited by unauthorized individuals and foreign entities.
In the case of the recent attacks against banking institutions, the impact of the “Denial of Service Attacks” resulted in the institutions websites being taken off-line. This disrupted the ability of banking customers and merchants that depend on these banking websites from conducting transactions.
Although these websites were protected by a “Firewall” that prevents unauthorized individuals from altering information on a website, the “Denial of Service Attacks” did not require penetration of a firewall, but just simply overwhelmed the systems with e-mail traffic. By virtue of the fact that firewall had not been penetrated does not negate the seriousness of these incidents. Customers and merchants were seriously inconvenienced, and the probability exists that these attacks resulted in financial loss for the banking institutions affected during the period there websites were non-operational.
The incident of 21 September illustrates the most common and rudimentary form of Computer Network Attack technique. In the last fifteen years, the U.S. Government has witnessed a number of “State Sponsored” Computer Network Exploitation and Computer Network Attacks where intruders gained access to numerous Government computer systems, including many within the Department of Defense.
Some of the more significant cyber intrusions that have been given special investigative designations include Moonlight Maze, Storm Cloud, Quiet Storm and Titan Rain to name a few. These intrusions have since been attributed to countries including Iran, China, and Russia. What was particularly disconcerting in several of these intrusions, was the ability of the intruder to penetrate a firewall by “hijacking” a legitimate user session, than roaming freely throughout systems with impunity removing U.S. Government Proprietary Information.
During the last fifteen years since the first major series of intrusions into U.S. Government computer systems (Moonlight Maze), firewall technology and other cyber security measures have been greatly enhanced, but so too have the capabilities of hackers, hacker groups, and State Sponsored entities to conduct probes and scans of U.S. cyber networks for Computer Network Exploitation and Computer Network Attack purposes.
The American public may not have been fully informed as to the extent of foreign Computer Network Exploitation and Computer Network Attack’s that have been conducted against the U.S. national critical infrastructure. It can certainly be surmised because of certain incidents, that foreign cyber operations have been initiated against U.S. financial, communications and power systems within the last five years.
The technical sophistication of U.S. adversaries with cyber capabilities is expanding faster than our ability to counter these capabilities. Nevertheless, the continued viability of our critical operational cyber systems demand that we continue to develop effect countermeasures to all adversarial cyber threats.
In defense of the U.S. national critical infrastructure, especially the financial and banking sector, it is possible to “Block Ports” that would prevent hackers and foreign entities from certain foreign countries from conducting offensive cyber operations. The U.S. can also “Block” Internet Service Provider (IP) addresses associated with hackers and hacker groups. However, as a counter to these initiatives, it is possible for adversaries to “Spoof” an IP address, or to use “Jump Sites” to attack computers thereby masking the original location of an attack.
Thankfully, several elements of the U.S. national critical infrastructure, including power and transportation are not connected to the Internet, but are operated by Supervisory Control and Data Acquisition (SCADA) Systems that are protected from external cyber interdiction. It is not publically known about the extent to which the banking and financial sector of the U.S. are protected by SCADA systems.
The Economic Warfare Institute recently delivered a series of presentations on the Economic Warfare Threat to the United States on Capitol Hill where the subject of the “Cyber Threat” to U.S. banking and financial institutions were addressed at length.
The discussion on the cyber threat to banking and financial institutions was presented with such forcefulness, that it negated any contradiction on the part of any the attendees. Having said this, it remains to what extent any U.S. Government mandated regulations will be taken to strengthen the banking and financial infrastructure of the United States from cyber attack.
The following are recommendations from the Economic Warfare Institute that can be implemented to assist in the cyber security of U.S. banking and financial institutions:
Ø Establish SCADA Systems for sensitive banking operations involving currency
Ø Implement U.S. Government Standard Data Encryption for sensitive documents
Ø Institute a comprehensive Cyber Vulnerability Assessment Program
Ø Conduct Penetrating Testing of sensitive banking and financial systems
Ø Upgrade Intrusion Detection Sensors
Ø Maintain a Mix of IDS Sensors to identify different probing & scanning activity
Ø Conduct “Red Teaming” of banking & financial systems connected to the Internet
Ø Work with the U.S. Cert to analyze Probing and Scanning Data
Ø Institute Blocking of suspicious IP addresses
Ø Maintain strictest employee adherence to computer security regulations
Ø Remove CD read and write capability to protect against viruses & financial information theft
The protection of the banking and financial sector of the U.S. national critical infrastructure is an ongoing task that must maintain pace with the dramatic technological advances that hackers, hacking groups, and State Sponsored entities are taking in an attempt to expand their influence in the Cyberspace environment.
