The US Department of Justice (DoJ) recently indicted 7 Iranians over a slew of high-profile distributed-denial-of-service (DDoS) attacks on major banks, as well as an attempt to shut down a New York dam. The attackers, known to be employed by Iran-based computer companies linked to the Iranian government, engaged in a systematic campaign of distributed denial-of-service (DDoS) attacks. The attacks involved the use of botnets and other malicious computer code, and targeted nearly 50 institutions in the US financial sector—including Bank of America, the New York Stock Exchange, and Capital One—with floods of traffic of up to 140Gbps between late 2011 and mid-2013.
The accused were identified as Ahmad Fathi, Hamid Faroozi, Amin Shokohi, Sedegh Ahmadzadegan (aka Nitr0jen26), Omid Ghaffarinia (aka PLuS), Sina Keissar, and Nader Saedi, who also uses the online alias “Turk Server”. They work for two companies: ITSec Team and Mersad Co. Firoozi separately gained unauthorized access to a New York dam’s industrial automation control (SCADA) system in August and September of 2013. According to a DoJ statement, “This unauthorized access allowed [Firoozi] to repeatedly obtain information regarding the status and operation of the dam, including information about the water levels, temperature, and status of the sluice gate, which is responsible for controlling water levels and flow rates”. Fortunately, the sluice gate had been manually disconnected due to maintenance at the time Firoozi attacked.
Interestingly, the New York Bowman dam located in Rye Brook village is not considered “vital” to the infrastructure of the US—a fact that led mayor Paul Rosenberg to believe that the hack of Bowman dam could be a dry run for a more serious attack of a major hydroelectric generator of the nation’s power grid. Despite the alleged insignificance of the targeted New York dam, investigators are still nevertheless disturbed because the attempt indicated that attackers had the ability to take control of computer-operated infrastructure. In addition, contemporary dams, drawbridges, and power plants are connected to the Internet, which makes it easier for attackers to target if unprotected.
The indictment marks a shift in US-Iranian relations after the two countries negotiated a nuclear treaty. Based on previous news reports, the attacks seem to be linked to the Islamic Republic, and though the charges against the attackers has been on the hands of the DOJ for more than a year, it was unsealed partially because of congressional pressure. Authorities then decided to make the indictment public after the Bowman dam incident was disclosed in a Wall Street Journal article in December 2015.
Since the accused are in Iran, the FBI believes that it will be unlikely that they will appear in US courts. However, the Interpol Red Notices have been released for their extraditions to the US if they travel outside Iran. FBI Director James B. Comey warns “never say never” and adds “The FBI will find those behind cyber intrusions and hold them accountable, wherever they are, and whoever they are”. Attorney General Loretta Lynch also cautioned “We will continue to pursue national security cyber threats through the use of all available tools, including public criminal charges”.
If convicted, the seven hackers could serve up to 10 years in prison, with Firoozi facing an additional 5-year prison sentence for hacking into the Bowman dam.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).