WASHINGTON â The Justice Department on Thursday unsealed an indictment against seven Iranian computer specialists who regularly worked for the countryâs Islamic Revolutionary Guards Corps, charging that they were behind cyberattacks on dozens of American banks and that they attempted to take over the controls of a small dam in Rye, N.Y.
The indictment, while long expected, is the first time that the Obama administration has sought action against Iranians for a wave of computer attacks on the United States that began in 2011.
The indictment does not say that the attacks were directed by the Revolutionary Guards. But it referred to those who were charged as âexperienced computer hackersâ who âperformed work on behalf of the Iranian Government, including the Islamic Revolutionary Guard Corps.â
In 2010, an American-led cyberattack on Iranâs main nuclear enrichment plant, the so-called Stuxnet virus, was revealed for the first time, and intelligence experts have long speculated that the attacks aimed at some of Americaâs largest banks â including JPMorgan Chase, Bank of America, Capital One and PNC Bank â were retaliation.
The indictment also cited attacks on the New York Stock Exchange and AT&T.
All of those attacks were âdistributed denial of serviceâ attacks, often called DDOS attacks, in which the targetâs computers are overwhelmed by coordinated computer requests from thousands of machines around the world. The result is often that the targeted networks crash, putting them out of service for some number of hours.
But in the case of the Bowman Dam in Rye, a suburb of New York, there was an effort to take over the dam itself. The effort failed, but in some ways worried American investigators more because it was a different kind of attack, aimed at seizing control of a piece of infrastructure.
None of the named Iranians live in the United States and it is doubtful that they will ever make it to an American courtroom. In that respect the indictment is similar to one the Justice Department issued two years ago against members of Unit 61398 of the Chinese Peopleâs Liberation Army, which it accused of stealing data from American corporations. But the administration argues that such indictments send a strong signal, and make it difficult for those who were indicted to travel, for fear they could be extradited.
The indictment comes only eight months after the nuclear deal reached between Iran and six other nations, including the United States, appeared to be putting Tehran and Washington on a track toward a more productive relationship, after 35 years of enmity. But the Iranian missile launches in recent months â also organized by the Guards â have led to calls in Congress for new sanctions. The indictment appeared part of an American effort to keep Iran from taking the energy previously reserved for its nuclear program to bolster its growing corps of cyberwarriors, some of whom work directly for the government while others, like those named in the indictment, appear to be contractors.
As a measure of the importance the administration placed on the indictment, it was announced by Attorney General Loretta Lynch, in a news conference in Washington with the United States attorney for the Southern District of New York, Preet Bharara, where the indictment was handed down. It was unclear how long it had been under seal.
The Iranians named in the indictment were Ahmad Fathi, Hamid Firoozi, Amin Shokohi and Sadegh Ahmadzadegan, who went by the online handle of âNitr0jen26.â
Also named were Omid Ghaffarinia, known as âPLuS,â Sina Keissar and Nader Saedi, also known as âTurk Server.â Their whereabouts were not described, but some worked for a firm the indictment called ITSec Team, and some for Mersad Company, both described as private security companies based in Iran.