Iranians Indicted Over DDoS Campaign on Banks, Dam Hack

The U.S. government on Thursday indicted seven hackers affiliated with the Iranian government for attacks it called “a frightening new frontier in cybercrime.”

Accusing the men of carrying out a series of distributed denial of service (DDoS) attacks against 46 financial companies, the Department of Justice announced the charges in a press conference Thursday morning in Washington, D.C.,

It also accused one of the men of hacking into the supervisory control and data acquisition (SCADA) systems of a small dam in Rye, New York.

According to a federal grand jury, which handed down the indictment, the men worked for the Iran’s Islamic Revolutionary Guards Corps, a branch of the country’s Armed Forces. The DOJ didn’t specify that the group necessarily directed the attacks, but that the hackers “performed work on behalf of the Iranian Government, including the Islamic Revolutionary Guard Corps.”Screen Shot 2016-03-24 at 2.03.19 PM

The indictment, (.PDF) unsealed this morning by the U.S. Attorney’s Office Southern District of New York, names seven Iranians: Ahmad Fathi, Hamid Firoozi, Amin Shokohi, Sadegh Ahmadzadegan, Omid Ghaffarinia, Sina Keissar, and Nader Saedi.

While they’ve been in the works for a while, the charges are the first the U.S. government has issued to individuals associated with another government for interfering with national infrastructure.

The DDoS attacks prevented bank customers from accessing their accounts and reportedly cost the banks tens of millions of dollars to try and to stop the attacks, the DOJ claims.

The attacks, which began in December 2011 and continued until mid-2013, rendered sites belonging to Bank of America, NASDAQ, the NYSE, PNC Bank, and Capital One, to name a few, inaccessible.

The attacks were viewed as unprecedented, even historic at the time — the hackers were able to severely hamper sites with attacks upwards to 80 to 100 Gb/second, nearly 10 times the amount it’d take to normally knock a site offline.

“These attacks were relentless, they were systematic, and they were widespread,” U.S. Attorney General Loretta Lynch said of the DDoS attacks, in a press conference around the indictment this morning.

The 18-page indictment also alleges that Firoozi managed to get access to systems corresponding to a dam just outside New York City. The dam, on Bowman Avenue in Rye, a city in Westchester county, roughly 45 minutes outside Manhattan, regulates water that flows into Blind Brook. Once in, he was able to monitor information like the water temperature, water levels, and flow rates from August to September 2013.

It’s unclear what Firoozi’s intent was, but according to the indictment he actually would’ve been able to remotely control a sluice gate in the dam, had it not already been disconnected for maintenance prior to him getting access to the system.

All of the men are being charged with counts of conspiracy to commit and aid and abet computer hacking while Firoozi has an additional charge tacked on for obtaining and aiding and abetting unauthorized access to a protected computer. The indictment claims the men work for two Iranian computer security firms sponsored by the country’s militia, ITSec and Mersad Co.

“These were no ordinary crimes, but calculated attacks by groups with ties to Iran’s Islamic Revolutionary Guard and designed specifically to harm America and its people,” Manhattan U.S. Attorney Preet Bharara said Thursday, “We now live in a world where devastating attacks on our financial system, our infrastructure, and our way of life can be launched from anywhere in the world, with a click of a mouse.”

In some ways the move harkens back to an indictment made by the Department of Justice back in May 2014 when it called out five officers with the Chinese People’s Liberation Army for hacking into U.S. firms and stealing proprietary information. Like that case, the defendants don’t live in the U.S., meaning it’s highly unlikely they’ll ever see a federal courtroom, but the indictment does send a message. Iran would never voluntarily send the men here but if they ever traveled abroad, there’s a chance they could be extradited.

“The world is small, and our memories are long,” FBI Director James Comey, who was also at the press conference said, “No matter where hackers are in the world and no matter how hard they try to conceal their identities, we will find ways to pierce that shield and identify them. That is the message of this case.”