The Obama administration unsealed a federal indictment Thursday charging seven Iranian government-backed hackers with cyber crimes as the result of multiple attacks in recent years on several U.S. banks and a New York dam, according to officials.
The indictment accuses the Iranian government and its Revolutionary Guards Corps of orchestrating and conducting a years-long cyber attack on at least 46 U.S. financial institutions and a dam based outside of New York City.
The coordinated hack attacks took place between 2011 and 2013, with intrusions into U.S. financial institutions lasting nearly 200 days, according to Attorney General Loretta Lynch, who briefed reporters Thursday morning on the case.
Lynch described Iran’s attack as "large-scale and coordinated," noting that Iran’s goal was to cripple America’s economy and wreak havoc on these financial institutions, which faced tens of millions of dollars in damages as a result of the attacks.
"These attacks were relentless, they were systematic, and they were widespread," Lynch said. "We believe they were conducted with the sole purpose of undermining the targeted companies" and disrupting U.S. financial markets.
The Obama administration promised legal penalties for these Iranian hackers, whom multiple officials insisted are "working on behalf of the Iranian government.
The seven Iranians charged by the U.S. are believed to work for several hacker groups affiliated with the Iranian government and IRGC.
One of the alleged hackers also was charged with illegally accessing the Bowman dam in Rye Brook, New York. The hacker was able to seize control of sensitive systems that control the dam’s water levels and flow rates, according to Lynch and others.
Each of those in the indictment face up to 10 years in prison for their crimes. The individual who carried out the dam attacks faces an additional five years.
"It’s scary to think about" what these hackers could have done as a result of the dam hack, said U.S. Attorney Preet Bharara of the Southern District of New York. "This sounds like plot lines from a movie. But they’re not."
On the day Iran seized control of the dam, it was undergoing maintenance that took its computers offline. Barring this coincidence, the Iranian hackers would have had full control of all internal controls, Bharara explained.
The Iranian hackers were able to carry out these cyber attacks on the United States by enlisting a sophisticated network of computers around the world that had been infected with malware.
Once the virus was planted, the Iranians were able to seize control of computers across the globe and launch a series of what is known as denial-of-service attacks on U.S. financial institutions, officials said.
"These were not just ordinary crimes, but calculated attacks by groups with ties to the IRGC and designed with the specific goal of harming America," Bharara said, explaining that New York City-based organizations were specifically targeted by Iran.
The hacking "campaign began in approximately December 2011, and the attacks occurred only sporadically until September 2012, at which point they escalated in frequency to a near-weekly basis, between Tuesday and Thursdays during normal business hours in the United States," the Justice Department disclosed in its indictment.
"On certain days during the campaign, victim computer servers were hit with as much as 140 gigabits of data per second and hundreds of thousands of customers were cut off from online access to their bank accounts," according to the DOJ.
The U.S. government has put a greater emphasis on exposing nations that launch hack attacks on America, specifically Russia, China, and Iran.
"Let this indictment reinforce that the days of perceived anonymity are gone," John Carlin, the assistant attorney general for national security, told reporters. "There is no free pass."
"We can tell the world hackers affiliated with the Iranian government hacked U.S. systems and we intend to bring them to justice for their crimes," Carlin said.
U.S. intelligence and law enforcement agencies have worked to share information and focus more on cyber crimes, Carlin said.