DOJ charges 7 Iranians with hacks against US banks, infrastructure
- By Mark Pomerleau
- Mar 24, 2016
On the heels of charging three alleged hackers aligned with the Syrian Electronic Army, the Justice Department has now charged seven Iranians with cyber crimes, in the latest example of the United States taking its “whole of nation” approach to responding to cyber attacks.
Justice today unsealed indictments against the seven Iranians thought to be working on behalf of the Iranian government and its elite military arm, the Islamic Revolutionary Guard Corps, to hack into U.S. infrastructure systems, financial institutions and other organizations.
The Iranian hackers executed a series of denial-of-service attacks against several U.S.-based organizations dating back to 2011, hitting servers with as much as 140 gigabits of data per second. DDoS attacks are meant to overwhelm servers, rendering them offline.
“The attacks disabled victim bank websites, prevented customers from accessing their accounts online and collectively cost the victims tens of millions of dollars in remediation costs as they worked to neutralize and mitigate the attacks on their servers,” the DOJ said. Additionally, one of the Iranians was charged with obtaining unauthorized access in 2013 to the Supervisory Control and Data Acquisition systems of the Bowman Dam in New York.
Justice said the unauthorized SCADA access enabled the hacker to obtain information regarding dam operation, such as water levels, temperature and status of the sluice gate, which is responsible for controlling water levels and flow rates. The intrusion did not cause any physical damage because the sluice gate had been manually disconnected for maintenance at the time.
“The challenge we face in investigating cyber crime is that cyber criminals often think that it’s a freebee to reach into the United States to do harm to steal what matters to us to wreak havoc. They think it’s a freebee because they’re halfway around the world and trying to use anonymization techniques,” FBI Director James Comey said at a Thursday press conference. “The message of this case is that we will work together to shrink the world and impose costs on those people so that no matter where they are we will try to reach them and no matter how hard they work to hide their identity and their tradecraft, we will find ways to pierce that shield and identify them.”
Also this week, the DOJ unsealed criminal complaints against three members of the Syrian Electronic Army for cyber hacks against the U.S. government and private businesses, and a Chinese national pleaded guilty to participating in a conspiracy to hack into the computer networks of U.S. defense contractors to exfiltrate military information back to the Chinese government.
The indictments, which follow indictments in 2014 of five Chines military hackers and a Kosvar accused late last year of stealing the information of military personnel and selling it to ISIS, demonstrate a new approach to cyber deterrence by the U.S., one not relegated exclusively to cyberspace.
“I think it’s the result of a new approach,” Assistant Attorney General John Carlin said of the growing indictments of hackers Thursday. “What you saw was back in 2012 at the Department of Justice, we decided that we would take the same approach we’ve taken against terrorist threats. Which is, we would make sure that the intelligence – that the Intelligence Community does a fantastic job of collecting – is shared with law enforcement and vice versa.”
Carlin has previously discussed the new approach in educating attorneys in cyber language to better posture them to go after cyber crimes. “Over the last several years we’ve reorganized at the Department of Justice and the [National Security] Division to do things like train prosecutors in every U.S. attorney’s office across the country to, on the one hand, handle that which is on the classified side – sensitive sources, methods, get read in on what the threats are – and on the other hand, learn about bits and bytes and the specific laws that apply to computer hacking,” he said at the 2015 Defense One Summit. “[We] then send those trained prosecutors back out to all 94 U.S. attorneys’ offices at the same time as the FBI issued an edict just like they had long done in terrorism that said ‘thou shalt share what had formally been on the intelligence side with these new specially trained lawyers.”
Carlin noted that this method doesn’t always lead to criminal prosecutions, but it allows for greater intelligence to deter and disrupt malicious cyber actions.
This change in approach is what led to the indictment of the Chinese hackers, a first-of-its-kind case Carlin has said weren’t just aimed at stealing national secrets but also at gaining a competitive advantage against U.S. companies..
The White House, in a long-awaited cyber deterrence strategy, highlighted its whole-of-government approach in which responses to cyber incidents might not take place in cyberspace alone. In fact, while some are skeptical of how these incidents of individuals across the globe will affect their behavior, others are optimistic.
“I think that there’s a whole-of-government approach to this and I think that we actually have seen some significant changes in our interactions with the Chinese government in terms of cybersecurity norms and in terms of the way in which they have come to agreement with the U.S on the parameters of how countries should use cyber activity with each other,” Attorney General Loretta Lynch said Thursday of the effects of the Chinese indictments.
The administration has utilized other creative approaches to cyber deterrence, such as imposing sanctions against those that use cyber for malicious purposes. Michael Daniel, White House cybersecurity coordinator, said that sanctions allow the government to utilize a new tool against cyber threats.
Of course, the military option is also viable against nation state cyber actors. “Cyberspace is one domain,” Rand Corp. researcher Isaac Porche said in recent congressional testimony. Rogers Cyber Command US offensive“The United States military operates in many other domains and so we’ve heard press articles talk about potential Iranian hacktivists attacking a U.S. dam – I don’t have any information that says it’s there. But what prevents nation states from taking action [is] the fact that they would have to deal with the United States in other domains. And so it always has to include all domains, not just cyber. Our response to a cyber attack may not be in cyber.”
The latest indictments, however, appear to be a fresh take with potentially more to come. “This is a very, very important arrow in our arsenal of cybersecurity,” Lynch said.
Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.