Iranian Hackers Who Targeted U.S. Banks and a Dam: Why and How They Did It

Seven Iranian hackers targeted U.S. banks and a dam north of New York City between 2011 and 2013, and today the Obama administration made public an indictment against them, in an effort to pull back the “veil” malicious cyber attackers hide behind.

Beginning in December 2011, the U.S. Department of Justice reports hackers “sporadically” attacked the financial sector until it escalated to a weekly frequency of coordinated attacks against banks such as JP Morgan Chase, Bank of America, Capital One, and PNC Bank.

No consumer account data or funds were stolen, but rather the hackers attempted to overwhelm the bank systems and servers to disable user access to accounts.

“The charges announced today respond directly to a cyber-assault on New York, its institutions, and its infrastructure,” says Manhattan U.S. Attorney Preet Bharara. “The alleged onslaught of cyber-attacks on 46 of our largest financial institutions, many headquartered in New York City, resulted in hundreds of thousands of customers being unable to access their accounts and tens of millions of dollars being spent by the companies trying to stay online through these attacks.”

The Bowman Dam, in Rye, New York was infiltrated electronically by one of the hackers who was able to obtain information on the dam, including water levels, temperature, and the status of the sluice gate, which is responsible for controlling water levels and flow rates. According to the Department of Justice, the hacker would normally have the ability to remotely control water levels flowing in and out of the dam, but the gate had been manually disconnected for maintenance at the time of the attack, August 28 to September 18, 2013.

While the administration did not directly blame Iran’s Revolutionary Guard for the attacks, they did say that these seven were experienced hackers who worked on “behalf of Islamic Revolutionary Guard Corps-sponsored entities.”

Ahmad Fathi, Hamid Firoozi, Amin Shokohi, Sadegh Ahmadzadegan, Omid Ghaffarinia, Sina Keissar, and Nader Saedi are each charged with one count of conspiracy to commit and aid and abet computer hacking, which carries a maximum sentence of 10 years in prison. They allegedly worked with two Iran-based computer companies, ITSecTeam (“ITSEC”) and Mersad Company (“MERSAD”), which were sponsored by the Iranian Revolutionary Guard, to carry out the attacks.

According to the New York Times, their attacks were largely seen as retaliation to a 2010 U.S.-led cyber attack on Iran’s main nuclear enrichment plant.

“Like past nation state-sponsored hackers, these defendants and their backers believed that they could attack our critical infrastructure without consequence, from behind a veil of cyber anonymity. This indictment once again shows there is no such veil,” says Assistant Attorney General John P. Carlin. “We can and will expose malicious cyber hackers engaging in unlawful acts that threaten our public safety and national security.”

Read the now-unsealed indictment below.