U.S. indicts Iranians in bank cyberattacks
WASHINGTON — The Justice Department on Thursday unsealed an indictment against seven Iranian computer specialists, charging that they were behind cyberattacks on dozens of U.S. banks and that they attempted to take over the controls of a small dam in Westchester County, N.Y.
The indictment marks the first time that President Barack Obama’s administration has sought action against Iranians for a wave of computer attacks on the United States that began in 2011.
It also is the first time the government has charged people linked to a national
government with disrupting or attempting to disrupt critical U.S. infrastructure or computer systems of key industries such as finance and water.
The indictment referred to those who were charged as “experienced computer hackers” who “performed work on behalf of the Iranian Government, including the Islamic Revolutionary Guard Corps.”
In 2010, a U.S.-led cyberattack on Iran’s main nuclear-enrichment plant, the so-called Stuxnet virus, was revealed for the first time, and intelligence experts have long speculated that the attacks aimed at some of the United States’ largest banks — including JPMorgan Chase, Bank of America, Capital One and PNC Bank — were retaliation.
The indictment also cited attacks on the New York Stock Exchange and AT&T.
“The attacks were relentless, systematic and widespread,” said Attorney General Loretta Lynch, who announced the indictment in a Washington news conference with Preet Bharara, the U.S. attorney for the Southern District of New York, where the indictment was handed down. “They threatened our economic well-being and our ability to compete fairly in the global marketplace, both of which are directly linked to our national security.”
All of those attacks were “distributed denial of service” attacks, in which the targets’ computers are overwhelmed by coordinated computer requests from thousands of machines around the world. The result is often that the targeted networks crash, putting them out of service for some number of hours.
One of the hacking suspects is accused of repeatedly gaining access to the control system of the Bowman Avenue Dam, a small flood-control structure in Rye Brook, about 20 miles north of New York City. Officials termed his access “a frightening frontier on cybercrime” and said the hacker would have been able to “operate and manipulate” a digitally controlled sluice gate, flooding portions of the city of Rye, but the gate had been disconnected for maintenance.
The hacker was still able to gain information about the dam’s operations, including its water level, temperature and the sluice gate.
“The potential havoc that such a hack of American infrastructure could wreak is scary to think about,” Bharara said.
FBI: WILL PIERCE SHIELD
The seven defendants are Ahmad Fathi, 37; Hamid Firoozi, 34; Amin Shokohi, 25; Sadegh Ahmadzadegan, 23, who went by the online handle of “Nitr0jen26”; Omid Ghaffarinia, 25, known as “PLuS”; Sina Keissar, 25; and Nader Saedi, 26, “Turk Server.”
Firoozi is charged alone in the cyberattack on the dam. Shokohi received credit from the Iranian government toward his mandatory military service for his work in the attacks, the U.S. alleges.
According to the indictment, Ahmadzadegan and Ghaffarinia also claimed responsibility for hacking into NASA servers and defacing NASA websites.
It was unclear how long the indictment had been under seal.
The Justice Department is determined to remove a cloak of “perceived anonymity” long enjoyed by foreign hackers and has focused on doing so since 2012, said John Carlin, the department’s top national security official.
At the news conference, James Comey, the FBI director, said the key to the case was solving the problem of “attribution” — figuring out exactly who was behind an attack in the world of cyberspace, where it is relatively easy to hide someone’s true identity.
“Cybercriminals often think it is a freebie to reach into the United States,” Comey said. The message of the indictment was that “no matter how hard they work to hide their identity and their tradecraft, we will pierce that shield and find them.”
He also dismissed the fact that the individual attackers were out of reach of the Justice Department.
“We never say never. People often like to travel for vacation or education, and we want them looking over their shoulder when they travel or sit at a keyboard,” he added. “The world is small, and our memories are long,” he added.
None of the named Iranians lives in the United States and it is unlikely any will appear in a U.S. courtroom. But the Obama administration argues that such indictments send a strong signal and make it difficult for those who were indicted to travel, for fear they could be extradited.
The charges come two years after the United States indicted five Chinese military officers suspected of hacking into several major American companies, including U.S. Steel and Westinghouse, and stealing trade secrets. None has been brought to the U.S. to face charges.
For years, the U.S. government had treated hacking campaigns carried out by foreign governments as matters of national security that are classified.
But as the scope and severity of the intrusions have grown, that has changed. The indictment against the Chinese People’s Liberation Army officers was an early example. Then in January 2015, the United States slapped new financial sanctions on North Korean officials and government agencies in response to a cyberattack on Sony Pictures Entertainment.
The indictment also comes eight months after the nuclear accord between Iran and the United States and other world powers.
Since rolling back its nuclear program this year, Iran has regained access to some $100 billion in overseas assets and the top diplomats from the U.S. and Iran have been meeting and discussing global matters at their most intensive level since Iran’s 1979 overthrow of the U.S.backed shah.