U.S. charges 7 Iranian hackers for attacks on 46 banks, New York dam

The U.S. Department of Justice on Thursday announced grand jury indictments against a group of Iranian nationals for government-sponsored cyberattacks on dozens of American banks—as well as an attack on a dam outside New York City.

The charges against the alleged hackers represent a marked effort by the U.S. government to further curtail foreign cyberattacks against American institutions and critical infrastructure, while the attacks themselves highlight the evolving landscape of cyber threats facing the U.S. in the 21st century.

Seven Iranians face charges for allegedly waging distributed denial-of-service (DDoS) attacks against at least 46 U.S. financial institutions from late 2011 through mid-2013. One of the seven is also charged with hacking the Bowman Avenue Dam in Rye, New York, which is located just 30 miles north of New York City.

The DDoS attacks, which overloaded the banks’ networks to render them unusable, caused tens of millions of dollars in damages, according to U.S. Attorney Preet Bharara of the Southern District of New York. The alleged hackers are believed to have used botnets—collections of third-party computers infected with malware, unbeknownst to their owners—to carry out the DDoS attack.

“The FBI will find those behind cyber intrusions and hold them accountable—wherever they are, and whoever they are.”

Hamid Firoozi, 34, stands accused of breaching the Supervisory Control and Data Acquisition (SCADA) systems of the Bowman Avenue Dam in 2013. Access to the dam’s SCADA systems could have allowed Firoozi to “control water levels, control flow rates, and could have presented a clear and present danger to the people of New York,” according to U.S. Attorney General Loretta Lynch. 

However, the dam was undergoing repairs at the time of the attack, Lynch said, mitigating risks of any additional damage.

In addition to Firoozi, the men charged with the DDoS attack on the American banks include Ahmad Fathi, 37; Amin Shokohi, 25; Sadegh Ahmadzadegan, aka Nitr0jen26, 23; Omid Ghaffarinia, aka PLuS, 25; Sina Keissar, 25; and Nader Saedi, aka Turk Server, 26. 

“In unsealing this indictment, the Department of Justice is sending a powerful message: that we will not allow any individual, group, or nation to sabotage American financial institutions or undermine the integrity of fair competition in the operation of the free market,” Lynch said in a press conference on Thursday. 

The alleged hackers used anonymity software in an attempt to mask their identities, according to James Comey, director of the Federal Bureau of Investigation. By naming the alleged hackers, said Comey, the U.S. government hopes to send the message that they have the tools to “pierce the shield” of online anonymity.

“The FBI will find those behind cyber intrusions and hold them accountable—wherever they are, and whoever they are,” Comey said in a prepared statement. “By calling out the individuals and nations who use cyber attacks to threaten American enterprise, as we have done in this indictment, we will change behavior.”

The cadre of alleged hackers are said to have been employed by two Iranian computer companies, ITSecTeam (ITSEC) and Mersad Company (MERSAD), which the U.S. believes carries out work for the Iranian government, including its Islamic Revolutionary Guard Corps.

“These were no ordinary crimes, but calculated attacks by groups with ties to Iran’s Islamic Revolutionary Guard and designed specifically to harm America and its people,” Bharara said in a statement. “We now live in a world where devastating attacks on our financial system, our infrastructure, and our way of life can be launched from anywhere in the world, with a click of a mouse.”

The grand jury indictments against the Iranians come just days after the U.S. charged three Syrians for allegedly carrying out attacks against various media outlets, including the Associated Press and the Daily Dot. The alleged hackers—Amad Umar Agha, 22; Firas Dardar, 27; and Peter Romar, 36—are said to have operated under the name Syrian Electronic Army, or SEA. 

While the U.S. does not have an extradition treaty with Iran, Lynch said they are tracking the alleged hackers movements, which may lead to their arrest. “Our view is that fugitives don’t remain that way forever,” she said.

More than simply capturing those involved, federal officials emphasized their ability to identify the perpetrators of government-funded attacks.

“Like past nation state-sponsored hackers, these defendants and their backers believed that they could attack our critical infrastructure without consequence, from behind a veil of cyber anonymity,” said Assistant Attorney General Carlin. “This indictment once again shows there is no such veil—we can and will expose malicious cyber hackers engaging in unlawful acts that threaten our public safety and national security.”

Photo via ogwen/Flickr (CC BY 2.0) | Remix by Max Fleishman

Andrew Couts

Andrew Couts

Andrew Couts is the former editor of Layer 8, a section dedicated to the intersection of the Internet and the state—and the gaps in between. Prior to the Daily Dot, Couts served as features editor and features writer for Digital Trends, associate editor of TheWeek.com, and associate editor at Maxim magazine. When he’s not working, Couts can be found hiking with his German shepherds or blasting around on motorcycles.