The Justice Department on Thursday announced it has indicted seven hackers associated with the Iranian government with cybercrimes.
The crimes include disrupting U.S. banks’ public websites from late 2011 through May 2013 and with breaking into a small dam in upstate New York in an apparent attempt to stop its operation.
The indictment marks the first time the government is charging people linked to a national government with disrupting or attempting to disrupt critical U.S. infrastructure or computer systems of key industries such as finance and water.
Those charged were identified as Ahmad Fathi, Hamid Firoozi, Amin Shokohi, Sadegh Ahmadzadegan, Omid Ghaffarinia, Sina Keissar and Nader Seidi. According to an 18-page indictment, they were working for two Iran-based computer security companies — ITSec Team and Mersad Co. — on behalf of the Iranian government.
The indictment alleges that the suspects caused cyber mayhem, including coordinated “distributed denial of service,” or DDoS, attacks — which attempt to overwhelm servers — on U.S. financial institutions. Those attacks, for a time, occurred on a near-weekly basis and affected dozens of major institutions, leaving hundreds of thousands of customers unable to access their bank accounts online, the indictment alleges.
Those institutions and businesses affected included Bank of America, the Nasdaq composite index, the New York Stock Exchange, Capital One, AT&T and PNC, the indictment alleges. Attorney General Loretta E. Lynch said the attacks caused tens of millions of dollars in losses.
“These attacks were relentless, they were systematic, and they were widespread,” Lynch said.
According to the indictment, Ahmadzadegan and Ghaffarinia also claimed responsibility for hacking into NASA servers and defacing NASA websites, and Firoozi obtained access to a computer control system for the Bowman Dam in Rye, N.Y. That access, according to the indictment, would have permitted Firoozi to “operate and manipulate” a gate on the dam if it had not been manually disconnected for maintenance issues.
“The potential havoc that such a hack of American infrastructure could wreak is scary to think about,” U.S. Attorney Preet Bharara said.
While the Iranians have not been arrested — and Iran would never voluntarily send them to the United States — officials said the indictment was important nonetheless.
“The world is small, and our memories are long,” FBI Director James B. Comey said. “We never say never. People often like to travel for vacation or education, and we want them looking over their shoulder.”
The charges come two years after the United States indicted five Chinese military officers on charges of economic espionage in cyberspace. And it occurs eight months after the nuclear accord between Iran and the United States and other world powers last July.
“It demonstrates a continued commitment to raising the cost of cybercrime and to demonstrating that the U.S. government can uncover the tradecraft of cybercriminals and attribute their activities with confidence,” said Zachary Goldman, executive director of New York University School of Law’s Center on Law and Security. “It also reinforces the U.S. government’s commitment to using every tool available to counter Iran’s destructive activities notwithstanding the nuclear deal.”
Analysts and lawmakers such as then-Sen. Joseph I. Lieberman (Conn.) said at the time of the attacks they believed Iran unleashed the DDoS campaign in response to increasingly strong economic sanctions imposed on Iran by the United States and Europe for its nuclear program.
For years, the U.S. government had treated hacking campaigns carried out by foreign governments as matters of national security that are classified. Officials were reluctant even to acknowledge a major intrusion by a foreign country either for diplomatic or intelligence reasons.
But as the scope and severity of the intrusions have grown, that has changed. The indictment against the Chinese People’s Liberation Army officers was an early example. Then in January 2015, the United States slapped new financial sanctions on North Korean officials and government agencies in response to a cyberattack on Sony Pictures Entertainment.
On Wednesday, the Justice Department announced a guilty plea by a Chinese businessman charged with aiding two Chinese military hackers in stealing sensitive technical plans from U.S. defense contractors.
Some administration officials said that the unsealing of the indictment against the Iranian hackers could ease the way for economic sanctions to be imposed on the individuals. President Obama last April issued an executive order creating an authority to impose such sanctions specifically for malicious cyber-activity. That authority has not been used yet.