News and commentary on organized crime, street crime, white collar crime, cyber crime, sex crime, crime fiction, crime prevention, espionage and terrorism.
Friday, March 25, 2016
FBI: International Cyber Crime - Iranians Charged with Hacking U.S. Financial Sector
The FBI released the below report:
Seven Iranians working on behalf of the Iranian government have been indicted for a series of cyber crimes that cost U.S. financial institutions tens of millions of dollars and compromised critical controls of a New York dam.
Using botnets and other malicious computer code, the individuals—employed by two Iran-based computer companies sponsored and directed by the Iranian government—engaged in a systematic campaign of distributed denial of service (DDoS) attacks against nearly 50 institutions in the U.S. financial sector between late 2011 and mid-2013. The repeated, coordinated attacks disabled bank websites and prevented customers from accessing their online accounts.
The indictments were unsealed today in federal court in New York City. The defendants are all believed to be in Iran, but Interpol Red Notices have been issued for their arrests and extraditions to the U.S. if they travel outside of Iran.
“The FBI will find those behind cyber intrusions and hold them accountable, wherever they are, and whoever they are,” said Director James B. Comey at a press conference today at the Department of Justice in Washington, D.C., where the charges were announced. Attorney General Loretta Lynch added, “We will continue to pursue national security cyber threats through the use of all available tools, including public criminal charges.”
The DDoS attacks, which overwhelmed servers and thereby denied Internet access to legitimate users, collectively required tens of millions of dollars to mitigate. The attacks began in December 2011, and by September 2012 were occurring on nearly a weekly basis. On certain days, hundreds of thousands of customers were cut off from online access to their bank accounts.
According to court documents, one of the hackers who helped build the botnet used in some of the attacks received credit for his computer intrusion work from the Iranian government toward completion of his mandatory military service requirement. Other defendants have claimed responsibility for hacking servers belonging to NASA and for intrusions into thousands of other servers in the U.S., the United Kingdom, and Israel.
Since the attacks, the FBI and the Department of Justice have worked with the private sector to neutralize and remediate the botnets. The Bureau also conducted extensive outreach to Internet service providers to assist in removing the malware from affected servers. Through these efforts, more than 90 percent of the threat has been successfully eliminated.
“By calling out the individuals and nations who use cyber attacks to threaten American enterprise, as we have done in this indictment, we will change behavior,” Comey said. Referring to the fact that the defendants are currently out of U.S. reach, he added, “The world is small, and our memories are long. No matter where hackers are in the world and no matter how hard they try to conceal their identities, we will find ways to pierce that shield and identify them. That is the message of this case.”
In addition to targeting the U.S. financial sector, one of the defendants repeatedly gained access to computer systems of the Bowman Dam in Rye, New York in 2013. Although the defendant never gained control of the dam, his access allowed him to learn critical information about the dam’s operation, including details about gates that control water levels and flow rates. The breach underscored the potential vulnerabilities of the nation’s critical infrastructure to foreign hackers and could have posed “a clear and present danger to the public health and safety of Americans,” said Attorney General Lynch.
Paul Davis is a writer who covers crime. He has written extensively about organized crime, cyber crime, street crime, white collar crime, crime fiction, crime prevention, espionage and terrorism. His 'On Crime' column appears weekly in the Washington Times and his 'Crime Beat' column appears in Philadelphia Weekly. He is also a regular contributor to Counterterrorism magazine and writes their online "Threatcon" column. His work has also appeared in the Philadelphia Inquirer, the Philadelphia Daily News and other publications. As a writer, he has attended police academy training, gone out on patrol with police officers, accompanied detectives as they worked cases, accompanied narcotics officers on drug raids, observed criminal court proceedings, visited jails and prisons, and covered street riots, mob wars and murder investigations. He has interviewed police chiefs, FBI, DEA and other federal agents, prosecutors, public officials, Navy SEALs and other military special operators, Israeli commandos, British Scotland Yard detectives, CIA officers, journalists, novelists and true crime authors, and Cosa Nostra organized crime bosses. Paul Davis has been a student of crime since he was an aspiring writer growing up in South Philadelphia. He enlisted in the U.S. Navy when he was 17 in 1970. He served aboard the aircraft carrier U.S.S. Kitty Hawk during the Vietnam War and he later served two years aboard the Navy harbor tugboat U.S.S. Saugus at the U.S. floating nuclear submarine base at Holy Loch, Scotland. He went on to do security work as a Defense Department civilian while working part-time as a freelance writer. He became a full-time writer in 2007. You can read his crime columns, crime fiction, book reviews and news and feature articles on this website. You can read his full bio by clicking on the above photo. And you can contact Paul Davis at firstname.lastname@example.org