The Cable

U.S. Law Enforcement Targets Seven Iranian Hackers For Bank and Dam Breaches

The United States accuses seven Iranian hackers of targeting American banks and water infrastructure.


The Justice Department has charged seven Iranian hackers with launching cyber attacks against 46 U.S. banks and an upstate New York dam in a strike that sought to upend American financial markets and, potentially, manipulate water supplies to devastating results.

U.S. Attorney General Loretta Lynch said Thursday the suspects are accused of working on Tehran’s behalf and have links to the Iranian Revolutionary Guard Corps. It’s the first time the U.S. government is charging a foreign national with attempting to hijack critical infrastructure or computer systems connected to banking.

The charges were unsealed in one of the most high-profile indictments issued against a foreign rival accused of cyber hacking.

“These attacks were relentless. They were systematic. And they were widespread,” Lynch said at a press conference in Washington.

She said that due to maintenance, the Bowman Avenue Dam in Rye, N.Y., was not connected to a computer system when it targeted. If it was, it would be ”a clear and present danger to the public health and safety of Americans.”

As fearsome — and perhaps even more broadly so — were the strikes against Bank of America, JPMorgan Chase, Capital One, PNC Financial Services, SunTrust Bank, and 41 other financial institutions. Launched between 2011 and 2013, they blocked Americans from accessing their money and disrupted U.S. financial markets.

Using online aliases such as Nitr0jen26, PLuS, and Turk Server, the group allegedly worked for two Iranian computer security companies, ITSec Team and Mersad Co. Prosecutors said they launched a so-called distributed denial of service attacks against U.S. banks, and penetrated the Bowman dam’s computer control system at the Iranian government’s behest.

A federal grand jury in Manhattan indicted Hamid Firoozi, Ahmad Fathi, Amin Shokohi, Sadegh Ahmadzadegan, Omid Ghaffarinia, Sina Keissar, and Nader Saedi. The Justice Department said they are all are Iranian nationals and believed to be living in Iran.  

Additionally, Firoozi was charged with a cyber intrusion on the Bowman Avenue Dam.

The 18-page indictment comes eight months after the United States and Iran struck an historic nuclear accord, limiting Tehran’s weapons program in exchange for economic sanctions relief.

With state-sponsored hackers and criminal groups frequently attacking American corporations and the U.S. government in cyberspace, the Obama administration has relied on a variety of tools to strike back and deter hackers from targeting the United States. Two years ago, for example, the United States charged five Chinese military officers for economic spying in cyberspace.

Yet the use of criminal prosecutions against state-sponsored hackers has been criticized as an empty symbolic gesture, as such individuals are highly unlikely to ever see the inside of a U.S courtroom. U.S. officials maintain that public indictments can be a powerful tool to name and shame hackers, and that they send a powerful message that Washington will go after criminals in cyberspace, regardless for whom they work.

“The world is small and our memories are long,” FBI Director James Comey told reporters at the Justice Department press conference. “There is no place safe in an increasingly small world.”

Sophisticated cybercriminals and hackers are frequently able to obscure their identities, and investigating such cases presents a formidable challenge for the FBI. Assistant Attorney General John Carlin, who oversees national security cases, said the use of public indictments is intended, in part, to undermine the appeal of anonymously engaging in cyber-crime. “The days of perceived anonymity are gone,” Carlin said.  

Thursday’s announcement is the latest salvo in the burgeoning cyber war between the United States and its rivals. In 2014, President Barack Obama vowed to “respond proportionally” after North Korea hacked Sony Pictures, although there was no public counterattack. In response to that attack, the United States slapped Pyongyang with sanctions.

Lynch also fielded questions Thursday about this week’s terror attack in Brussels, and said authorities know of no current and credible threat against the American homeland. But, she added, “that does not mean we are not being vigilant.”

The attorney general also said it is too early to know whether encrypted communications helped carry out the attacks. Comey said there is “not yet” a connection between the assailants in Brussels and anyone in the United States.

Photo credit: ALEX WONG/Getty Images

Elias Groll is a staff writer at Foreign Policy. Twitter: @EliasGroll

Trending Now Sponsored Links by Taboola

By Taboola

More from Foreign Policy

By Taboola