Seven hackers with ties to the Iranian government were charged by the Justice Department on Thursday with carrying out cyber-attacks on dozens of American banks and a New York dam.
According to the FBI, the suspects were employed by private security firms working on behalf of the Iranian government, including the Islamic Revolutionary Guard Corps. They attacked 46 major financial institutions with distributed denial of service (DDoS) attacks, which overwhelm the bandwidth of a targeted server with data, often from compromised systems controlled by the hackers, in order to block the server from receiving legitimate traffic.
The attacks, which took place between 2011 and 2013, prevented hundreds of thousands of customers from gaining entry to their accounts. Authorities say this cost the targeted firms—including Bank of America, the New York Stock Exchange, Capital One, AT&T, and PNC Banks—tens of millions of dollars.
The hackers also breached the control system of a dam outside New York City. Attorney General Loretta Lynch said that if the Bowman Dam in Rye was not disconnected from the system due to maintenance, the attack would have been “a clear and present danger to the public health and safety of Americans.”
“These attacks were relentless. They were systematic. And they were widespread,” she added.
While the hackers were linked to the Iranian government, officials did not directly accuse Tehran of orchestrating the attacks.
The men were identified as Ahmad Fathi, Hamid Firoozi, Amin Shokohi, Sadegh Ahmadzadegan, Omid Ghaffarinia, Sina Keissar, and Nader Saedi. All seven are believed to be in Iran and therefore out of reach, though they could be apprehended while traveling abroad.
“The world is small and our memories are long,” said FBI Director James Comey. “We never say never. People often like to travel for vacation or education, and we want them looking over their shoulder.”
News that a federal indictment would be issued over the attack against the Bowman Dam prompted Sen. Chuck Schumer (D – N.Y.) to say last week that Iran had fired a “shot across the bow” of the United States with the breach.
Jon Miller, vice president of the cyber-security firm Cylance, said last week that Iran is behind ongoing attacks on American infrastructure. “It’s the same M.O., the same targets, the same sourcing,” Miller told Politico’s Morning Cybersecurity report. There “are definitely more attributable attacks, more than anyone has been able to report so far,” he added.
Miller also noted that it was important for the government to attribute the attack to Iran, explaining, “One of these had to get [attributed] to let Iranians know the U.S. government is aware and not too scared to say something about it.” Failure to act would mean “they’re just going to continue doing this unchecked.”
Iranian hacking attacks against American targets have not slowed since the beginning of the diplomatic outreach over Iran’s nuclear program, or even since the nuclear deal was signed last year, according to Cylance.
A report released in 2014 by Cylance highlighted Iran’s growing cyber-terror capabilities, including “bone-chilling evidence” that its hackers had taken control of gates and security systems at airports in South Korea, Saudi Arabia, and Pakistan.
The Associated Press reported in December that Iranian hackers were targeting parts of America’s electrical infrastructure and stealing highly sensitive data, including “Mission Critical” power plant blueprints. Earlier that month, a former Defense Department official warned that Iran’s cyber-attacks against U.S. government officials were part of a broader asymmetric warfare campaign against the country. The attacks prompted Congress to boost the military’s ability to counter cyber-security threats.
The Wall Street Journal reported in October that a cyber-security company had identified a scheme where Iranian hackers had set up false LinkedIn accounts in order to learn sensitive information from the defense and telecommunications sectors. Reports surfaced in August that Iranian hackers were targeting political dissidents living abroad.
The New York Times revealed last year that the U.S. had enlisted the help of its allies, including Britain and Israel, to confront the escalating Iranian cyber-attacks.
Iran’s cyber-attacks are not just directed at other countries and individuals abroad, but also its own citizens. Massive attacks on Iranian Google accounts were detected prior to the presidential election two years ago as part of a broader crackdown on dissent.
In How Iran and North Korea Became Cyber-Terror Buddies, which was published in the January 2015 issue of The Tower Magazine, Claudia Rosett highlighted the growing aggressiveness of Iran’s cyber-warfare program.
According to the Cylance report, Iran has become more aggressive with its own cyber-attacks in response to Stuxnet. Since at least the early 2000s, “Hacking campaigns sourced out of Iran” have been “nothing new.” But after Stuxnet, Iran appears to be more focused on retaliation. Its tactics are more wide-ranging and destructive, with a number of enhanced attacks in 2011 “serving as a warning, showcasing the rapid evolution of Iran’s hacking skills.”
By late 2012—just after North Korea and Iran signed their science and technology deal—Iranian hackers were targeting the online services of U.S. banks. They also attacked Israel so energetically that, in June 2013, Israeli Prime Minister Benjamin Netanyahu accused Iran of targeting Israel’s water, power, and banking systems with “non-stop attacks.” In September 2013, anonymous U.S. administration officials told the Wall Street Journal that Iran had “hacked unclassified Navy computers in recent weeks in an escalation of Iranian cyber-intrusions targeting the U.S. military.”
Five months later, Iran displayed its prowess in the Sands attack. Four months after that, North Korea made its initial threats against The Interview, followed by the wholesale attack on Sony.
[Photo: FBI ]