DOJ Charges Iran Hackers for Hitting New York Dam
The Justice Department charged seven individuals with launching DDoS attacks against banks and attempting to disrupt a dam in New York state.The U.S. government is taking direct legal aim at seven Iranian individuals for attacking American banks and infrastructure. The Department of Justice today announced that an indictment was issued by a grand jury in the Southern District of New York for attacks that include a 176-day distributed denial-of-service (DDoS) campaign against the U.S. financial sector, as well as an attack against the Bowman Dam in New York state. "For many years, nation states and their affiliates enjoyed what they perceived to be a cloak of anonymity. A cloak they hid behind to break our laws through cyber intrusions and to threaten our security and economic well-being," Assistant Attorney General John P. Carlin said at a press conference announcing the charges. "They had this perceived cloak because they thought we couldn't figure out who did it and, if we did figure it out, we would keep it a secret. They are wrong." The seven individuals charged by the DOJ were employed by the Iran-based ITSecTeam (ITSEC) and Mersad Company (MERSAD), both of which have direct ties to the Islamic Revolutionary Guard Corps and the Iranian government. Charges against the seven individuals include conspiracy to commit and to aid and abet computer hacking. The seven individuals named by the DOJ indictment are Ahmad Fathi, 37; Hamid Firoozi, 34; Amin Shokohi, 25; Sadegh Ahmadzadegan (a.k.a. Nitr0jen26), 23; Omid Ghaffarinia (a.k.a. PLuS), 25; Sina Keissar, 25; and Nader Saedi (a.k.a. Turk Server), 26. Firoozi is the only one of the seven who is being directly charged in relation to the attack on the Bowman Dam, which occurred between Aug. 28 and Sept. 18, 2013. According to the indictment, Firoozi was able to repeatedly obtain unauthorized access to the Supervisory Control and Data Acquisition (SCADA) systems of the Bowman Dam in Rye, N.Y. With the access, the DOJ alleges that Firoozi was able to get status updates on the operation of the dam, including water levels and temperature. The access also gave Firoozi insight into the status of the dam's sluice gate, which controls the water level.
"Although that access would normally have permitted Firoozi to remotely operate and manipulate the Bowman Dam's sluice gate, Firoozi did not have that capability because the sluice gate had been manually disconnected for maintenance at the time of the intrusion," the DOJ stated.