US indicts seven Iranians over hacking banks, dam

An aide unveils a wanted poster before US officials hold a news conference about the hacking.
An aide unveils a wanted poster before US officials hold a news conference about the hacking.PHOTO: REUTERS

WASHINGTON (AFP) - The United States on Thursday unsealed computer hacking charges against seven Iranians working for firms linked to the Iranian government, accusing them of hacking dozens of American banks and the controls of a major New York dam.

The defendants were employed by computer security companies that performed work on behalf of Teheran’s powerful Revolutionary Guard Corps, the indictment said.

In what prosecutors called “a frightening new frontier for cybercrime,” one of the suspects was alleged to have repeatedly hacked into the system that controls the Bowman Dam in Rye, New York.

“Although no actual harm resulted from that infiltration, the potential havoc of such a hack of American infrastructure could wreak is scary to think about,” attorney for Manhattan, Preet Bharara told a joint news conference with Attorney-General Loretta Lynch.

Lynch announced the charges as a 17-page, three-count indictment from a New York grand jury was unsealed.

It comes one month after President Barack Obama unveiled a US$19 billion (S$26 billion) cybersecurity action plan as his intelligence chief warned of the growing risks from new technologies that open more doors to hackers.

“Today we have unsealed an indictment against seven alleged experienced hackers employed by computer security companies working on behalf of the Iranian government, including the Revolutionary Guard Corps,” Lynch said.

The Revolutionary Guard Corps is one of several entities within the Iranian government responsible for intelligence, the indictment read.

“Online services were disrupted. Hundreds of thousands of Americans were unable to access bank accounts online. These attacks were relentless, systematic and widespread,” Lynch added.

“We believe they were conducted with the sole purpose of undermining the companies and damaging America’s free markets,” she added.

The hacking began in December 2011 and escalated in September 2012, then occurring on a near weekly basis until May 2013, prosecutors said.

According to the indictment, Bank of America, JP Morgan Chase, Citibank and HSBC were among those affected.

A grand jury in Manhattan found that the seven defendants conducted a series of cyber attacks against civilian targets in the financial world, costing the victims tens of millions of dollars, Lynch said.

The three-count indictment charges teams from two private companies, ITSect Team and Mersad Co, with conspiracy to commit computer hacking.

Hamid Firoozi, one of the defendants, was also charged with unauthorized access to a protected computer, the system that controls the Bowman Dam.

The indictment alleges he hacked into it repeatedly between August and September 2013, gaining access to information about the status and operation of the facility.

It allowed him access to information about water levels and temperature, and would also have allowed him to remotely operate and manipulate the sluice gates had the gates not been manually disconnected for maintenance, it added.

“But for that fact, that access would have given the defendant the access to control water levels, flow rates, an outcome that could have posed a clear and present danger to the public health and safety of Americans,” said Lynch.

Last month, US intelligence chief James Clapper named Iran, as well as Russia, China and North Korea as “leading threat actors” that pose risks for US security that are growing as technology evolves and moves into new devices.