+Comment Western financial institutions should prepare themselves for cyber attacks from Islamic militants, the head of the City of London police warns.
Commissioner Adrian Leppard urged preparations ought to be put at hand during a security conference in New York. According to the FT, he singled Islamic State of Iraq and the Levant (aka Isis) as a potential attacker.
"There could be a very serious impact to the financial institutions of the world through a cyber attack and I think it's a very strong likelihood that it will happen one day in the future, which is why we've got to push back and take action now before it happens," Commissioner Leppard told the (Financial Times - registration required).
The City of London force and New York District Attorney's Office will be stationing permanent staff in each other's offices to build greater co-operation between police and prosecutors that cover the Square Mile and Wall Street. The exchange programme is designed to ward off attacks, Reuters adds.
Commissioner Leppard previously described Tor as 90 per cent of the internet during an IP Enforcement Summit back in June.
In your correspondent's view, it is likely that this latest warning is built on insubstantial foundations that paint a misleading view of the threat landscape (cue scary headlines about Cyber Terror). The warning also overlooks the fact that through exercises such as Waking Shark City financial institutions are already collectively testing their incident response and disaster recovery.
Warnings about a Cyber Pearl Harbour have been going on for 15 years or more. Commissioner Leppard's warning offers a jihadist twist, fuelled by real world concerns about ISIS/IS.
But IS is largely using the internet for propaganda and recruitment and the Islamist cyber-threat is best categorised as the possibility of DDoS or website defacement by hacktivist types.
Islamic hacktivists claimed responsibility for a series of distributed denial-of-service attacks that hit US financial organisations in two waves during September 2012 and early 2013. The Izz ad-Din al-Qassam Cyber Fighters were linked to DDoS attacks against US Bancorp, Citigroup, Wells Fargo and Bank of America, among others.
The group said the offensive was motivated by the continued availability of the inflammatory Innocence of Muslims video on YouTube.
Unnamed US government officials claimed Iran was orchestrating the attacks as a reprisal for Stuxnet. Security experts cast scorn on the notion that the DDoS attacks had to be nation-state sponsored because a server-based botnet involving compromised WordPress sites had been harnessed in the attack. ®