Who DDoS’d HSBC: Iran, Anonymous, Russians or false-flag?

The four main contenders are a false-flag western ‘intelligence agency’ operation, east European criminals, Anonymous, and an Iranian hacking group. 

The false-flag idea is that either US and/or Israeli agencies should attack western institutions and blame it on Iran. “Are we in the middle of a cyber false flag attack being launched to justify war against Iran?” asked Washington’s Blog last week. It quotes Michael Rivero’s theory “that Israel will take down the US financial computers, and blame it on Iran. This also gets Wall Street and Washington DC off the hook, because now the financial melt-down is an act of war, rather than the result of decades of Wall Street crime and corruption and the predations of Private Central Banks.”

The second suggestion is that the attacks against western, primarily US, banks are part of the criminal ‘blitzkrieg’ reported by RSA. Criminals, thought to be of east European origin, are recruiting a target of 100 botnets in order to launch massive attacks against American banks. These attacks are financially motivated and will come in three stages. First the botnets will seek to sow financial malware on as many victims’ PCs as possible, then those victims will be defrauded, and finally the banks will be DDoS’d to cover the criminals’ tracks.

This basic plot is perfectly feasible. “The recent DDoS attacks on US banks,” Marty Meyer, CEO at Corero Network Security told Infosecurity, “were allegedly done by actively recruiting participants through social media and message boards to download attack tools from file sharing sites and launch the attack. They were able to do that without the lure of money. I believe if the cyber-gang is now incentivizing participants with a potential share of stolen funds they could easily attract active participation.”

The third option is that the attack originated from Anonymous. The group known as FawkesSecurity has claimed responsibility on its Twitter feed. While HSBC has said that no customer details were exposed, FawkesSecurity claims to have stolen 20,000 credit and debit card details. Three factors argue against this option. Firstly, at the time of writing, the group has provided no proof of the heist. Secondly, “Past attacks on the US banks and other attacks initiated by anonymous or other groups were fairly accurate in first warning of the attacks and then executing on them,” commented Marty Meyer. Although FawkesSecurity has since warned, “Barclays is next,” there was no prior warning of the attack against HSBC. Finally, American Banker this morning writes, “Anonymous has demonstrated it can sow chaos successfully, but the group has yet to show it has the know-how to hack its way past a bank’s defenses.”

The final option, the one that has the most current support, is that the attack comes from an Iranian hacker group in retaliation for western cyber attacks against Iran such as Stuxnet and Flame and the more recent anti-Islam video, 'Innocence of Muslims.' “A group that calls itself Izz ad-Din Al Qassam Group, which has claimed responsibility for recent cyberattacks on at least nine other banks, also took responsibility for the assault on HSBC,” writes American Banker. “The Al Qassam Group has vowed to attack banks in retaliation for an American-made, anti-Islam film.”

But whoever is behind these attacks, and it could have been any one or none of these, the fact remains that they are of an unprecedented force – around 100 Gbps. While such attacks can be defended, explained Meyer, by a layered defense including strong authentication, cloud and on-premise defenses, “very few have gone ahead with all three and therefore many… if not most as of today would not withstand” such attacks.


What’s hot on Infosecurity Magazine?