Iranian Hackers Linked to Revolutionary Guard Corps Indicted For Massive Attacks On US Banking, Infrastructure

Reboot
REUTERS/KACPER PEMPEL

The Justice Department has announced charges against seven suspects linked to the government of Iran for hacking into the control systems of the Bowman Avenue Dam in Rye Brook, New York.

The suspects have also been indicted for disrupting the operation of banking websites in the United States between 2011 and 2013.

The Washington Post notes this is the first time the U.S. government has charged individuals linked to a national government with “disrupting or attempting to disrupt critical U.S. infrastructure or computer systems of key industries such as finance and water.”

The Post provides a rundown of the suspects, and the charges against them:

Those charged were identified as Ahmad Fathi, Hamid Firoozi, Amin Shokohi, Sadegh Ahmadzadegan, Omid Ghaffarinia, Sina Keissar and Nader Seidi. According to an 18-page indictment, they were working for two Iran-based computer security companies — ITSec Team and Mersad Co. — on behalf of the Iranian government.

The indictment alleges that the suspects caused cyber mayhem, including coordinated “distributed denial of service,” or DDoS, attacks — which attempt to overwhelm servers — on U.S. financial institutions. Those attacks, for a time, occurred on a near-weekly basis and affected dozens of major institutions, leaving hundreds of thousands of customers unable to access their bank accounts online, the indictment alleges.

Those institutions and businesses affected included Bank of America, the Nasdaq composite index, the New York Stock Exchange, Capital One, AT&T and PNC, the indictment alleges. Attorney General Loretta E. Lynch said the attacks caused tens of millions of dollars in losses.

“These attacks were relentless, they were systematic, and they were widespread,” [Attorney General Loretta] Lynch said.

According to the indictment, Ahmadzadegan and Ghaffarinia also claimed responsibility for hacking into NASA servers and defacing NASA websites, and Firoozi obtained access to a computer control system for the Bowman Dam in Rye, N.Y. That access, according to the indictment, would have permitted Firoozi to “operate and manipulate” a gate on the dam if it had not been manually disconnected for maintenance issues.

“The potential havoc that such a hack of American infrastructure could wreak is scary to think about,” said U.S. Attorney Preet Bharara.

Bharara said the Iranians “intended for New York to be the epicenter of harm,” because it has “always been the blue chip target for those who want to harm our country.”

The New York Daily News counts at least 46 major financial institutions attacked by the Iranian team, and notes the two companies they worked for are sponsored by Iran’s Islamic Revolutionary Guard Corps. The cost of their rampage against the banks runs into tens of millions of dollars, affecting hundreds of thousands of customers.

Forbes argues that the details of the 17-page indictment “suggest the U.S. has not properly secured the nation’s critical infrastructure,” pointing out that damage from the Iranian attack on the Bowman Dam was mitigated only by a stroke of luck — namely, that the dam was disconnected from the Supervisory Control and Data Acquisition (SCADA) system for maintenance at the time. Otherwise, “the Iranian hacker would have been able to control water levels and flow rates at the dam that could have [affected] the health and safety of people in the New York metropolitan area.”

The Washington Post notes that none of the hackers has been arrested, and even though they theoretically face up to 10 years in prison for their offenses, the mostly likely repercussion will be some form of individual economic sanctions, using an authority President Obama has not yet invoked.

Nevertheless, Lynch insisted that by unsealing the indictment: “The Department of Justice is sending a powerful message: that we will not allow any individual, group, or nation to sabotage American financial institutions or undermine the integrity of fair competition in the operation of the free market,” perhaps missing the point that her prospective defendants did exactly that, to the tune of seven or eight figures in damages.

Lynch added the indictments would “make clear” that “individuals who engage in computer hacking will be exposed for their criminal conduct and sought for apprehension and prosecution in an American court of law.”

“Like past nation state-sponsored hackers, these defendants and their backers believed that they could attack our critical infrastructure without consequence, from behind a veil of cyber anonymity,” added Assistant Attorney General John P. Carlin. “This indictment once again shows there is no such veil — we can and will expose malicious cyber hackers engaging in unlawful acts that threaten our public safety and national security.”

These indictments are compared by many media sources to the charges unsealed against five Chinese military hackers in 2014, charges that do not seem to have done much to slow down the pace of Chinese cyber-espionage.

Fox News notes the Administration has been keeping very quiet about this Iranian cyber-espionage onslaught since late last year, and quotes a law enforcement source who said “the charges will amount to a ‘naming and shaming’ of the alleged hackers, since it is highly doubtful the Iranian government will agree to an extradition.”

NBC News quotes FBI Director James Comey conceding as much, but then insisting the indictments “should have them looking over their shoulders if they travel.”

“The world is small and our memories are long.  We never say never,” Comey said.

COMMENTS

Please let us know if you're having issues with commenting.