US accuses 7 Iranians of hacking US banks, New York dam

The two-year campaign was carried out on behalf of the Iranian government

The U.S. government says seven Iranians working for the country's Islamic Revolutionary Guard Corps are responsible for 187 denial of service attacks aimed at banks across the U.S. between 2011 and 2013.

It also says one of the individuals gained access to the control system for the Bowman Avenue Dam, a small dam north of New York City, and would have been able to control flow of water through the system had it not been disconnected for repairs.

The accused worked for two Iranian computer companies, ITSecTeam and Mersad, and were contracted by the Iranian government to conduct the attacks, according to a Department of Justice indictment unsealed on Thursday.

The charges underscore that the U.S. government "will not allow any individual, group, or nation to sabotage American financial institutions or undermine the integrity of fair competition in the operation of the free market," Attorney General Loretta Lynch said at a news conference.

The DOJ alleges the DDOS attacks took place sporadically until September 2012, after which they occurred almost every week. The attackers directed up to 140 gigabits of data per second at the banks' web servers. overloading them. They left customers unable to log in but didn't result in the theft of personal information.

The attacks were launched from networks of thousands of computers that had been infected with malware. After identifying the source of the attacks, the FBI worked with Internet service providers to mitigate the attacks, and says 95 percent of the infected computers have been removed from the botnet.

Among those accused of the attacks are Sadegh Ahmadzadegan, aka Nitr0jen26, and Omid Ghaffarinia, aka PLuS, who helped co-found Mersad and were affiliated with two other Iranian hacking teams -- Sun Army and the Ashiyane Digital Security Team, the DOJ said. The men also claimed responsibility for hacking NASA in February 2012.

Perhaps more worrying than the DDOS attacks was the intrusion to Bowman Dam. Between Aug. 28, 2013, and Sept. 18, 2013, Hamid Firoozi "repeatedly obtained unauthorized access to the SCADA systems of the Bowman Dam," according to an indictment.

The access he gained allowed him to see information regarding the status and operation of the dam, water levels, temperature, and that status of the sluice gate, which controls water levels and flow rates. If the sluice gate hadn't been manually disconnected for maintenance, he would have been able to control it.

All seven have been charged with computer hacking offenses and face a maximum 10 years in prison, if they can be tried in a U.S. court. The alleged dam hacker faces an additional 5 years for accessing a computer at that site.

Join the CSO newsletter!

Error: Please check your email address.

More about Department of JusticeDOJFBINASA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Martyn Williams

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place