The Enemy of My Enemy is My Cyber-Lessee

Cyber skills can provide countries with aggressive capabilities disproportionately greater than their population or GDP. The US tries to cloak its cyber prowess in silence, somewhat like China and Russia.  Smaller actors such as South Korea and Iran either want others to know or they ineptly cover their tracks. Some nations such as Israel and Spain are thought to have serious cyber skills, but they have effectively kept their lips zipped. If a terrorist group were shopping for help attacking the US financial system, the following are the candidates they’d consider.

China has plenty of experience attacking health care organizations, military and R&D firms.  Strangely, there is no news coverage of Chinese cyber-attacks on US banks.  Based on the sophistication of their other attacks, China’s military and criminal hackers have the skill sets needed for banks.

Russia has proven its skill at attacking our financial system and recently JP Morgan and four other banks. Russia’s Ouroboros virus retains its grip over Ukraine’s government communications. Earlier, Russia pummeled Estonia’s and Georgia’s communications. Russia doesn’t cyber-scuffle and run – it tends to leave sleeper modules which can launch re-focused attacks at a later date. There is a fuzzy demarcation between Russia’s military and criminal hacker groups, and as with other sophisticated hackers, the origin of Russian attacks is obfuscated.

North Korea attacked South Korean banks using a “distributed denial of service” (DDoS) attack, which flooded the bank’s ATM servers with far more requests than they could handle. The flood causes the servers to shut down. Banks can take measures to divert the bulk of DDoS requests and gradually restore service. The North Korean attack was disruptive but did little beyond slow or halt ATM access.

Iran is believed to have attacked five US banks using a DDoS attack 2 years ago. The attack was aggressive but routine DDoS with little sophistication; short-lived disruption, nothing taken, and no leave-behind modules.

Israel is suspected of the prowess behind Stuxnet, the attack on Iran’s nuclear centrifuge process control. With that degree of sophistication, they could attack banks, but Israel would not consider attacking the US.

Careto (Spanish for “mask”) is a modular and sophisticated cyber-attack vehicle that has been injected into computers, mostly in Spanish speaking countries. The author is almost certainly state-sponsored and some assume Spain is the origin. Out of 380 unique victims, just 22 are in the US. Careto does not focus on banks.

Russia, Iran, and North Korea have experience mounting cyber-attacks against banks. The attacks mounted by Iran and North Korea appear unsophisticated, but in the years since their bank attacks, they could have polished their skills.

If the Islamic State of Iraq and the Levant (ISIL) wanted to prove it could attack the West, it could take a major leap forward by “renting” a cyber-attack vehicle. Of those with cyber-wares equal to the task, Spain and Israel would quickly decline and report the inquiry to others. China seems to lack bank experience and would probably decline for trade reasons. Iran would not help the Shiite-murdering ISIL. Russia and North Korea would consider helping if only to deflate what they consider as US arrogance. If one of them strikes a bargain with ISIL, the Internet will become a war zone.

Alan Daley is a retired businessman who writes for The American Consumer Institute Center for Citizen Research