Iranians indicted in hacks on US banks, New York dam

The formal accusation comes as the government warns of hacking dangers to US infrastructure.

Laura Hautala
Laura Hautala
Laura Hautala
Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials 2022 Eddie Award for a single article in consumer technology
3 min read

A US district court indicated seven Iranian hackers, according to the Justice Department.

James Martin/CNET

Score one for the US government in its fight against hackers.

The Department of Justice on Thursday said that a US District Court has indicted seven Iranian hackers for their alleged role in attacks on the US financial sector and on a dam in New York state that lasted from late 2011 to the middle of 2013.

The hackers, who were employed by two Iran-based computer companies, ITSecTeam and Mersad Company, performed the work on behalf of the Iranian government, according to the Justice Department. The hackers performed denial-of-service attacks, which are meant to deny user access to computing resources and render the systems useless, the agency said.

Though the attacks weren't considered sophisticated, they raised concerns within the US government about the security of the country's infrastructure. Built to run with specialized software that lasts years or decades, the country's factories, power plants and other industrial systems are difficult to keep safe from hackers, security experts say.

The indictment against the Iranians comes amid heightened concern about infrastructure attacks around world. Earlier this year, parts of Ukraine's power grid were knocked out in an attack some researchers have attributed to Russian hackers. In its aftermath, the US government alerted electricity providers, gas and oil producers, and factories to be on the alert for similar attacks.

The attack against the financial sector lasted more than 176 days and resulted in 46 victims, according to the Justice Department. The attacks typically lasted between Tuesday and Thursday during business hours, and left customers without access to their online accounts.

In the case of the dam, one hacker gained unauthorized access to its office data systems, but didn't have the ability to control it because the sluice gate happened to be disconnected for maintenance, according to the agency. The dam is a flood control structure in Rye Brook, a suburb north of New York City at the Connecticut border.

The government's plan to name Iran as the perpetrator of the dam attack was reported earlier this month by CNN and by the Associated Press.

Yoni Shohet, co-founder and chief executive of cybersecurity provider SCADAfence, said US infrastructure is at risk because attacks are increasing and the systems are not well protected.

"Not only are these control systems being increasingly targeted by cyber criminals, but they are not being properly monitored," Shohet said. "The attack against the dam is just the tip of the iceberg."

Industrial plants are susceptible to being hacked through software flaws in the specialized programs that control them, said Jeff Zindel, who runs an industrial cybersecurity division of Honeywell Process Solutions. Facilities try to keep their software up-to-date to keep out attackers, but "it's not easy to patch industrial plants," Zindel said. The computer systems have very little downtime, and an update that disrupts service can be disastrous.

Security specialists say the government's decision to publicly identify Iran in the hack may help prevent bigger attacks in the future.

"Coming out and pushing sanctions convinces [the Iranians] that there will be consequences if they do go out in some kind of coordinated attack," said Jon Miller, who leads the research team at Cylance, a cybersecurity firm that has researched Iranian hackers. Miller believes an Iranian group that Cylance closely monitored from 2012 to 2014 as it hacked US government websites and other high-profile targets was responsible for the dam hacking.

Iran isn't the only one trying to hack critical infrastructure, researchers say. In fact, American hacking might have spurred Iran to up its own efforts. The US, with help from Israel, is reported to have hacked an Iranian nuclear enrichment facility with a computer worm known as Stuxnet. Miller said once Iran discovered that attack in 2011, it kicked up its own attacks on US and other foreign infrastructure into high gear.

"We proved to them that control system attacks work," Miller said. "It's not like that kind of knowledge is controlled in a vacuum."