An Iranian hacker managed to gain control of the computer systems that worked the sluices on a New York dam — but luckily the gates had been taken offline for maintenance at the time, foiling any possible mischief, federal prosecutors said Thursday, announcing charges against seven Iran-backed operatives for hacking American infrastructure.
Minutes after the indictments were announced, the Treasury Department said it had imposed sanctions on backers of Iran’s ballistic missile program, in a one-two punch that seemed intended to push back against Obama administration critics who said the U.S. was kowtowing to the Iranian regime in the wake of last year’s historic nuclear deal.
Analysts said the charges against the hackers mark the first time the government has pursued a case against citizens working for a foreign power who tried to disrupt U.S. infrastructure.
In addition to the indictment connected to the New York dam, the hackers stand accused of trying to shut down the computers of the New York Stock Exchange, the Nasdaq composite, Bank of America, Capitol One Bank and dozens of other major financial institutions, disabling bank websites and denying customers online access to their accounts.
All seven charged remain on the loose, but Justice Department prosecutors said the indictments alone send a signal.
“The infiltration of the Bowman Avenue dam represents a frightening new frontier in cybercrime,” said U.S. Attorney Preet Bharara, of the Southern District of New York, who will handle the prosecution of the hackers if they are ever extradited to the U.S.
“These were no ordinary crimes, but calculated attacks by groups with ties to Iran’s Islamic Revolutionary Guard and designed specifically to harm America and its people,” he said.
The indictments were announced months after President Obama inked a deal with Iran’s government and other world leaders that could freeze the Islamic republic’s nuclear weapons ambitions. In exchange for rolling back some of its nuclear facilities, Iran gained access to tens of billions of dollars in frozen funds and had crippling economic sanctions lifted.
Critics of the deal said Mr. Obama gave up too much and got too little in return. They pointed to Iran’s renewed emphasis on conventional weaponry and ballistic missiles as evidence that the regime remains a potent threat.
Hoping to counter that danger, the Treasury Department announced sanctions Thursday against several individuals and groups that the administration says have aided either Iran’s ballistic missile development or Mahan Air, an Iranian airline that has circumvented U.S. sanctions.
Ira Winkler, a former National Security Agency analyst who is now president of security firm Secure Mentem, said the Justice Department’s indictment was “a political statement” rather than a move with teeth. He said some of the money that the U.S. unfroze as part of the nuclear deal could go to fund the very attacks American officials are now decrying.
“I’m one of those who kind of thinks relations with Iran should have been opened, but this is a case where you’re basically blaming a hammer when a person is walking around hitting people in the head with it,” Mr. Winkler said. “These people are just the soldiers in a war that’s been ordered by Iran.”
As for the specifics of the attacks, Mr. Winkler said regional projects such as the dam are particularly vulnerable.
Indeed, it was the details of the dam attack that set off the loudest alarms in Washington.
“If hackers are able to access dams, the electrical grid, airports, our water supply or nuclear plants, the amount of damage they could do is enormous,” said Sen. Dianne Feinstein of California, the top Democrat on the Senate Select Committee on Intelligence.
Prosecutors said the hackers were employed by two Iran-based companies that performed work on for the Iranian government, including the Islamic Revolutionary Guard Corps.
The seven charged were: Ahmad Fathi, 37; Hamid Firoozi, 34; Amin Shokohi, 25; Sadegh Ahmadzadegan, 23, known online as “Nitr0jen26”; Omid Ghaffarinia, 25, who went by “PLuS”; Sina Keissar, 25; and Nader Saedi, 26, also known as “Turk Server.”
Officials declined to go into detail about how they linked the hackers to the Iranian government, but the grand jury indictment says the regime gave Mr. Shokohi credit toward his military service requirement for his role in the hacks.
The federal indictment says the hackers targeted the banks with distributed denial of service attacks from 2011 to 2013. Those involve using automated “bots” to fire massive amounts of data, overloading the banks’ computers so they could no longer handle legitimate Internet traffic.
Customers seeking online access to their accounts were effectively shut out.
The banks shelled out tens of millions of dollars to try to stop the attacks and harden their cyberdefenses, prosecutors said.
Separately, Mr. Firoozi launched his own attack on the Bowman Avenue Dam in Rye, New York, gaining access to its supervisory control and data acquisition system, the indictment says.
He was able to find out all about the dam’s operating status and could have even taken control of the sluice gate, controlling the release of water — but it was manually disconnected for maintenance at the time.
In addition to the financial hacking counts, Mr. Firoozi was charged with a count of unauthorized access to a protected computer.