U.S. banks have been buffeted by more than a week of powerful cyberattacks, but the mystery surrounding their perpetrators lingers.
One expert said Friday that he was suspicious of claims of responsibility purportedly made by Islamists angry at an anti-Muslim movie, explaining that the widely circulated Internet posts might have been an attempt to deflect attention from the true culprit.
“In the intelligence world, we call that a false flag,” said Mike Smith, whose Web security company Akamai has analyzed some of the attacks.
At least six banks – including Bank of America, JPMorgan Chase, and Citigroup – have witnessed traffic surges and disruptions. Not all have confirmed they were the victims of an online onslaught, but such surges are a hallmark of denial-of-service attacks, which work by drowning sites with streams of junk data.
Such attacks are fairly common and generally don’t compromise sensitive data or do lasting damage. Still, they can be a huge headache for companies.
Most say the recent spate of attacks has been unusually powerful. PNC, which was hit Thursday, has never seen such a strong surge in traffic, spokesman Fred Solomon said. Smith estimated the flow of data at 60 to 65 gigabits per second.
Smith said the profile and power of the attack made it an unlikely fit for the religious youth that the Internet postings called on to join in the anti-U.S. campaign.
U.S. Sen. Joe Lieberman, without offering proof, said he believed the assaults were carried out by Iran.
Smith demurred when asked who could be behind the campaign, though he said there were “only a handful of groups out there that have the technical ability or incentive” to carry it out.
The attacks appeared to be easing. Solomon said while traffic remained heavy Friday the flow was gradually returning to normal.
Doug Johnson, with the American Bankers Association, echoed that assessment.
“I believe it’s tapering off,” he said.