Attorney General Loretta Lynch.
The indictments come against a backdrop of warming relations between the United States and Iran, which includes a recently signed deal to stop that country's nuclear program.
Attributing cyber attacks to specific individuals is one of the most difficult challenges in cybersecurity, and the fact that the United States is willing to go to court with actual names of Iranian attackers indicates a high degree of confidence by U.S. law enforcement that it can trace the attacks all the way back to their source. It may be an indication of more to come: This week, the Department of Justice announced enforcement actions against the Syrian Electronic Army, and an alleged Chinese hacker named Su Bin.
The indictment says the Iranians charged worked for two private companies that in turn worked for the Iranian government and the Islamic Revolutionary Guard Corps. The companies were ITSec Team and Mersad Co. According to the indictment, Ahmad Fathi, Hamid Firoozi and Amin Shokohi were experienced computer hackers who worked for the ITSec Team, and Sadegh Ahmadzadegan, Omid Ghaffarinia, Sina Keissar and Nader Saedi worked for Mersad.
Attributing cyber attacks to specific individuals is one of the most difficult challenges in cybersecurity, and the fact that the United States is willing to go to court with actual names of Iranian attackers indicates a high degree of confidence by U.S. law enforcement that it can trace the attacks all the way back to their source. It may be an indication of more to come: This week, the Department of Justice announced enforcement actions against the Syrian Electronic Army, and an alleged Chinese hacker named Su Bin.
The indictment says the Iranians charged worked for two private companies that in turn worked for the Iranian government and the Islamic Revolutionary Guard Corps. The companies were ITSec Team and Mersad Co. According to the indictment, Ahmad Fathi, Hamid Firoozi and Amin Shokohi were experienced computer hackers who worked for the ITSec Team, and Sadegh Ahmadzadegan, Omid Ghaffarinia, Sina Keissar and Nader Saedi worked for Mersad.
The intrusions, the government says, were conducted from 2011 to 2013 and caused millions of dollars in damages to banks that were forced to take additional steps to protect their systems, as well as inconvenience for customers who were unable to access their account information online.
An indictment is a rare step for the U.S. government to take against foreign government-affiliated officials who are unlikely to be within reach of U.S. law enforcement any time soon. It mirrors an earlier effort that indicted five Chinese military officials for hacking in 2014.
The indictment says the hackers conducted a so-called distributed denial of service attack against the financial institutions. That's a cyber attack designed to overwhelm a website with inbound traffic, effectively shutting down access for legitimate website users. The government said the attacks affected 46 "major financial institutions" over about 176 days, which at some points meant that hundreds of thousands of bank customers lost online access to their accounts.
Retired Army Col. Jack Jacobs said the Obama administration is likely to tread lightly as it continues to court the Iranian middle class in the wake of recent elections that gave "genuine moderates" increased control of Iran's parliament.
No comments:
Post a Comment