Charges against Iranian hackers are ignorant, cowardly and dangerous

Iranian and Chinese governments directed and funded attacks, so why are Iranian and Chinese citizens being charged instead of the governments that directed their actions?

The indictment of seven Iranian hackers for launching distributed denial-of-service (DDoS) attacks against financial institutions and hacking a dam was infuriating because it assigned blame to the wrong parties.

The real culprit didn’t go unmentioned in the indictment announced by U.S. Attorney General Loretta Lynch. The indictment clearly states that the seven Iranians charged with criminal hacking worked for private companies that had been hired by various elements of the Iranian government to launch the attacks, which were perpetrated in 2012 and 2013.

According to the charges, the alleged hackers acted at the behest of the Iranian government and received logistical and monetary support from it. Reportedly, one of the people indicted received a waiver from mandatory military service because he was supporting the Iranian government by committing criminal acts.

What infuriates me is that there are many people within the Iranian government who are more complicit in the attacks than the people charged but were not indicted. This is cowardice. It is also a bad precedent.

I say that because it puts U.S. military personnel and employees of U.S. intelligence agencies at risk of facing similar charges for doing their jobs. The National Security Agency’s Tailored Access Office (TAO) is now widely acknowledged as being behind the Stuxnet attack, which caused significant damage to Iran’s nuclear efforts. Is the U.S. government comfortable with the possibility that Iran could exact revenge by indicting NSA employees for that cyberattack? (For that matter, given that Stuxnet caused damage in countries other than Iran, can all of those countries now charge NSA employees as well?)

And Stuxnet isn’t the only potential vulnerability for the U.S. The TAO was probably responsible for the Duqu malware that was implanted on the systems of the Iranian negotiation team during the run-up to the nuclear treaty between the U.S. and Iran.

The charges against the Iranians are similar to those filed against five Chinese military officers for hacking U.S. companies. But the failure to indict higher-ups was even starker in that case, since the crimes outlined in the indictment were said to have been perpetrated entirely within a military context. Those officers would not have acted except on orders, just as the seven Iranians would never have had the opportunity or motive to hack U.S. institutions and infrastructure without government support. Individual soldiers aren’t charged with murder, as long as they were operating under orders within a code of conduct. Why, then, does the FBI put those five Chinese military officers, who were clearly operating under orders and did not violate any international convention, on its 10 Most Wanted Cybercriminals list?

Much as it was U.S. policy to disrupt the Iranian nuclear program — and I’m sure Iran did not like that — it was (and maybe is) Iranian policy to disrupt the U.S. economy and prepare to launch asymmetric warfare and disrupt the U.S. infrastructure. Similarly, it was, and still appears to be, China’s policy to have its military cyber units target and collect intellectual property and then provide that intellectual property to Chinese businesses or otherwise use that information for the benefit of the Chinese government and economy.

The Iranian hackers were just the cogs of Iranian policy. If the U.S. government had issues with this policy, they should have been addressed before the signing of the nuclear treaty, which happened after the hacking incidents were attributed to Iran, and especially before the release of $150 billion in frozen Iranian assets. However, should there still be an issue with Iranian or Chinese cyber-network operations, Lynch should have indicted the entire chain of command that authorized and supported those operations.

The crimes outlined in the indictments against the Iranian and the Chinese hackers are like Stuxnet in that they were clearly perpetrated by the respective states. To treat these acts as if they were perpetrated by a group of rogue cybercriminals demonstrates a willful ignorance, or a lack of desire to take any meaningful actions against the entities actually responsible for the crimes.

This sort of willful ignorance is not limited to U.S. law enforcement. The Italian government filed criminal charges against 24 CIA-affiliated operatives who allegedly were responsible for Abu Omar’s rendition from Italy. Now, at least that alleged crime actually occurred in Italy. But in a parallel to the Iranian and Chinese cases, Italy filed no charges against the U.S. officials who presumably would have ordered the rendition and provided all of the resources necessary to accomplish it.

I’ll leave you with one final irony: The U.S. government protested the Italian charges.

Ira Winkler is president of Secure Mentem and author of the book Spies Among Us. He can be contacted through his Web site,

Join the CSO newsletter!

Error: Please check your email address.

More about FBINational Security AgencyNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ira Winkler

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts