This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.nytimes.com/2016/03/25/world/middleeast/us-indicts-iranians-in-cyberattacks-on-banks-and-a-dam.html

The article has changed 4 times. There is an RSS feed of changes available.

Version 2 Version 3
U.S. Indicts 7 Iranians in Cyberattacks on Banks and a Dam U.S. Indicts 7 Iranians in Cyberattacks on Banks and a Dam
(about 5 hours later)
WASHINGTON — The Justice Department on Thursday unsealed an indictment against seven Iranian computer specialists who regularly worked for the country’s Islamic Revolutionary Guards Corps, charging that they were behind cyberattacks on dozens of American banks and that they attempted to take over the controls of a small dam in Rye, N.Y. WASHINGTON — The Justice Department on Thursday unsealed an indictment against seven computer specialists who regularly worked for Iran’s Islamic Revolutionary Guards Corps, charging that they carried out cyberattacks on dozens of American banks and tried to take over the controls of a small dam in a suburb of New York.
The indictment, while long expected, is the first time that the Obama administration has sought action against Iranians for a wave of computer attacks on the United States that began in 2011. The indictment, while long expected, represents the first time the Obama administration had sought action against Iranians for a wave of computer attacks on the United States that began in 2011 and proceeded for more than a year, paralyzing some banks and freezing customers out of online banking.
The indictment does not say that the attacks were directed by the Revolutionary Guards. But it referred to those who were charged as “experienced computer hackers” who “performed work on behalf of the Iranian Government, including the Islamic Revolutionary Guard Corps.” The indictment stops short of charging that the attacks were directed by the Revolutionary Guards, a branch of the Iranian military. But it referred to the seven Iranians as “experienced computer hackers” who “performed work on behalf of the Iranian government, including the Islamic Revolutionary Guards Corps.”
In 2010, an American-led cyberattack on Iran’s main nuclear enrichment plant, the so-called Stuxnet virus, was revealed for the first time, and intelligence experts have long speculated that the attacks aimed at some of America’s largest banks — including JPMorgan Chase, Bank of America, Capital One and PNC Bank — were retaliation. Nothing in the indictment addresses the motives for the attacks. But intelligence experts have long speculated that the cyberactions directed at roughly four dozen financial institutions — including JPMorgan Chase, Bank of America, Capital One and PNC Bank — were intended to be retaliation for an American-led cyberattack on Iran’s main nuclear enrichment plant. That attack, which employed the so-called Stuxnet virus, was revealed in 2010.
The indictment also cited attacks on the New York Stock Exchange and AT&T. All of the Iranian attacks which, the indictment said, included actions against the New York Stock Exchange and AT&T were “distributed denial of service” attacks, often called DDoS attacks. In those assaults, the target’s computers are overwhelmed by coordinated computer requests from thousands of machines around the world. The targeted networks often crash, putting them out of service for some period.
All of those attacks were “distributed denial of service” attacks, often called DDoS attacks, in which the target’s computers are overwhelmed by coordinated computer requests from thousands of machines around the world. The result is often that the targeted networks crash, putting them out of service for some number of hours. But the case of the Bowman Dam in Rye, N.Y., was entirely different: It appeared to be an effort to take over the dam itself. The attempt failed because the dam was under repair and offline, but in some ways it worried American investigators more because it was aimed at seizing control of a piece of infrastructure.
But in the case of the Bowman Dam in Rye, a suburb of New York, there was an effort to take over the dam itself. The effort failed, but in some ways worried American investigators more because it was a different kind of attack, aimed at seizing control of a piece of infrastructure. “The most likely conclusion is that it was a warning shot” from the Iranians, who were saying, “‘Don’t pick on us, because we can pick on you,’” said Senator Chuck Schumer, Democrat of New York.
None of the named Iranians live in the United States and it is doubtful that they will ever make it to an American courtroom. In that respect the indictment is similar to one the Justice Department issued two years ago against members of Unit 61398 of the Chinese People’s Liberation Army, which it accused of stealing data from American corporations. But the administration argues that such indictments send a strong signal, and make it difficult for those who were indicted to travel, for fear they could be extradited. But Mr. Schumer said that the lesson from this case was “not that we should not employ cyberweapons, but that we should be able to protect ourselves.”
The indictment comes only eight months after the nuclear deal reached between Iran and six other nations, including the United States, appeared to be putting Tehran and Washington on a track toward a more productive relationship, after 35 years of enmity. But the Iranian missile launches in recent months also organized by the Guards have led to calls in Congress for new sanctions. The indictment appeared part of an American effort to keep Iran from taking the energy previously reserved for its nuclear program to bolster its growing corps of cyberwarriors, some of whom work directly for the government while others, like those named in the indictment, appear to be contractors. It is doubtful that any of the named Iranians will ever appear in an American courtroom. In that respect, the indictment is similar to one the Justice Department issued two years ago against members of Unit 61398 of the People’s Liberation Army of China, which it accused of stealing data from American corporations. The Chinese have never been arrested.
As a measure of the importance the administration placed on the indictment, it was announced by Attorney General Loretta Lynch, in a news conference in Washington with the United States attorney for the Southern District of New York, Preet Bharara, where the indictment was handed down. It was unclear how long it had been under seal. But the administration argues that such indictments send a strong signal and make it difficult for those who are indicted to travel, for fear of extradition.
The Iranians named in the indictment were Ahmad Fathi, Hamid Firoozi, Amin Shokohi and Sadegh Ahmadzadegan, who went by the online handle of “Nitr0jen26.” On Tuesday, the Justice Department indicted two other hackers who it said were members of the Syrian Electronic Army, which has supported the government of Bashar al-Assad, and it believes that it has a chance to gain custody of one of them. On Wednesday, the department obtained a guilty plea from a Chinese national living in Canada, Su Bin, whom it accused of mounting a cybercampaign to steal the designs of military aircraft from Boeing, on behalf of Chinese intelligence agents.
Also named were Omid Ghaffarinia, known as “PLuS,” Sina Keissar and Nader Saedi, also known as “Turk Server.” Their whereabouts were not described, but some worked for a firm the indictment called ITSec Team, and some for Mersad Company, both described as private security companies based in Iran. The Iran indictment comes eight months after the nuclear deal reached between Tehran and six other nations, including the United States, which appeared to be putting Tehran and Washington on a track toward a more productive relationship after 35 years of enmity. But Iranian missile launches in recent months also organized by the Guards have led to calls in Congress for new sanctions.
At the news conference, James B. Comey, the F.B.I. director, said the key to the case was solving the problem of “attribution” figuring out exactly who was behind an attack in the world of cyberspace, where it is relatively easy to hide someone’s true identity. The indictment appeared to be part of an American effort to keep Iran from shifting activity from its nuclear program to its growing corps of cyberwarriors, some of whom work directly for the government, while others, like those named in the indictment, seem to be contractors.
“Cybercriminals often think it is a freebie to reach into the United States,” Mr. Comey said. The message of the indictment was that “no matter how hard they work to hide their identify and their tradecraft, we will pierce that shield and find them.” As a measure of the importance the administration placed on the indictment, it was announced by Attorney General Loretta E. Lynch, in a news conference in Washington with Preet Bharara, the United States attorney for the Southern District of New York, where the indictment was handed up. It was unclear how long it had been under seal.
He also dismissed the fact that the individual attackers were out of reach of the Justice Department, noting that “the world is small and our memories are long.” The Iranians named in the indictment included Ahmad Fathi, Hamid Firoozi, Amin Shokohi and Sadegh Ahmadzadegan, who went by the online handle of “Nitr0jen26.” Also named were Omid Ghaffarinia, known as “PLuS,” Sina Keissar and Nader Saedi, also known as “Turk Server.” Their whereabouts was not described, but some worked for a firm the indictment called the ITSec Team, and some for the Mersad Company, both described as security companies in Iran.
“We want them looking over their shoulder when they travel or sit at a keyboard,” he added. John P. Carlin, who heads the national security division of the Justice Department, said in an interview that the indictments arose from a new approach within the Obama administration. “Prior to 2012, we dealt with these cases as intelligence matters,” which were hard to bring to court, Mr. Carlin said, because the evidence was classified. “Now we are following traditional investigative rules,” he said, assembling data that can be entered into court records.
John P. Carlin, who heads the national security division of the Justice Department, suggested that a crucial step to identifying the hackers came when investigators gained access to the products of intelligence agencies. He gave no specifics. Iran’s computer networks have been a primary target of the National Security Agency for years, and it is likely that in penetrating those networks for intelligence purposes or potential sabotage the N.S.A. could have traced the attacks to specific computers, IP addresses or individuals.
But Iran’s computer networks have been a primary target of the National Security Agency for years, and it is likely that in penetrating those networks for both intelligence purposes or potential sabotage the National Security Agency could have traced the attacks to specific computers, IP addresses, or individuals. That evidence would only come out at a trial, if at all. But naming individuals, some experts suggested, could lead to retaliation. Jason Healey, a cyberconflict expert at Columbia University and the Atlantic Council, asked in a Twitter post on Thursday whether naming individuals, rather than governments, put cyberoperators for the National Security Agency and the Central Intelligence Agency “at risk for similar indictments.”
But naming individuals, some experts suggested, may also put American cyberoperators at risk. Jason Healey, a cyberconflict expert at Columbia University and the Atlantic Council, asked in a Twitter post on Thursday morning, soon after the indictments were announced, whether naming individuals, rather than governments, “puts TAO & IOC operators at risk for similar indictments?” He was referring to the Tailored Access Operations unit of the National Security Agency, which is responsible for breaking into foreign computer systems, and the Information Operations Center at the C.I.A.