The Federal Bureau of Investigation (FBI) reports that seven Iranians working on behalf of the Iranian government have been indicted for a series of cyber crimes that cost U.S. financial institutions tens of millions of dollars and compromised critical controls of a New York dam.
Using botnets and other malicious computer code, the individuals—employed by two Iran-based computer companies sponsored and directed by the Iranian government—engaged in a systematic campaign of distributed denial of service (DDoS) attacks against nearly 50 institutions in the U.S. financial sector between late 2011 and mid-2013. The repeated, coordinated attacks disabled bank websites and prevented customers from accessing their online accounts.
The indictments were unsealed last week in federal court in New York City. The defendants are all believed to be in Iran, but Interpol Red Notices have been issued for their arrests and extraditions to the U.S. if they travel outside of Iran.
FBI also has set up a Cyber Action Team (CAT) to deal with computer hackers. This rapid deployment group of cyber experts can be on the scene just about anywhere in the world within 48 hours, claims FBI. The group provides investigative support to answer critical questions that can quickly move a case forward.
“The FBI will find those behind cyber intrusions and hold them accountable, wherever they are, and whoever they are,” said Director James B. Comey at a press conference at the Department of Justice in Washington, D.C., where the charges were announced.
Attorney General Loretta Lynch added, “We will continue to pursue national security cyber threats through the use of all available tools, including public criminal charges.”
The DDoS attacks, which overwhelmed servers and thereby denied Internet access to legitimate users, collectively required tens of millions of dollars to mitigate.
The attacks began in December 2011, and by September 2012 were occurring on nearly a weekly basis. On certain days, according to FBI, hundreds of thousands of customers were cut off from online access to their bank accounts.
According to court documents, one of the hackers who helped build the botnet used in some of the attacks received credit for his computer intrusion work from the Iranian government toward completion of his mandatory military service requirement.
Other defendants have claimed responsibility for hacking servers belonging to NASA and for intrusions into thousands of other servers in the U.S., the United Kingdom, and Israel.
Since the attacks, the FBI and the Department of Justice have worked with the private sector to neutralize and remediate the botnets.
The Bureau also conducted extensive outreach to Internet service providers to assist in removing the malware from affected servers. Through these efforts, more than 90 percent of the threat has been successfully eliminated, FBI claims.
In addition to targeting the U.S. financial sector, one of the defendants repeatedly gained access to computer systems of the Bowman Dam in Rye, New York in 2013.
Although the defendant never gained control of the dam, his access allowed him to learn critical information about the dam’s operation, including details about gates that control water levels and flow rates.
The breach underscored the potential vulnerabilities of the nation’s critical infrastructure to foreign hackers and could have posed “a clear and present danger to the public health and safety of Americans,” said Attorney General Lynch.