By Dustin Volz, Nate Raymond and Jim Finkle
WASHINGTON (Reuters) - The Obama administration is expected to blame Iranian hackers as soon as Thursday for a coordinated campaign of cyber attacks in 2012 and 2013 on several U.S. banks and a New York dam, sources familiar with the matter have told Reuters.
The Justice Department has prepared an indictment against about a half-dozen Iranians, said the sources, who spoke on condition of anonymity due to the sensitivity of the matter. It is one of the highest-profile U.S. indictments against a foreign nation on hacking charges.
It follows a landmark 2014 case in which a grand jury charged five members of the Chinese military with hacking into American computer networks and engaging in cyber espionage on behalf of a foreign government.
The charges, related to unlawful access to computers and other alleged crimes, were expected to be announced publicly by U.S. officials as soon as Thursday morning at a news conference in Washington, the sources said.
The indictment was expected to directly link the hacking campaign to the Iranian government, one source said. The banks will not be identified in the indictment due to fear of retaliation, the source said.
Though a planned indictment for the breach of back-office computer systems at the Bowman Avenue Dam in Rye Brook, New York, has been reported, it was only part of a hacking campaign that was broader than previously known, as the indictment will show, the sources said.
The dam breach coincided roughly with a spate of distributed denial of service attacks in 2012 that hit more than a half dozen U.S. financial institutions and the two episodes were long suspected of being connected. Cyber security experts have said these, too, were perpetrated by Iranian hackers against Bank of America, JPMorgan Chase, Capital One, PNC Financial Services and SunTrust Bank.
In the intrusion of the dam computers, the hackers did not gain operational control of the floodgates, and investigators believe they were attempting to test their capabilities.
The hackers who were expected to be named in the indictment all reside in Iran, one source said.
The Justice Department declined to comment.
'WILD WEST DAYS'
The indictment would be the Obama administration's latest step to confront foreign cyber attacks on the United States. President Barack Obama accused and publicly condemned North Korea over a 2014 hack on Sony Pictures and vowed to "respond proportionally." No details were made public of any retaliation.
James Lewis, a cyber security expert with the Center for Strategic and International Studies think tank, said, "We need to make clear that there will be consequences for cyber-attacks and that the Wild West days are coming to an end."
Two weeks ago, it was widely reported that U.S. prosecutors were preparing an indictment against Iranian hackers related solely to the dam attack.
The broader indictment would come at a time of reduced tensions between the United States and Iran after a landmark 2015 nuclear deal. At the same time, the Obama administration has shown a willingness to confront Tehran for bad behavior.
Charging the Iranian hackers would be the highest-profile move of its type by the Obama administration since the Justice Department in 2014 accused five members of China's People’s Liberation Army with hacking several Pennsylvania-based companies in an alleged effort to steal trade secrets.
'WHEN, NOT IF'
U.S. national security professionals and cyber-security experts have grown increasingly worried about attacks on infrastructure including dams, power plants, factories and financial institutions.
That concern has grown since a December cyber attack in the Ukraine caused a blackout that temporarily left 225,000 customers without power.
Speaking at a cyber security conference earlier this month, National Security Agency chief Michael Rogers said it was a matter of "when, not if" another country launched a successful and destructive cyber attack on U.S. critical infrastructure like the one seen in Ukraine.
Some experts have said the United States is less well-equipped to respond to a major infrastructure attack because systems are more connected and reliant on the Internet.
The United States and Israel covertly sabotaged Iran’s nuclear program in 2009 and 2010 with the now-famous Stuxnet computer virus, which destroyed Iranian centrifuges that were enriching uranium.
(Reporting by Dustin Volz in Washington, Nate Raymond in New York and Jim Finkle in Boston; additional reporting by Mark Hosenball in Washington and Jim Finkle in Boston; Editing by Kevin Drawbaugh and Jonathan Oatis)