Home / Technology / U.S. Indicts 7 Iranians in Cyberattacks on Banks and a Dam

U.S. Indicts 7 Iranians in Cyberattacks on Banks and a Dam

WASHINGTON — The Justice Department on Thursday unsealed an indictment against seven Iranian computer specialists who regularly worked for the country’s Islamic Revolutionary Guards Corps, charging that they were behind cyberattacks on dozens of American banks and that they attempted to take over the controls of a small dam in Rye, N.Y.

The indictment, while long expected, is the first time that the Obama administration has sought action against Iranians for a wave of computer attacks on the United States that began in 2011.

The indictment does not say that the attacks were directed by the Revolutionary Guards. But it referred to those who were charged as “experienced computer hackers” who “performed work on behalf of the Iranian Government, including the Islamic Revolutionary Guard Corps.”

In 2010, an American-led cyberattack on Iran’s main nuclear enrichment plant, the so-called Stuxnet virus, was revealed for the first time, and intelligence experts have long speculated that the attacks aimed at some of America’s largest banks — including JPMorgan Chase, Bank of America, Capital One and PNC Bank — were retaliation.

The indictment also cited attacks on the New York Stock Exchange and AT&T.

All of those attacks were “distributed denial of service” attacks, often called DDOS attacks, in which the target’s computers are overwhelmed by coordinated computer requests from thousands of machines around the world. The result is often that the targeted networks crash, putting them out of service for some number of hours.

But in the case of the Bowman Dam in Rye, a suburb of New York, there was an effort to take over the dam itself. The effort failed, but in some ways worried American investigators more because it was a different kind of attack, aimed at seizing control of a piece of infrastructure.

None of the named Iranians live in the United States and it is doubtful that they will ever make it to an American courtroom. In that respect the indictment is similar to one the Justice Department issued two years ago against members of Unit 61398 of the Chinese People’s Liberation Army, which it accused of stealing data from American corporations. But the administration argues that such indictments send a strong signal, and make it difficult for those who were indicted to travel, for fear they could be extradited.

The indictment comes only eight months after the nuclear deal reached between Iran and six other nations, including the United States, appeared to be putting Tehran and Washington on a track toward a more productive relationship, after 35 years of enmity. But the Iranian missile launches in recent months — also organized by the Guards — have led to calls in Congress for new sanctions. The indictment appeared part of an American effort to keep Iran from taking the energy previously reserved for its nuclear program to bolster its growing corps of cyberwarriors, some of whom work directly for the government while others, like those named in the indictment, appear to be contractors.

As a measure of the importance the administration placed on the indictment, it was announced by Attorney General Loretta Lynch, in a news conference in Washington with the United States attorney for the Southern District of New York, Preet Bharara, where the indictment was handed down. It was unclear how long it had been under seal.

The Iranians named in the indictment were Ahmad Fathi, Hamid Firoozi, Amin Shokohi and Sadegh Ahmadzadegan, who went by the online handle of “Nitr0jen26.”

Also named were Omid Ghaffarinia, known as “PLuS,” Sina Keissar and Nader Saedi, also known as “Turk Server.” Their whereabouts were not described, but some worked for a firm the indictment called ITSec Team, and some for Mersad Company, both described as private security companies based in Iran.

Continue reading the main story

NYT > Technology

Leave a Reply

Your email address will not be published. Required fields are marked *