Banks, dam targeted by Iranian hackers, US says; 7 charged

  • By Tami Abdollah And Eric Tucker Associated Press
  • Thursday, March 24, 2016 1:34pm
  • Business

WASHINGTON — The U.S. charged seven hackers linked to the Iranian government with executing large-scale coordinated cyberattacks on dozens of banks as well as a small dam outside New York City — intrusions that law enforcement officials said reached into America’s infrastructure, disrupted the nation’s financial system and cost tens of millions.

Indictments announced Thursday by the Justice Department show a determination by overseas hackers to cripple vital American interests, officials said, and marked the first time the FBI attributed a breach of a U.S. computer system that controls critical infrastructure to a hacker linked to a foreign government.

The hackers are accused of infecting thousands of people’s computers with malware to create a network of zombie computers they used to overwhelm servers of major institutions to knock them offline. Those included the Bank of America, NASDAQ and the New York Stock Exchange.

“The attacks were relentless, systematic and widespread,” said Attorney General Loretta Lynch. “They threatened our economic well-being and our ability to compete fairly in the global marketplace, both of which are directly linked to our national security.”

One of the alleged hackers is accused of repeatedly gaining access to the control system of the Bowman Avenue Dam, a small flood-control structure in Rye Brook, about 20 miles north of New York City. Officials termed his access “a frightening frontier on cybercrime,” and said the hacker would have been able to operate a digitally controlled sluice gate, flooding portions of the city of Rye, but the gate had been disconnected for maintenance.

The hacker was still able to gain information about the dam’s operations, including its water level, temperature and the sluice gate.

While that attack did no harm, one official said the hacker obtained knowledge about the computer system that could be used on other dams and infrastructure. The official spoke on condition of anonymity because he wasn’t authorized to speak publicly. Computer systems, such as the one controlling the dam, are considered the backbone or core of modern industries including transportation, energy, oil and gas and manufacturing.

The indictments unsealed Thursday stem from intrusions between 2011 and 2013 that officials say targeted 46 victims, disabling bank websites and interfering with customers’ ability to do online banking. The attacks, which occurred sporadically over 176 days, cost the institutions tens of millions of dollars in remediation costs, but no customers lost money or had their personal information stolen.

The accused hackers worked for two Iranian computer companies linked to the Iranian government, including the Islamic Revolutionary Guard Corps, the U.S. said. Charges include violating U.S. laws on computer hacking and gaining unauthorized access to a protected computer.

The seven defendants are Ahmad Fathi, 37; Hamid Firoozi, 34; Amin Shokohi, 25; Sadegh Ahmadzadega, 23; Omid Ghaffarinia, 25; Sina Keissar, 25, and Nader Saedi, 26. Faroozi is charged alone for hacking the dam. Shokohi received credit from the Iranian government toward his mandatory military service for his work in the attacks, the U.S. alleges.

None of the individuals is in American custody and it’s unclear whether they will ever be arrested or if criminal indictments in absentia are effective in combatting such crimes.

The Justice Department in May 2014 indicted five Chinese military officials suspected of hacking into several major American companies, including U.S. Steel and Westinghouse, and stealing trade secrets. None has been brought to the U.S. to face charges.

The Justice Department is determined to remove a cloak of “perceived anonymity” long enjoyed by foreign hackers and has focused on doing so since 2012, said John Carlin, the department’s top national security official.

“We want them looking over their shoulder, both when they travel and when they sit at a keyboard,” said FBI Director James Comey.

The criminal case comes amid warming relations between the U.S. and Iran following last year’s nuclear agreement.

Since rolling back its nuclear program this year, Iran has regained access to some $100 billion in overseas assets and the two countries’ top diplomats have been meeting and discussing global matters at their most intensive level since Iran’s 1979 overthrow of the U.S.-backed shah.

Significant tensions remain, however. Iran has conducted several ballistic missile tests in violation of a U.N. ban, prompting the latest U.S. sanctions against the Islamic Republic on Thursday.

In 2010, the so-called Stuxnet virus disrupted the operation of thousands of centrifuges at a uranium enrichment facility in Iran. Iran says that assault and other computer virus attacks are part of a concerted effort by Israel, the U.S. and their allies to undermine its nuclear program through covert operations.

The latest Iranian attacks were a reminder of U.S. vulnerabilities, said Luke Dembosky, who supervised national security-related cyber cases at the Justice Department until March 1. “We were very fortunate that this access did not lead to something catastrophic, but the next one might.”

In December, hackers linked to Russia used a coordinated attack to take down part of Ukraine’s power grid, blacking out more than 225,000 people after hitting regional electric power distribution companies. U.S. officials called that the realization of a nightmare scenario — that hackers can remotely take down a critical system on which a country depends.

Talk to us

> Give us your news tips.

> Send us a letter to the editor.

> More Herald contact information.

More in Business

Black Press Media operates Sound Publishing, the largest community news organization in Washington State with dailies and community news outlets in Alaska.
Black Press Media concludes transition of ownership

Black Press Media, which operates Sound Publishing, completed its sale Monday (March 25), following the formerly announced corporate restructuring.

Maygen Hetherington, executive director of the Historic Downtown Snohomish Association, laughs during an interview in her office on Thursday, Feb. 15, 2024, in Snohomish, Washington. (Ryan Berry / The Herald)
Maygen Hetherington: tireless advocate for the city of Snohomish

Historic Downtown Snohomish Association receives the Opportunity Lives Here award from Economic Alliance.

FILE - Washington Secretary of State Steve Hobbs poses in front of photos of the 15 people who previously held the office on Nov. 22, 2021, after he was sworn in at the Capitol in Olympia, Wash. Hobbs faces several challengers as he runs for election to the office he was appointed to last fall. (AP Photo/Ted S. Warren, File)
Secretary of State Steve Hobbs: ‘I wanted to serve my country’

Hobbs, a former Lake Stevens senator, is the recipient of the Henry M. Jackson Award from Economic Alliance Snohomish County.

Mark Duffy poses for a photo in his office at the Mountain Pacific Bank headquarters on Wednesday, Feb. 14, 2024 in Everett, Washington. (Annie Barker / The Herald)
Mark Duffy: Building a hometown bank; giving kids an opportunity

Mountain Pacific Bank’s founder is the recipient of the Fluke Award from Economic Alliance Snohomish County.

Barb Tolbert poses for a photo at Silver Scoop Ice Cream on Thursday, Feb. 29, 2024 in Arlington, Washington. (Annie Barker / The Herald)
Barb Tolbert: Former mayor piloted Arlington out of economic brink

Tolbert won the Elson S. Floyd Award, honoring a leader who has “created lasting opportunities” for the underserved.

Photo provided by 
Economic Alliance
Economic Alliance presented one of the Washington Rising Stem Awards to Katie Larios, a senior at Mountlake Terrace High School.
Mountlake Terrace High School senior wins state STEM award

Katie Larios was honored at an Economic Alliance gathering: “A champion for other young women of color in STEM.”

The Westwood Rainier is one of the seven ships in the Westwood line. The ships serve ports in the Pacific Northwest and Northeast Asia. (Photo provided by Swire Shipping)
Westwood Shipping Lines, an Everett mainstay, has new name

The four green-hulled Westwood vessels will keep their names, but the ships will display the Swire Shipping flag.

A Keyport ship docked at Lake Union in Seattle in June 2018. The ship spends most of the year in Alaska harvesting Golden King crab in the Bering Sea. During the summer it ties up for maintenance and repairs at Lake Union. (Keyport LLC)
In crabbers’ turbulent moment, Edmonds seafood processor ‘saved our season’

When a processing plant in Alaska closed, Edmonds-based business Keyport stepped up to solve a “no-win situation.”

Angela Harris, Executive Director of the Port of Edmonds, stands at the port’s marina on Wednesday, Jan. 24, 2024, in Edmonds, Washington. (Ryan Berry / The Herald)
Leadership, love for the Port of Edmonds got exec the job

Shoring up an aging seawall is the first order of business for Angela Harris, the first woman to lead the Edmonds port.

The Cascade Warbirds fly over Naval Station Everett. (Sue Misao / The Herald file)
Bothell High School senior awarded $2,500 to keep on flying

Cascade Warbirds scholarship helps students 16-21 continue flight training and earn a private pilot’s certificate.

Rachel Gardner, the owner of Musicology Co., a new music boutique record store on Thursday, Jan. 18, 2024 in Edmonds, Washington. Musicology Co. will open in February, selling used and new vinyl, CDs and other music-related merchandise. (Olivia Vanni / The Herald)
New Edmonds record shop intends to be a ‘destination for every musician’

Rachel Gardner opened Musicology Co. this month, filling a record store gap in Edmonds.

MyMyToyStore.com owner Tom Harrison at his brick and mortar storefront on Tuesday, Sept. 6, 2022 in Everett, Washington. (Olivia Vanni / The Herald)
Burst pipe permanently closes downtown Everett toy store

After a pipe flooded the store, MyMyToystore in downtown Everett closed. Owner Tom Harrison is already on to his next venture.

Support local journalism

If you value local news, make a gift now to support the trusted journalism you get in The Daily Herald. Donations processed in this system are not tax deductible.