Iranian hackers have repeatedly attacked Bank of America Corp., JPMorgan Chase & Co. and Citigroup Inc. over the past year, as part of a broad cyber campaign targeting the United States, according to anonymous sources.
The attacks, which began in late 2011 and escalated this year, have primarily been “denial of service” campaigns that disrupted the banks’ websites and corporate networks by overwhelming them with incoming web traffic, said the sources.
Whether the hackers have been able to inflict more serious damage on computer networks or steal critical data is not yet known. The sources said there was evidence suggesting the hackers targeted the banks in retaliation for their enforcement of Western economic sanctions against Iran.
Iran has beefed up its cyber capabilities after its nuclear program was damaged in 2010 by the Stuxnet virus, widely believed to have been developed by the United States. Tehran has publicly advertised its intentions to build a cyber army and encouraged private citizens to hack against Western countries.
The attacks on the three largest U.S. banks originated in Iran, by groups working on behalf of the government, or “patriotic” citizens, according to the sources, who requested anonymity as they were not authorized to discuss the matter.
They said the attacks shed new light on the potential for Iran to lash out at Western nations’ information networks.
“Most people didn’t take Iran seriously. Now most people are taking them very seriously,” said one of the sources, referring to Iran’s cyber capabilities.
Security experts said Iran’s cyber capabilities are not as sophisticated as those of China, Russia, the United States or many of its Western allies. Jim Lewis, a former U.S. Foreign Service officer, said Iran has been testing its cyber technology against Israel and other Gulf states in recent years.
“It’s like the nuclear program: it isn’t particularly sophisticated but it makes progress every year,” said Mr. Lewis, who is a senior fellow at the Center for Strategic and International Studies.