Pentagon Sees U.S. Banks as Targets of Syrian Cyberattacks
Syria — which is bordered by Iraq on the east, Turkey on the north, and touches Israel on the southwest — has been engaged in a brutal civil war for more than two years. The uprising against President Bashar al-Assad’s government has taken center stage as one of the most disruptive and violent ongoing conflicts. In June, the United Nations estimated that the fighting claimed around 100,000 victims.
And now, with the threat of foreign military action looming, the footprint of the fighting is expected to expand. Within the nation itself, the Syrian government has promised that its defense against foreign military action would “surprise” the world — something many fear means the use of more chemical weapons.
While President Barack Obama said Wednesday in an interview with “PBS NewsHour” that he had not decided what action the United States would take regarding Syria, he did say that his administration had concluded that Assad used chemical weapons in an attack against civilians last week near Damascus. It was his strongest statement regarding the conflict to date. Meanwhile, the U.S. government is preparing countermeasures to guard against the fallout any U.S. involvement would bring.
The Pentagon has started formulating plans in case hackers connected to Syria or ally Iran launch computer attacks in retaliation against any U.S. military strike against the Assad government, a person familiar with the planning told Bloomberg. The National Security Agency has already tapped into hackers’ computers in the Middle East to gauge their ability to harm power grids, financial systems, and other critical infrastructure, another Bloomberg source added.
The Department of Homeland Security “is closely following the situation,” DHS spokesman Peter Boogaard told the publication regarding the evolving cyberthreats.
Computer hackers aligned with Assad’s government have already shown their cyberattacks can wreak havoc in the United States. The collection of hackers — known as the Syrian Electronic Army — launched an attack on The New York Times’s website, and, more concerning for U.S. security, it hacked The Associated Press’s Twitter account in April, falsely reporting an explosion near the White House, which caused Standard & Poor’s 500 Index to fall so dramatically that $136 billion in market value was temporarily wiped out.
“Welcome to the new world,” Michael Chertoff, former secretary of the Department of Homeland Security, told Bloomberg in an interview. “The line between national security and private security is eroding. It is a reasonable concern to be prepared for the possibility of some kind of retaliation — asymmetric retaliation — if we take action in Syria.”
Chertoff believes that hackers will focus on “nuisance” attacks on media companies, financial institutions, and other important websites rather than launch the cyber equivalent of 9/11.
Even though U.S. intelligence reports have termed the capability of the Syrian hackers as limited, James Lewis, a fellow in cybersecurity at the Center for Strategic and International Studies, told Bloomberg that those hackers have been examining companies critical to U.S. infrastructure in recent months to find vulnerabilities that can be exploited when needed.
And it’s not only the Syrian Electronic Army that could present a threat: National security officials must also prepare for the involvement of military hackers in Iran and hackers for hire, who could add to the expertise and effectiveness of the Syrian organization.
But little information has been passed to the companies that could be affected. Information “is something that businesses are screaming out for,” Jim Harvey, whose law firm advises companies on cyberthreats, told Bloomberg. “Businesses are getting caught up in something that is being driven by international events and sometimes the perception is that they are left on their own.”
Because of the warnings they have received, banks are on alert and watching for any unusual activity on their computer networks, the American Bankers Association’s Doug Johnson told the publication. “We have not formally raised the threat level based upon the current potential for attacks,” he said in a phone interview.
Bank of America (NYSE:BAC), JPMorgan Chase (NYSE:JPM), Citigroup (NYSE:C), and other financial institutions have reason to be concerned. Since September of last year, these companies have be the targets of cyber attacks known as “denial of service,” which overwhelms bank websites with traffic, preventing customers from accessing them.
Banks in the United States have strengthened their computer defenses, and now “there is a heightened sense of urgency to [batten] down the hatches” in other important sectors as well, Carl Herberger, a vice president of the network security company Radware, told Bloomberg. According to a 2012 study by Bloomberg Government, many companies know they are not spending enough to make their computer networks impervious to attack.
Even JPMorgan CEO Jamie Dimon noted in an April letter to shareholders that the bank spends $200 million annually on data security, a number that “will grow dramatically over the next three years.”
Follow Meghan on Twitter @MFoley_WSCS
Don’t Miss: Falling Jobless Claims Suggest Future Strength.