The U.S. government says seven Iranians working for the country’s Islamic Revolutionary Guard Corps are responsible for 187 denial of service attacks aimed at banks across the U.S. between 2011 and 2013.
It also says one of the individuals gained access to the control system for the Bowman Avenue Dam, a small dam north of New York City, and would have been able to control flow of water through the system had it not been disconnected for repairs.
The accused worked for two Iranian computer companies, ITSecTeam and Mersad, and were contracted by the Iranian government to conduct the attacks, according to a Department of Justice indictment unsealed on Thursday.
The charges underscore that the U.S. government “will not allow any individual, group, or nation to sabotage American financial institutions or undermine the integrity of fair competition in the operation of the free market,” Attorney General Loretta Lynch said at a news conference.
The DOJ alleges the DDOS attacks took place sporadically until September 2012, after which they occurred almost every week. The attackers directed up to 140 gigabits of data per second at the banks’ web servers. overloading them. They left customers unable to log in but didn’t result in the theft of personal information.
The attacks were launched from networks of thousands of computers that had been infected with malware. After identifying the source of the attacks, the FBI worked with Internet service providers to mitigate the attacks, and says 95 percent of the infected computers have been removed from the botnet.
Among those accused of the attacks are Sadegh Ahmadzadegan, aka Nitr0jen26, and Omid Ghaffarinia, aka PLuS, who helped co-found Mersad and were affiliated with two other Iranian hacking teams — Sun Army and the Ashiyane Digital Security Team, the DOJ said. The men also claimed responsibility for hacking NASA in February 2012.
Perhaps more worrying than the DDOS attacks was the intrusion to Bowman Dam. Between Aug. 28, 2013, and Sept. 18, 2013, Hamid Firoozi “repeatedly obtained unauthorized access to the SCADA systems of the Bowman Dam,” according to an indictment.
The access he gained allowed him to see information regarding the status and operation of the dam, water levels, temperature, and that status of the sluice gate, which controls water levels and flow rates. If the sluice gate hadn’t been manually disconnected for maintenance, he would have been able to control it.
All seven have been charged with computer hacking offenses and face a maximum 10 years in prison, if they can be tried in a U.S. court. The alleged dam hacker faces an additional 5 years for accessing a computer at that site.