The Justice Department indicted seven Iranian nationals on several charges of hacking American critical infrastructure, including attacking U.S. financial systems and gaining illegal access to the networks of a dam in upstate New York.
The indictment unsealed Thursday brings charges against Ahmad Fathi, 37; Hamid Firoozi, 34; Amin Shokohi, 25; Sadegh Ahmadzadegan, a.k.a. Nitrojen26, 23; Omid Ghaffarinia, a.k.a. PLuS, 25; Sina Keissar, 25; and Nader Saedi, a.k.a. Turk Server, 26.
The seven men worked for two Iranian cybersecurity companies — ITSecTeam (ITSEC) and Mersad Company (MERSAD) — that served as contractors for the Iranian government. All seven men allegedly have ties to the government and the Islamic Revolutionary Guard Corps, according to Attorney General Loretta Lynch.
"A federal grand jury in Manhattan found that these seven individuals conspired together, and with others, to conduct a series of cyberattacks against civilian targets in the United States financial industry that, in all, cost victims tens of millions of dollars," Lynch said Thursday.
The hackers perpetrated a distributed denial of service (DDoS) attack on at least 46 U.S. networks between 2011 and 2013, most of which targeted financial institutions.
The teams at ITSEC and MERSAD created malware to enslave computers around the world and constructed botnets to carry out the DDoS attacks. Those attacks overwhelmed bank websites and systems, locking out users and bank employees, alike.
At the height of the campaign, institutions were getting hit with upwards of 140 gigabits every second.
FBI investigators said they have been able to nullify and remediate the effects of 95 percent of the botnet networks related to these attacks.
The indictment also charges Firoozi with hacking into the Bowman Avenue Dam in Rye Brook, New York in 2013.
Luckily, while Firoozi was able to gain access to the dam's restricted network, the controls for the sluice gate was not connected to the system at that time, preventing him from causing any damage in the physical world.
However, remediation efforts cost upwards of $30,000.
"The infiltration of the Bowman Avenue Dam represents a frightening new frontier in cybercrime," said Preet Bharara, U.S. attorney for the Southern District of New York. "These were no ordinary crimes, but calculated attacks by groups with ties to Iran's Islamic Revolutionary Guard and designed specifically to harm America and its people. We now live in a world where devastating attacks on our financial system, our infrastructure and our way of life can be launched from anywhere in the world, with a click of a mouse."
Bharara added that responsibility for defending against these sorts of attacks goes beyond just law enforcement to the institutions themselves.
"The charges announced today should serve as a wake-up call for everyone responsible for the security of our financial markets and for guarding our infrastructure," he said. "Our future security depends on heeding this call."
The indictments unsealed Thursday are meant as a warning to others considering taking similar actions against the U.S.
"An important part of our cybersecurity practice is to identify the actors and attributed them publicly when we can," Lynch said. "We do this so they know they cannot hide."
"The FBI will find those behind cyber intrusions and hold them accountable — wherever they are, and whoever they are," FBI Director James Comey added. "By calling out the individuals and nations who use cyberattacks to threaten American enterprise, as we have done in this indictment, we will change behavior."
The charges carry a maximum sentence of 10 years in prison for each man, if convicted. Firoozi also faces an additional five years for his role in the Bowman Avenue Dam hack.
However, bringing charges is not the same as being able to prosecute, as these men are a world away and extradition is unlikely. But DOJ is playing the long game.
"Fugitives don't remain that way forever," Lynch said.