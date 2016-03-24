(Adds Lynch quote, details from indictment, names of hackers)
By Dustin Volz
WASHINGTON, March 24 The Obama administration on
Thursday announced the indictment of seven Iranian hackers for a
coordinated campaign of cyber attacks on dozens of U.S. banks
and a New York dam from 2011 to 2013, signaling an effort by
officials to more publicly confront cyber crime waged on behalf
of foreign nations.
The indictment, filed in a federal court in New York City,
described the suspects, who live in Iran, as "experienced
computer hackers" believed to have been working on behalf of the
Iranian government.
The move marks the first time the U.S. government has
charged individuals tied to a nation-state with attempting to
disrupt critical infrastructure, a vulnerability that security
researchers have grown increasingly concerned about in recent
months.
Separately, the U.S. Treasury Department blacklisted two
Iranian companies on Thursday for supporting Iran's ballistic
missile program and also sanctioned two British businessmen it
said were helping an airline used by Iran's Revolutionary
Guards.
The charged hackers were identified as Ahmad Fathi, Hamid
Firoozi, Amin Shokohi, Sadegh Ahmadzadegan, Omid Ghaffarinia,
Sina Keissar and Nader Seidi, all citizens and residents of
Iran. They are accused of conspiracy to commit computer hacking
while employed by two Iran-based computer companies, ITSecTeam
and Mersad Company.
Firoozi is additionally charged with obtaining and abetting
unauthorized access to a protected computer.
At a news conference announcing the charges, U.S. Attorney
General Loretta Lynch said the accused hackers caused tens of
millions of dollars in damages in their assault on U.S banks. At
least 46 major financial institutions and financial sector
companies were targeted, including JPMorgan Chase, Wells
Fargo and American Express, according to the
indictment. AT&T was also targeted.
The hackers are accused of hitting the banks with
distributed denial of service attacks on a near-weekly basis, a
relatively unsophisticated tactic that can bring computer
networks offline by flooding servers with spammed traffic.
"These attacks were relentless, they were systematic, and
they were widespread," Lynch said.
But the attack on Bowman Avenue Dam in Rye Brook, New York,
was especially alarming to investigators, Lynch said, because
the intrusion could have posed a serious threat to the security
of Americans. A stroke of good fortune prevented the hackers
from obtaining operational control of the flood gates because
the dam had been manually disconnected for routine maintenance,
she said.
The indictment represents the Obama administration's latest
attempt to more publicly confront cyber attacks carried out by
other countries against the United States.
"An important part of our cybersecurity practice is to
identify the actors and to attribute them publicly when we can,"
Lynch said. "We do this so that they know they cannot hide."
Though the indictment comes at a time of reduced tensions
between the United States and Iran after a landmark 2015 nuclear
deal, it is not expected that Iran will allow their extradition
to the United States to face charges.
FBI Director James Comey vowed to pursue justice, stating at
the conference, "the world is small, and our memory is long."
