US charges Iran in cyberattacks against nearly 50 banks and New York dam

It said the seven accused were believed to have been working on behalf of Iran’s government and the Islamic Revolutionary Guards Corps(IRGC).

The IRGC is known to have a “cyber army.” Tehran significantly increased the resources devoted to the IRGC “cyber army” following the popular uprising that shook the Iranian regime in 2009. 

The seven indicted by the US live in Iran and the Iranian government is not expected to extradite them. 

According to Reuters, at least 46 major financial institutions and financial sector companies were targeted, including JPMorgan Chase (JPM.N), Wells Fargo (WFC.N) and American Express (AXP.N), the indictment said. AT&T (T.N) also was targeted.

The hackers are accused of hitting the banks with distributed-denial-of-service attacks on a near-weekly basis, a relatively unsophisticated way of knocking computer networks offline by overwhelming them with a flood of spammed traffic.

“These attacks were relentless, they were systematic, and they were widespread,” U.S. Attorney General Loretta Lynch told a Washington news conference.

The indictment from a federal grand jury in New York City said the attacks occurred from 2011 to 2013. 

The attack on the Bowman Avenue Dam in Rye Brook, New York, was especially alarming, Lynch said, because it marked one of the first known intrusions on critical infrastructure. A stroke of good fortune prevented the hackers from obtaining operational control of the flood gates because the dam had been manually disconnected for routine maintenance, she said.

Andre McGregor a former FBI agent and a lead case investigator on the dam intrusion told Reuters that the Bowman hack was a “game-changing event” for the U.S. government that prompted investigators to uncover other systems vulnerable to similar attacks, said.

“Our investigation led to the discovery of many more exposed computer systems with vulnerable management consoles (which) kept me awake at night as a constant reminder that basic cyber hygiene remains the at the forefront of the battle against cyber attacks,” said McGregor, now director of security at Tanium, a Silicon Valley cyber security firm.

LONG MEMORIES

The defendants were identified as Ahmad Fathi, Hamid Firoozi, Amin Shokohi, Sadegh Ahmadzadegan, Omid Ghaffarinia, Sina Keissar and Nader Seidi, all citizens and residents of Iran. They are accused of conspiracy to commit computer hacking while employed by two Iran-based computer companies, ITSecTeam and Mersad Company.

Firoozi also is charged with obtaining and abetting unauthorized access to a protected computer.

U.S. officials largely completed the investigation more than a year ago, according to two sources familiar with the matter, but held off releasing the indictment so as to not jeopardize the landmark 2015 nuclear deal with Iran or a January prisoner swap.

Even though Iran is not expected to extradite the suspects, FBI Director James Comey vowed to pursue justice.

“The world is small and our memory is long,” he said at the news conference with Lynch.

Dmitri Alperovitch, chief technology officer with cyber security firm CrowdStrike, said, “This sends an important message to Iran and other governments that these people cannot operate anonymously.”

This story is partly based on wire dispatches.