On Thursday, the U.S. government formally accused seven Iranian hackers who may have coordinated cyber attacks on several U.S. banks and other large businesses. The attacks have cost businesses millions of dollars, and for the first time, have almost resulted in the shutdown of a dam in New York regarded as a critical infrastructure.
The men involved, who live in Iran, are believed to be carrying out such activities for the Islamic Revolutionary Guard and the Iranian government, who is not expected to extradite the men. Tehran has not made any comments on the event.
According to investigations, there were at least 46 major financial institutions that were besieged by the hackers including, JPMorgan Chase, Wells Fargo, and American Express. Telecom company, AT&T was also one of the targets.
The Iranian hackers clogged-up computer networks with spammed traffic causing them to go offline. These attacks took place almost weekly.
According to a Washington news conference, U.S. Attorney General Loretta Lynch said:
“These attacks were relentless, they were systematic, and they were widespread.”
The attacks happened from 2011 until 2013 according to the indictment by a federal grand jury. Before Iran, the U.S. also accused Chinese military and the North Korean government of launching cyber attacks on the country and its companies.
Lynch said that the attack on the New York dam was particularly shocking because the hackers were able to get into the critical system. The Bowman Avenue Damn in Rye Brook, New York was saved from an operational control take-over only because routine maintenance forced the dam’s gates to be manually disconnected.
The “game-changing” hack on the Bowman dam has urged authorities to uncover other systems that could be exposed to such attacks, according to former FBI agent Andre McGregor who is the lead investigation officer for the Bowman attack.
McGregor, who is the director of security of the Silicon Valley firm Tanium said:
“The investigation’s discovery of many more exposed computer systems with vulnerable management consoles is a constant reminder that the basic cyber hygiene remains at the forefront of the battle against cyber attacks.”
Also according to statement made by New York Senator, Chuck Schumer:
“We must step up our counter-hacking game ASAP to deal with threats from places like Iran and would be terrorists,”
Intelligence officials in the U.S. are pressed with growing concerns of cyber risks in the recent months due to possible hacks against important infrastructures including dams, power plants, factories. The attack on Ukraine’s energy grid which caused a 225,000 power-outage in December should have raised alarms straightaway.
The U.S. has identified the Iranian hackers as, Ahmad Fathi, Hamid Firoozi, Amin Shokohi, Sadegh Ahmadzadegan, Omid Ghaffarinia, Sina Keissar and Nader Seidi, who are employed by Iran-based companies such as, ITSecTeam and Mersad Company.
The men are indicted for conspiracy to commit computer hacking.
The Obama administration’s indictment is the newest among publicized opposition against cyber attacks against the U.S.
The first head-on crusade against such attacks was against China’s People’s Liberation Army when the Justice Department accused five of its members of compromising companies in Pennsylvania to steal trade secrets. Also North Korea’s attack against Sony prompted President Obama to “respond proportionally” in continuing their campaign.
“An important part of our cyber security practice is to identify the actors and to attribute them publicly when we can. We do this so that they know they cannot hide.”