WASHINGTON, April 30 (UPI) -- Cyberattacks on U.S. and other financial institutions are rising amid growing discontent among bank officials over perceived government inaction or inadequate countermeasures, analysts said.
Increasingly seen in the criminal world as a safer alternative to robbing physical bank premises, computer hacking that divests banks of funds has an obvious appeal for hackers working on their own or as part of organized criminal networks.
The hackers have found a weak spot in banks' general unwillingness to admit when they are hacked -- something the bank cannot do when robbed on premises.
The security industry is awash with theories paraded as truisms about who is behind most of the hacking raids on banking and financial systems.
Related
Recent media reports cited Iran and China as potential culprits but the complexity of the Internet and a global imbalance in resources available to fight cyberthreats ensures virtual anonymity for those behind attacks on banks.
Iran is often cited as prime suspect, as the perpetrator of cyberattacks partly in retaliation for publicly documented Western attacks on its nuclear program but analysts see Russian, Eastern European and other Asian hacking communities closely behind.
Recent hacking incidents also invalidate theories about computer criminals being site-specific or geography-related.
U.S. officials in media interviews acknowledged the Obama administration faced a tough task deciding the level of response to hostile cyber actions for fear of causing diplomatic escalation with unpredictable international consequences.
"You're always going to see the government be more cautious and incremental in response to most incidents than the private sector probably would like," Michael Daniel, the White House cybersecurity coordinator, said in an interview cited by The Washington Post.
"But that's because the risk of misattribution and escalation is real and we always have to consider the broad foreign policy implications of our actions."
A global rise in broadband communication technology ironically has helped with the proliferation of cybercrime, which can thrive anonymously with the help of a single computer and a stable connection.
U.S. bank sites have been under attack over the greater part of last year and all of this year. Hacking raids have also become a routine extension of major ongoing conflicts in the Middle East and Africa, including tensions between Iran and its Arab neighbors, Syria under Bashar Assad and his foes or allies, Libya since the fall of Moammar Gadhafi in 2011 and myriad interest groups in Egypt representing Islamists, nationalists and disgruntled underground organizations with computer hackers in their ranks.
Before the 2011 revolution that toppled Hosni Mubarak from the presidency, Egypt was poised to become a science and technology hub for the eastern Mediterranean, competing with Jordan and Israel.
The political upheaval and resulting economic hardship in Egypt has given rise to militant factions using technology not only to propagate their cause but also to procure funds, often illegally.
A cyberattack on Saudi Arabia's state-owned oil company Saudi Aramco last year wiped data from the company's computer networks. Iran was blamed but opponents of the regime were also seen as potential perpetrators.
Various governments' vigorous efforts to deny opposition groups funds have spawned criminal gangs tasked with procuring finances for their activities with minimum traceability, preferably through cybercrime.
Banks in the United States and Europe are deep in debate about who should do how much in securing networks, analysts said. Government officials want corporate managers to own up to vulnerabilities and not just wait to be rescued or protected by government-led initiatives.
Analysts said some of the inherent weaknesses of defenses against cybercrime might lie in the extreme interconnectivity of financial markets and governments. Counter measures against cybercrime carry risk they'll inhibit commerce and trade and hinder flow of information between governments on day-to-day tasks such as fighting or preventing crime and minimizing risks of terrorism.
Recent efforts to combat cybercrime opened both business and government to controversy when the U.S. House of Representatives approved legislation designed to allow companies and government to share information about cyberthreats.
The action was slammed immediately by civil rights advocates.
The House approved the Cyber Intelligence Sharing and Protection Act on a 288-127 vote despite concerns by some critics it would give government private information about private citizens. Ninety-two Democrats voted with Republicans in favor of the bill, and 29 Republicans voted in opposition.
The American Civil Liberties Union said the approval came despite a veto threat from President Barack Obama.
"CISPA is an extreme proposal that allows companies that hold our very sensitive information to share it with any company or government entity they choose, even directly with military agencies like the [National Security Agency], without first stripping out personally identifiable information," Michelle Richardson, a legislative counsel at the ACLU's Washington Legislative Office, said.
The U.S. Senate hasn't introduced cybersecurity legislation for the 113th Congress, the ACLU said, but is working on a bill.
