Incident Response, Network Security, TDR

U.S. indicts seven Iranians for hacking banks and a N.Y. dam

Seven men connected to the Iranian government and the Islamic Revolutionary Guard were indicted today in the Southern District of New York for conducting a hacking campaign that included attacks on banks, with one man also charged with accessing the control system of a New York dam.

The U.S. Department of Justice named Ahmad Fathi, 37; Hamid Firoozi, 34; Amin Shokohi, 25; Sadegh Ahmadzadegan, aka Nitr0jen26, 23; Omid Ghaffarinia, aka PLuS, 25; Sina Keissar, 25; and Nader Saedi, aka Turk Server, 26, as having participated in the attacks. All face charges relating to launching distributed denial of service (DDoS) attacks against 46 financial institutions between 2011 and 2013 that knocked banking systems offline. Firoozi was also charged with compromising the control system of the 20-foot-tall Bowman Avenue Dam, near Rye Brook, N.Y., in August and September 2013.

“Today, we have unsealed an indictment against seven alleged experienced hackers employed by computer security companies working on behalf of the Iranian government, including the Islamic Revolutionary Guard Corps,” said Attorney General Loretta Lynch at a press conference announcing the indictment. "A federal grand jury in Manhattan found that these seven individuals conspired together, and with others, to conduct a series of cyberattacks against civilian targets in the United States financial industry that, in all, cost victims tens of millions of dollars."

The Iranian firms are ITSecTeam and Mersad Company, the Justice Department said.

All seven defendants face a maximum of 10 years in prison for conspiracy to commit and aid and abet computer hacking. Firoozi faces an additional five years behind bars on the charge of aiding and abetting unauthorized access to the dam.

None of the defendants are in U.S. custody at this time, but the move is part of a larger plan to unveil those behind cyber attacks.

“Today, let this indictment reinforce that the days of perceived anonymity are gone – we can remove the cloak,” said Assistant Attorney General John P. Carlin. "And we will. Today's announcement proves, once again, there is no free pass for nation-state-affiliated computer intrusions."

Meanwhile, Lynch said the Bowman Dam was offline undergoing maintenance during the period Firoozi gained access to its control systems, adding that if it had been active, Firoozi would have been able to change water levels and flow rates in the system.

The DDoS attacks at times hit the victims with 140GB of data per second, effectively shutting out hundreds of thousands of banking customers from access to their accounts, The Justice Department said in a written release.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.