US Banks targeted by Muslim hackers
The attacks, which began in late 2011 and escalated this year, have primarily been "denial of service" campaigns that disrupted the banks' websites and corporate networks by overwhelming them with incoming web traffic, said the sources.
The attack is described by one source, a former US official familiar with the attacks, as being "significant and ongoing" and looking to cause "functional and significant damage."
The consumer banking website of Bank of America was unavailable to some customers on Tuesday, and JPMorgan Chase on Wednesday had the same problems, which multiple sources linked to a denial-of-service attack, in which a website is bogged down by a large number of requests. A Chase spokesman said Wednesday that the consumer site was intermittently unavailable to some customers, but did not acknowledge then that there was an attack. On Thursday, Chase said slowness continued but was resolved by late afternoon Eastern Time. Bank of America acknowledged on Tuesday that its site had experienced slowness, but would not say what caused it.
Hackers have declared that the attacks were prompted by the online video mocking Islam's Prophet Mohammad (PBUH).
Yet, a group of hackers in the Middle East has claimed credit for problems at the websites of both banks, citing the online video mocking the founder of Islam.
Whether the hackers have been able to inflict more serious damage on computer networks or steal critical data is not yet known.
Speaking to NBC News, US national security officials alleged that the continuing cyber attacks this week that slowed the websites of JPMorgan Chase and Bank of America are being carried out by Iran.
Security sources told Chicago Tribune and NBC News that the attacks on the three largest US banks originated in Iran, but it is not clear if they were launched by the state, groups working on behalf of the government, or "patriotic" citizens.
The sources, who requested anonymity as they were not authorized to discuss the matter, did not present any evidence to corroborate their claims against Iran.
The hackers also targeted other US companies, the sources said, without giving specifics. They said the attacks shed new light on the potential for Iran to lash out at Western nations' information networks.
"Most people didn't take Iran seriously. Now most people are taking them very seriously," said one of the sources, referring to Iran's cyber capabilities.
Bank of America, JPMorgan Chase and Citigroup declined to comment, as did officials with the Pentagon, US Department of Homeland Security, Federal Bureau of Investigation, National Security Agency and Secret Service.
A U.S. financial services industry group this week warned banks, brokerages and insurers to be on heightened alert for cyber attacks after the websites of Bank of America and JPMorgan Chase experienced service disruptions.
But denial-of-service attacks are very disruptive: If a bank's website is repeatedly shut down, the attacks can hurt its reputation, affect customer retention and cause revenue losses as customers cannot open accounts or conduct other business.
Bank of America, Citigroup and JPMorgan Chase have consulted the FBI, Department of Homeland Security and National Security Agency on how to strengthen their networks in the face of foreign attacks, the sources said. It was not clear whether law enforcement agencies are formally investigating the attacks.
The attackers may have used denial-of-service to distract the victims from other, more destructive assaults that have yet to be uncovered, the sources said.