DOJ Charges Iran Hackers for Hitting New York Dam

The U.S. government is taking direct legal aim at seven Iranian individuals for attacking American banks and infrastructure. The Department of Justice today announced that an indictment was issued by a grand jury in the Southern District of New York for attacks that include a 176-day distributed denial-of-service (DDoS) campaign against the U.S. financial sector, as well as an attack against the Bowman Dam in New York state.

"For many years, nation states and their affiliates enjoyed what they perceived to be a cloak of anonymity. A cloak they hid behind to break our laws through cyber intrusions and to threaten our security and economic well-being," Assistant Attorney General John P. Carlin said at a press conference announcing the charges. "They had this perceived cloak because they thought we couldn't figure out who did it and, if we did figure it out, we would keep it a secret. They are wrong."

The seven individuals charged by the DOJ were employed by the Iran-based ITSecTeam (ITSEC) and Mersad Company (MERSAD), both of which have direct ties to the Islamic Revolutionary Guard Corps and the Iranian government. Charges against the seven individuals include conspiracy to commit and to aid and abet computer hacking. The seven individuals named by the DOJ indictment are Ahmad Fathi, 37; Hamid Firoozi, 34; Amin Shokohi, 25; Sadegh Ahmadzadegan (a.k.a. Nitr0jen26), 23; Omid Ghaffarinia (a.k.a. PLuS), 25; Sina Keissar, 25; and Nader Saedi (a.k.a. Turk Server), 26.

Firoozi is the only one of the seven who is being directly charged in relation to the attack on the Bowman Dam, which occurred between Aug. 28 and Sept. 18, 2013. According to the indictment, Firoozi was able to repeatedly obtain unauthorized access to the Supervisory Control and Data Acquisition (SCADA) systems of the Bowman Dam in Rye, N.Y. With the access, the DOJ alleges that Firoozi was able to get status updates on the operation of the dam, including water levels and temperature. The access also gave Firoozi insight into the status of the dam's sluice gate, which controls the water level.

"Although that access would normally have permitted Firoozi to remotely operate and manipulate the Bowman Dam's sluice gate, Firoozi did not have that capability because the sluice gate had been manually disconnected for maintenance at the time of the intrusion," the DOJ stated.

The DDoS campaign against U.S. financial institutions ran from December 2011 until September 2012. The attack hit a peak of 140G bps of data at its height, impacting the operations of multiple organizations, restricting access by customers to bank accounts.

The actual DDoS attack was conducted by first building out a pair of botnets, comprised of an unspecified number of compromised systems. While the DDoS attacks did impact the operations of the attacked U.S. financial institutions, there was no data breach.

"Although the DDoS campaign caused damage to the financial sector victims and interfered with their customers' ability to do online banking, the attacks did not affect or result in the theft of customer account data," the DOJ stated.

This is not the first time that the DOJ has charged foreign nationals with attacking American organizations. In May 2014, the DOJ filed an indictment against Chinese Army officials alleging the theft of intellectual property from U.S. firms.

"Today's announcement proves, once again, there is no free pass for nation state affiliated computer intrusions," Assistant Attorney General John P. Carlin said. "No matter where a hacker is located or who he is affiliated with—China or North Korea, ISIL or SEA [Syrian Electronic Army]—we can figure who did it, by name and face, we can do so publicly and we can impose consequences."

However, the DOJ has never managed to apprehend the Chinese attackers, and the same will likely be true in the new case against the Iranian hackers. To date, U.S. law enforcement has not brought the seven charged Iranian individuals into custody.

Casey Ellis, CEO and founder of security vendor Bugcrowd, noted that given the increasing frequency of nation-to-nation attacks and the rising level of public awareness and concern about this type of vulnerability and threat, the DOJ should take a firm stand against these hackers, but more needs to be done to protect infrastructure from attack. "Adversaries cannot attack what is not vulnerable, and it's widely known now that this type of infrastructure needs serious work when it comes to making it more resilient against attacks," Ellis told eWEEK.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.