Seven Iranian hackers have been indicted for launching distributed denial of service (DDoS) attacks against dozens of U.S. financial institutions as well as accessing the computer systems at a NY dam. On Thursday, U.S. Attorney General Loretta Lynch publicly accused Ahmad Fathi, Hamid Firoozi, Amin Shokohi, Sadegh Ahmadzadegan, Omid Ghaffarinia, Sina Keissar, and Nader Saedi, all of whom work for two Iranian computer security firms that are believed to be sponsored by Iran's Islamic Revolutionary Guard, for blocking access to the websites of 46 separate institutions, including JPMorgan Chase, Bank of America, the New York Stock Exchange, and Capital One. A press release issued by the Federal Bureau of Investigations details how the hackers conducted and maintained their DDoS campaigns, which lasted from late-2011 to mid-2013.
“For the purpose of carrying out the attacks, each group built and maintained their own botnets, which consisted of thousands of compromised computer systems owned by unwitting third parties that had been infected with the defendants’ malware, and subject to their remote command and control," the Department of Justice stated, as quoted by Network World. "The defendants and/or their unindicted co-conspirators then sent orders to their botnets to direct significant amounts of malicious traffic at computer servers used to operate the websites for victim financial institutions, which overwhelmed victim servers and disabled them from customers seeking to legitimately access the websites or their online bank accounts. Although the DDoS campaign caused damage to the financial sector victims and interfered with their customers’ ability to do online banking, the attacks did not affect or result in the theft of customer account data."
In addition to participating in the DDoS attacks, one of the accused has also been indicted for gaining continual access to the computer systems at the Bowman Avenue Dam in Rye, NY. Investigators have determined that the hacker never gained control of the dam. Nevertheless, it is believed he learned critical information about how the structure operates.
FBI Director James Comey feels that these indictments, which come just five months after the United States and Iran announced their nuclear accord, send a message.
"The FBI will find those behind cyber intrusions and hold them accountable wherever they are, and whoever they are," he said. “By calling out the individuals and nations who use cyber attacks to threaten American enterprise, as we have done in this indictment, we will change behavior. The world is small, and our memories are long. No matter where hackers are in the world and no matter how hard they try to conceal their identities, we will find ways to pierce that shield and identify them. That is the message of this case.”
It is unlikely Iran will voluntarily extradite the hackers to the United States for trial. Comey stated, however, that U.S. authorities can detain criminals if they travel abroad to certain countries, as they did when hacker Roman Valerevich Seleznev traveled to the Maldives. News of these indictments come two years after the United States indicted five Chinese military officials for hacking, economic espionage, and other offenses.
