News and commentary on organized crime, street crime, white collar crime, cyber crime, sex crime, crime fiction, crime prevention, espionage and terrorism.
Friday, March 25, 2016
FBI: International Cyber Crime - Iranians Charged with Hacking U.S. Financial Sector
The FBI released the below report:
Seven Iranians working on behalf of the Iranian government have been indicted for a series of cyber crimes that cost U.S. financial institutions tens of millions of dollars and compromised critical controls of a New York dam.
Using botnets and other malicious computer code, the individuals—employed by two Iran-based computer companies sponsored and directed by the Iranian government—engaged in a systematic campaign of distributed denial of service (DDoS) attacks against nearly 50 institutions in the U.S. financial sector between late 2011 and mid-2013. The repeated, coordinated attacks disabled bank websites and prevented customers from accessing their online accounts.
The indictments were unsealed today in federal court in New York City. The defendants are all believed to be in Iran, but Interpol Red Notices have been issued for their arrests and extraditions to the U.S. if they travel outside of Iran.
“The FBI will find those behind cyber intrusions and hold them accountable, wherever they are, and whoever they are,” said Director James B. Comey at a press conference today at the Department of Justice in Washington, D.C., where the charges were announced. Attorney General Loretta Lynch added, “We will continue to pursue national security cyber threats through the use of all available tools, including public criminal charges.”
The DDoS attacks, which overwhelmed servers and thereby denied Internet access to legitimate users, collectively required tens of millions of dollars to mitigate. The attacks began in December 2011, and by September 2012 were occurring on nearly a weekly basis. On certain days, hundreds of thousands of customers were cut off from online access to their bank accounts.
According to court documents, one of the hackers who helped build the botnet used in some of the attacks received credit for his computer intrusion work from the Iranian government toward completion of his mandatory military service requirement. Other defendants have claimed responsibility for hacking servers belonging to NASA and for intrusions into thousands of other servers in the U.S., the United Kingdom, and Israel.
Since the attacks, the FBI and the Department of Justice have worked with the private sector to neutralize and remediate the botnets. The Bureau also conducted extensive outreach to Internet service providers to assist in removing the malware from affected servers. Through these efforts, more than 90 percent of the threat has been successfully eliminated.
“By calling out the individuals and nations who use cyber attacks to threaten American enterprise, as we have done in this indictment, we will change behavior,” Comey said. Referring to the fact that the defendants are currently out of U.S. reach, he added, “The world is small, and our memories are long. No matter where hackers are in the world and no matter how hard they try to conceal their identities, we will find ways to pierce that shield and identify them. That is the message of this case.”
In addition to targeting the U.S. financial sector, one of the defendants repeatedly gained access to computer systems of the Bowman Dam in Rye, New York in 2013. Although the defendant never gained control of the dam, his access allowed him to learn critical information about the dam’s operation, including details about gates that control water levels and flow rates. The breach underscored the potential vulnerabilities of the nation’s critical infrastructure to foreign hackers and could have posed “a clear and present danger to the public health and safety of Americans,” said Attorney General Lynch.
Paul Davis is a writer who covers crime. He has written extensively about organized crime, street crime, sex crime, cyber crime, drug crime, white collar crime, crime fiction, crime prevention, espionage and terrorism. He has attended police academy training, gone out on patrol with police officers, accompanied detectives as they worked cases, accompanied narcotics officers on drug raids, observed criminal court proceedings and visited jails and prisons. He has covered street riots, mob wars and murder investigations. Paul Davis' "Crime Beat" column covers crime in both fact and fiction. His online column offers his Q&As with cops, crooks and crime writers. He is also a regular contributor to the Washington Times and Counterterrorism magazine. His work has also appeared in the Philadelphia Inquirer, Philadelphia Daily News and other newspapers, magazines and online publications. Paul Davis has been a student of crime since he was a 12-year-old aspiring writer growing up in South Philadelphia. He enlisted in the U.S. Navy when he was 17 in 1970 and served on the aircraft carrier USS Kitty Hawk during the Vietnam War. He also served two years on the Navy harbor tugboat USS Saugus at the U.S. nuclear submarine base at Holy Loch, Scotland. He went on to perform security work as a Defense Department civilian employee and he later became a freelance writer. You can read Paul Davis' Crime Beat columns, crime fiction and magazine and newspaper pieces on this website. You can also read his full bio by clicking on the above photo.