WASHINGTON, March 24, 2016 —Attorney General Loretta Lynch has announced that seven cyber-terrorists employed by Iran-based computer firms that have been traced back to the Iranian government have been indicted on computer hacking charges for their parts in disrupting banking operations between 2011 and 2013. The charges stem from a denial of service campaign against nearly 50 victims and an intrusion into the Bowman Dam systems in 2013.
The cyberattacks disabled bank websites, preventing customers from accessing their accounts online. FBI Director James Comey confirmed that all seven suspects remain at large and that arresting them would be difficult. Lynch held a press conference announcing the indictments. “The attacks were relentless, systematic and widespread,” he said. “They threatened our economic well being and our ability to compete fairly in the global market place.”
The indictment marks the first time the Justice Department has charged anyone linked to a national government with disrupting critical U.S. infrastructure or computer systems of key industries such as finance and water. The DOJ identified the hackers as Ahmad Fathi, Hamid Firoozi, Amin Shokohi, Sadegh Ahmadzadegan, Omid Ghaffarinia, Sina Keissar and Nader Seidi.
The 18-page indictment identifies the Iranian companies as ITSec Team and Mersad Co, which work on behalf of the Iranian government. The attacks occurred on a weekly basis. The institutions affected include NASDAQ, Bank of America, NYSE, Capitol One, AT&T and PNC. The indictment alleges that Ahmadzadegan and Ghaffarinia also claimed responsibility for hacking into NASA servers and defacing NASA websites. In the intrusion of the dam computers, the hackers did not gain operational control of the floodgates, and investigators believe they were attempting to test their capabilities.
The indictment comes two years after the DOJ indicted five Chinese military officers for economic espionage in cyberspace. It also occurs eight months after the Iran nuclear deal was signed. Before today’s announcement, the U.S. government remained silent on major security breaches by foreign governments. Lynch said the attacks cost tens of millions of dollars over 176 days. In 2014, American officials openly blamed North Korea for a devastating attack on Sony Pictures. The two companies involved in the hacks have remained silent and have refused to confirm they employed the Iranians identified in the indictment.