The seven Iranian hackers charged with attacking dozens of banks and a small dam near New York City may never see the inside of a courtroom, but U.S. officials hope their "name and shame" tactic sends a message to foreign governments that support such attacks.
Indictments announced Thursday by the Justice Department portrayed Tehran-linked hackers reaching into the U.S. infrastructure and disrupting its financial system. It was the first time the FBI attributed a breach of a U.S. computer system that controls critical infrastructure to a hacker linked to a foreign government.
None of the individuals is in American custody and it's unclear if they'll ever be arrested or whether criminal indictments in absentia effectively combat such crimes. Publicly naming and shaming such crimes linked to foreign governments is a tactic focused on by the Justice Department since 2012.
The hackers are accused of infecting thousands of people's computers with malware to create a network of computers to overwhelm servers of major institutions and knock them offline. Targets included the Bank of America, NASDAQ and the New York Stock Exchange.
"The attacks were relentless, systematic and widespread," said Attorney General Loretta Lynch. "They threatened our economic well-being and our ability to compete fairly in the global marketplace," which she said "are directly linked to our national security."
One of the alleged hackers is accused of repeatedly gaining access to the control system of the Bowman Avenue Dam, a small flood-control structure in Rye Brook, about 30 kilometres north of New York City.
Officials termed his access "a frightening frontier on cybercrime," and said the hacker could have operated a digitally controlled sluice gate, potentially flooding portions of the city of Rye, if the gate had not been disconnected for maintenance at the time. The hacker still gained information about the dam's operations, including its water level, temperature and the sluice gate.
Alleged incidents occurred 2011-13
While that attack did no harm, one official said the hacker obtained knowledge about the computer system that could be used on other dams and infrastructure. The official spoke on condition of anonymity because he wasn't authorized to speak publicly. Computer systems, such as the one controlling the dam, are considered the backbone or core of modern industries including transportation, energy, oil and gas and manufacturing.
The intrusions between 2011 and 2013 targeted 46 victims, disabling bank websites and interfering with customers' ability to do online banking, the indictment states. The entire coordinated campaign occurred sporadically over 176 days and cost the institutions tens of millions of dollars in remediation costs; no customers lost money or had their personal information stolen.
The hackers worked for two Iranian computer companies linked to the Iranian government, including the Islamic Revolutionary Guard Corps, the U.S. said. Charges include violating U.S. laws on computer hacking and gaining unauthorized access to a protected computer.
The seven defendants are Ahmad Fathi, 37; Hamid Firoozi, 34; Amin Shokohi, 25; Sadegh Ahmadzadega, 23; Omid Ghaffarinia, 25; Sina Keissar, 25; and Nader Saedi, 26. Firoozi is charged alone for hacking the dam. Shokohi received credit from the Iranian government toward his mandatory military service for his work in the attacks, the U.S. alleges.
The Justice Department in May 2014 indicted five Chinese military officials suspected of hacking into several major American companies, including U.S. Steel and Westinghouse, and stealing trade secrets. None has been brought to trial.
Such indictments do tell foreign governments that they're not "invisible" and can be targeted for retribution, said James Lewis, a senior fellow at the Center for Strategic and International Studies. He said the one against Chinese hackers helped encourage an agreement with the U.S. to curb economic cyberespionage.
"There is a benefit," Lewis said. "It's not going to be a court case. I don't know if anyone expects that. But it will shape how the Iranians calculate what they can get away with."
The new charges come amid warming relations between the U.S. and Iran following last year's agreement that Iran roll back its nuclear program. But significant tensions remain, with Iran conducting several ballistic missile tests in violation of a U.N. ban and prompting the latest U.S. sanctions against it on Thursday.
In 2010, the so-called Stuxnet virus disrupted the operation of thousands of centrifuges at a uranium enrichment facility in Iran. Iran says that assault and other computer virus attacks are part of a concerted effort by Israel, the U.S. and their allies to undermine its nuclear program through covert operations.