Operation Ababil (2012)
Operation Ababil (2012) refers to a series of cyberattacks primarily targeting U.S. financial institutions through a method known as distributed denial of service (DDoS) attacks. Initiated by a group calling themselves the Izz ad-Din al-Qassam Cyber Fighters, the operation was framed as a response to a controversial anti-Islamic video and was believed to be a form of retaliation against U.S. sanctions imposed on Iran. The attacks began in September 2012 and involved a coordinated effort that led to significant service disruptions at major banks, including Bank of America and JPMorgan Chase. Although the attackers claimed their motivation was to remove the offensive video from platforms like YouTube, many analysts suggested that the underlying motive was linked to broader geopolitical tensions and economic sanctions against Iran.
Over the course of the operation, which unfolded in phases and included multiple rounds of attacks until mid-2013, at least 46 companies in the financial sector were affected, incurring damages estimated in the tens of millions of dollars. In 2016, U.S. authorities indicted seven Iranian individuals for their involvement, suggesting that the attacks were supported by Iran's Islamic Revolutionary Guard Corps. The incident raised awareness of the increasing threat of state-sponsored cyber warfare and highlighted the complexity of motivations behind such cyber operations, which can include both ideological and economic factors. As concerns over Iranian cyber capabilities persisted, particularly following the U.S. withdrawal from the Iran nuclear deal in 2018, the implications of Operation Ababil continued to resonate in discussions about cybersecurity and international relations.
Subject Terms
Operation Ababil (2012)
Date: September 18, 2012–May 2013
Place: United States; Iran
Summary
Operation Ababil was a series of cyberattacks that took place mainly in 2012, targeting a number of US banks. Conducted with the cyberattack method known as distributed denial of service (DDoS), the incident was later linked to a group of Iranian hackers and was believed to be a retaliation for US sanctions levied against Iran.
Key Events
- September 18, 2012—Group known as the Izz ad-Din al-Qassam Cyber Fighters posts an online message claiming that they will attack two US financial institutions in retaliation for an anti-Islamic video.
- December 10, 2012—Cyber Fighters announce phase two of what they call Operation Ababil, targeting more US financial institutions.
- January 29, 2013—Cyber Fighters announce end of Operation Ababil following removal of offending video from YouTube video-sharing site.
- March 5, 2013—Phase three of Operation Ababil is announced due to continued presence of the video online.
- March 24, 2016—US government announces charges against seven Iranians related to the Operation Ababil cyberattacks.
Status
The attacks conducted under Operation Ababil wound down by mid-2013, and the use of the name has not been continued despite further cyberattacks suspected to be tied to the Iranian government. President Donald Trump’s withdrawal of the United States from the Iran nuclear deal (officially known as the Joint Comprehensive Plan of Action, or JCPOA) in May 2018 increased concerns that Iran would ramp up similar cyberattacks. This fear is related to the widespread belief that the motive behind such attacks was economic sanctions against Iran, not religious insults as claimed by the Operation Ababil hackers.
In-Depth Overview
A distributed denial of service (DDoS) attack is a type of cyberattack in which an internet integrated system is simultaneously bombarded with an unusual quantity of data in hopes that the incoming data will exhaust the target system’s bandwidth and RAM. A successful DDoS attack can crash a target system, while less effective attacks may simply result in a temporary slowing of operations or services. DDoS attacks can cost a company significant revenue due to failed transactions or other disruption of service. In addition, cyber criminals can use DDoS attacks to ransom payment from an individual or company in return for ceasing their attack. There are many different types of DDoS attacks, some of which are designed to quickly crash a target system while others develop over a longer period of time and can be difficult to detect. Some DDoS attacks are designed to last for extended periods, during which time a target system can suffer extended service interruptions or other problems.
The early twenty-first century saw an increasing prevalence of DDoS attacks, including some suspected to be connected to national governments rather than unaffiliated criminals or hackers. Examples included a major attack against Estonia in 2007, believed to be linked to Russia. Another notable example of cyberwarfare, though not specifically a DDoS attack, was the Stuxnet virus discovered to be targeting Iran in 2010 and widely tied to US and Israeli intelligence operations. US president Barack Obama also implemented financial sanctions against Iran beginning in 2010, and relations between the US and Iran were highly strained.
In September 2012, a group of Iranian “hacktivists” self-identified as the Cyber Fighters of Izz ad-Din al-Qassam, or the Qassam Cyber Fighters, posted a message on the text-sharing platform Pastebin criticizing US and Israeli policies toward Iran. The message called, in particular, for the removal of a YouTube video called the “Innocence of Muslims,” an anti-Islamic work posted in July 2012 that had triggered a series of demonstrations in several Arab and Muslim nations. The group stated that it would immediately begin attacking US financial institutions and stop only when the video was removed.
On September 19, the Qassam Cyber Fighters initiated their cyberattacks, which were eventually given the name Operation Ababil in reference to a story from the Qur’an. They first targeted the Bank of America before moving on to victims including Wells Fargo, US Bank, JPMorgan Chase, PNC Bank, and the New York Stock Exchange. Each target suffered service outages and disruptions due to what was later classified as a coordinated DDoS attack. Analysts found that the hackers utilized a variety of methods, including flooding sites with junk traffic or numerous requests for document downloading. Users of affected institutions were prevented from banking and the incident quickly hit the international press. The success of the attacks against heavily protected banks was unusual, and cybersecurity experts noted that the volume of traffic directed at the targeted sites was unprecedented.
Shortly after the attacks began, many analysts and US government officials suggested that the Iranian state might be behind them. Senator Joseph Lieberman, then chair of the Homeland Security and Governmental Affairs Committee, was among those who considered the operation too sophisticated and powerful for unaffiliated hackers. He stated his belief that the Quds Force, a part of the Iranian Revolutionary Guard Corps known to have the capability to conduct cyberattacks, was the culprit. American intelligence experts further suggested that the real motive behind the attacks was not the removal of the offensive video, but retaliation for economic sanctions against Iran and US-backed cyberattacks such as Stuxnet.
On October 23, 2012, the Izz ad-Din al-Qassam Cyber Fighters announced a pause in their attacks, allegedly for the Eid al-Adha holiday. They proceeded to conduct email interviews with American media outlets, in which they denied any connection to any government and asserted their only goal was the removal of the “Innocence of Muslims” video. On December 10, 2012, phase two of Operation Ababil was announced, and attacks on various financial institutions resumed. The group again suspended the operation in late January 2013, after the most-viewed version of the video on YouTube was taken down. However, other copies of the video remained online, and after several warning messages, phase three of Operation Ababil was announced on March 5, 2013.
Cyberattacks linked to Operation Ababil tapered off by May 2013. Across the duration of the operation, at least forty-six companies in the US financial sector were affected. Estimates placed the damages at tens of millions of dollars, mostly due to remediation costs as companies were forced to mitigate and neutralize the attacks. Hundreds of thousands of citizens were prevented from accessing online banking and other tools while the attacks were ongoing.
In 2016, unsealed US Justice Department documents indicated that the US government had indicted seven Iranian individuals for involvement in the attack. All were allegedly employed by one of two Iranian computer companies, ITSecTeam (ITSEC) and Mersad Company. The charges asserted that the hacker collective was supported by Iran’s Islamic Revolutionary Guard Corps and was directed to initiate the cyberattacks against the United States. The Justice Department report also indicated that related attacks actually began as far back as December 2011.
Key Figures
Joseph Lieberman: Former US senator for Connecticut and chair of the Senate Homeland Security and Governmental Affairs Committee.
Barack Obama: Former president of the United States.
Donald Trump: President of the United States.
Bibliography
Boone, J. (2012, November 9). Who are the Izz ad-Din al-Qassam cyber fighters? PRI. Retrieved from https://www.pri.org/stories/2012-11-09/who-are-izz-ad-din-al-qassam-cyber-fighters
Brewster, T. (2018, May 9). How Iran’s Russia-inspired hackers could retaliate to Trump’s nuclear deal retreat. Forbes. Retrieved from https://www.forbes.com/sites/thomasbrewster/2018/05/09/iran-hackers-influenced-by-russia-might-hack-america/#23f0d985d265
Goldman, D. (2012, September 28). Major banks hit with biggest cyberattacks in history. CNN Business. Retrieved from https://money.cnn.com/2012/09/27/technology/bank-cyberattacks/index.html
Greenberg, A. (2018, May 9). The Iran nuclear deal’s unraveling raises fears of cyberattacks. Wired. Retrieved from https://www.wired.com/story/iran-nuclear-deal-cyberattacks/
Manhattan US Attorney announces charges against seven Iranians for conducting coordinated campaign of cyber attacks against US financial sector on behalf of Islamic Revolutionary Guard Corps-sponsored entities. (2016, March 24). US Attorney’s Office Southern District of New York. Retrieved from https://www.justice.gov/usao-sdny/pr/manhattan-us-attorney-announces-charges-against-seven-iranians-conducting-coordinated
Nakashima, E. (2012, September 21). Iran blamed for cyberattacks on US banks and companies. The Washington Post. Retrieved from https://www.washingtonpost.com/world/national-security/iran-blamed-for-cyberattacks/2012/09/21/afbe2be4-0412-11e2-9b24-ff730c7f6312‗story.html?noredirect=on&utm‗term=.634bb0bb55d6
Perlroth, N., & Hardy, Q. (2013, January 8). Bank hacking was work of Iranians, officials say. The New York Times. Retrieved from https://www.nytimes.com/2013/01/09/technology/online-banking-attacks-were-work-of-iran-us-officials-say.html