The US Department of Justice (DoJ) has indicted seven people believed to have coordinated cyberattacks on banks between 2011 and 2013, all with links to the Iranian government.
The indictment does not say the attacks were directed by Iran’s armed forces, but those named were described as “experienced computer hackers” that “performed work on behalf of the Iranian Government, including the Islamic Revolutionary Guard Corps”.
As reported by Reuters, the crimes include DDoS attacks disrupting the public websites of a number of banks, while also breaking into computers linked to the Bowman dam in New York. In the latter case, criminals were not able to operate or gain control of the floodgates.
The indictment reflects the Obama administration’s increased efforts to tackle cyberattacks coming from outside the US.
“It sends an important message,” one individual familiar with the case told the Washington Post. “If you’re involved in criminal activity directed against the United States and particularly in attacks against critical infrastructure, you will be held accountable by the US government.”
The Iranians named in the indictment were Ahmad Fathi, Hamid Firoozi, Amin Shokohi, Sadegh Ahmadzadegan, Omid Ghaffarinia, Sina Keissar and Narder Saedi.
The indictment said that the attackers were split between two private security companies based in Iran – ITSec Team and the Mersad Company.
None of the Iranians mentioned in the indictment live in the US and, as the New York Times notes, it’s unlikely they’ll ever appear in an American courtroom.
The newspaper likens the charge to one the DoJ issued against the Chinese People’s Liberation Army in 2013 – sending a ‘signal’ to cybercriminals in foreign countries and restricting travel opportunities for fear of extradition.