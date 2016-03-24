(Corrects paragraph 1 to say hackers did not break into
computers)
By Dustin Volz and Jim Finkle
WASHINGTON/BOSTON, March 24 Seven Iranian
hackers conducted a coordinated cyber attack on dozens of U.S.
banks, causing millions of dollars in lost business, and tried
to shut down a New York dam, the U.S. government said on
Thursday in an indictment that for the first time accused
individuals tied to another country of trying to disrupt
critical infrastructure.
It said the seven accused were believed to have been working
on behalf of Iran's government and the Islamic Revolutionary
Guard. Those named live in Iran and the Iranian government is
not expected to extradite them. There was no immediate comment
from Tehran.
At least 46 major financial institutions and financial
sector companies were targeted, including JPMorgan Chase
, Wells Fargo and American Express, the
indictment said. AT&T also was targeted.
The hackers are accused of hitting the banks with
distributed-denial-of-service attacks on a near-weekly basis, a
relatively unsophisticated way of knocking computer networks
offline by overwhelming them with a flood of spammed traffic.
"These attacks were relentless, they were systematic, and
they were widespread," U.S. Attorney General Loretta Lynch told
a Washington news conference.
The indictment from a federal grand jury in New York City
said the attacks occurred from 2011 to 2013. Washington has
previously accused military officers from China and the North
Korean government of cyber attacks against U.S. businesses.
The attack on the Bowman Avenue Dam in Rye Brook, New York,
was especially alarming, Lynch said, because it represented a
known intrusion on critical infrastructure. A stroke of good
fortune prevented the hackers from obtaining operational control
of the flood gates because the dam had been manually
disconnected for routine maintenance, she said.
The Bowman hack was a "game-changing event" for the U.S.
government that prompted investigators to uncover other systems
vulnerable to similar attacks, said Andre McGregor, a former FBI
agent and a lead case investigator on the dam intrusion.
"The investigation's discovery of many more exposed computer
systems with vulnerable management consoles is a constant
reminder that basic cyber hygiene remains at the forefront of
the battle against cyber attacks," said McGregor, now director
of security at Tanium, a Silicon Valley cyber security firm.
"We must step up our counter-hacking game ASAP to deal with
threats from places like Iran and would be terrorists," said New
York Senator Chuck Schumer in a statement.
Cyber security experts and U.S. intelligence officials have
grown more alarmed in recent months by the possibility of
destructive hacks of critical infrastructure such as dams, power
plants and factories. Some have said a December cyber attack on
the Ukraine's energy grid that caused a temporary blackout of
225,000 should serve as a wake-up call.
LONG MEMORIES
The defendants were identified as Ahmad Fathi, Hamid
Firoozi, Amin Shokohi, Sadegh Ahmadzadegan, Omid Ghaffarinia,
Sina Keissar and Nader Seidi, all citizens and residents of
Iran. They are accused of conspiracy to commit computer hacking
while employed by two Iran-based computer companies, ITSecTeam
and Mersad Company.
Firoozi also is charged with obtaining and abetting
unauthorized access to a protected computer.
The indictments are the latest attempt by the Obama
administration to more publicly confront cyber attacks carried
out by other countries against the United States.
The campaign began two years ago when the Justice Department
accused five members of China's People's Liberation Army with
hacking several Pennsylvania-based companies in an alleged
effort to steal trade secrets. It continued with President
Obama's vow to "respond proportionally" against North Korea for
the destructive hack against Sony Pictures.
"An important part of our cyber security practice is to
identify the actors and to attribute them publicly when we can,"
Lynch said Thursday. "We do this so that they know they cannot
hide."
U.S. officials largely completed the investigation more than
a year ago, according to two sources familiar with the matter,
but held off releasing the indictment so as to not jeopardize
the landmark 2015 nuclear deal with Iran or a January prisoner
swap.
Even though Iran is not expected to extradite the suspects,
FBI Director James Comey vowed to pursue justice.
"The world is small and our memory is long," he said at the
news conference with Lynch.
Dmitri Alperovitch, chief technology officer with cyber
security firm CrowdStrike, said, "This sends an important
message to Iran and other governments that these people cannot
operate anonymously."
The U.S. and Israel launched a cyber attack against Iran in
2010, now famously known as the Stuxnet worm, in order to
disable Iran's nuclear centrifuges. Some security researchers
and officials have long suspected the attacks against U.S. banks
and the dam were done in part as retaliation.
Separately, the U.S. Treasury Department blacklisted two
Iranian companies on Thursday for supporting Iran's ballistic
missile program and also sanctioned two British businessmen it
said were helping an airline used by Iran's Revolutionary
Guards.
(Additional reporting by Jonathan Stempel in New York, Susan
Heavey, Megan Cassella and Julia Edwards in Washington; Editing
by James Dalgleish and Bill Trott)