In 2014, the Justice Department indicted five Chinese nationals associated with China’s People’s Liberation Army for allegedly breaching U.S. companies. He called it a “shot across our bow”.
Advertisement
“We now live in a world where devastating attacks on our financial system, our infrastructure and our way of life can be launched from anywhere in the world, with a click of a mouse”. Other victims included American Express, BB&T, Citigroup, Fifth Third Bancorp, HSBC Holdings, ING Groep, KeyCorp, PNC Financial Services Group, US Bancorp and Wells Fargo & Co, according to the indictment.
In a press conference, Attorney General Loretta Lynch described the attacks as systematic and widespread. He said they used this anonymity “to break our laws through cyber intrusions and to threaten our security and economic well-being…”
One hacker is also charged with penetrating the computer system that controls the Bowman Avenue Dam in Rye Brook, New York, known as a Supervisory Control and Data Acquisition, or SCADA system.
According to the indictment, although his access would normally have permitted Firoozi to remotely operate and manipulate the Bowman Dam’s sluice gate, Firoozi did not have that capability because the sluice gate had been manually disconnected for maintenance at the time of the intrusion. He is concerned that any knowledge gained from that hack could be applied by terrorists to other, much larger targets.
The Manhattan US Attorney’s Office charged each of the seven hackers with conspiring to commit, aid, and abet computer hacking for their roles in the denial-of-service attacks against US companies.
The US hacking charges come on the heels of a recent report that the US had developed an “elaborate plan” for an extensive cyber attack against Iran in case the negotiations to reach a nuclear agreement failed.
None of the individuals is in American custody and it’s unclear whether they will ever be arrested or if criminal indictments in absentia are effective in combatting such crimes. None of those individuals has been brought to America to face charges.
Officials said the goal of such cases is to put cybercriminals on notice that their mouse clicks can be traced, even if they’re on the other side of the globe.
Likewise, FBI Director James Comey vowed his agents “will find those behind cyber intrusions and hold them accountable – wherever they are, and whoever they are”.
“The Department of Justice is sending a powerful message, ” Lynch said.
The DOJ identified the hackers as Ahmad Fathi, Hamid Firoozi, Amin Shokohi, Sadegh Ahmadzadegan, Omid Ghaffarinia, Sina Keissar and Nader Seidi. Faroozi is charged by himself in the hack of the dam.
U.S. Senator Charles E. Schumer today released the following statement following the Justice Department’s indictment of Iranian-linked hackers in cyber-attacks. But significant tensions remain, with Iran conducting several ballistic missile tests in violation of a United Nations ban and prompting the latest US sanctions against it on Thursday.
The seven men worked for two Iranian cybersecurity companies – ITSecTeam (ITSEC) and Mersad Company (MERSAD) – that served as contractors for the Iranian government.
The United States and Israel covertly sabotaged Iran’s nuclear programme in 2009 and 2010 with the now-famous Stuxnet computer virus, which destroyed Iranian centrifuges that were enriching uranium.
After the investigation, U.S. investigators were discouraged from charging the Iranians as the USA tried to negotiate a treaty governing the country’s nuclear program.
Advertisement
The hack attacks began in December 2011 and escalated in September 2012, then occurring on a near weekly basis until May 2013, the indictment said. “We were very fortunate that this access did not lead to something catastrophic, but the next one might”, he said.
