ShareThis Page

Iranian hackers charged with attacks on PNC, other banks, N.Y. dam

| Thursday, March 24, 2016, 6:57 p.m.

Federal prosecutors charged seven Iranian hackers with causing computer disruptions at PNC, Citizens, Fifth Third and 43 other U.S. banks and gaining access to a dam monitoring system in New York in indictments unsealed on Thursday.

The accused computer hackers worked on behalf of the Iranian government and its intelligence agency, the Islamic Revolutionary Guard Corps, according to the 18-page indictment. One was charged with hacking into the computer monitoring system at the Bowman Avenue Dam in Rye, N.Y., where only a maintenance issue kept him from being able to remotely control the release of water from the dam.

Preet Bharara, the U.S. Attorney for the Southern District of New York, where the dam and many of the affected banks are located, called the dam intrusion “a frightening new frontier” in cybercrime.

“We now live in a world where devastating attacks on our financial system, our infrastructure and our way of life can be launched from anywhere in the world with a click of a mouse,” he said.

The attacks on 46 financial institutions lasted from December 2011 through May 2013 and cost the banks tens of millions of dollars to “mitigate and neutralize,” prosecutors said.

At times, the attacks prevented hundreds of thousands of customers from accessing online banking information. However, the defendants did not access customer information, credentials or money, officials said.

Three of the seven defendants — Ahmad Fathi, Hamid Firoozi and Amin Shokohi — worked for the private Iranian computer security company ITSec Team. The others — Sadegh Ahmadzadegan, known online as “Nitr0jen26”; Omid Ghaffarinia, known as “PLuS”; Sina Keissar; and Nader Saedi, known as “Turk Server” — worked for the Iranian firm Mersad Co. Both companies performed work for the Iranian government.

All of the defendants are charged with conspiracy to commit computer hacking, for which they could each receive a sentence of up to 10 years in prison. Firoozi also is charged with unauthorized access to a protected computer for hacking into the dam monitoring system, which carries a maximum five years in prison.

The United States does not have an extradition agreement with Iran, and the countries' relations are strained, at best. That makes the chances of any of the seven facing trial in the United States unlikely.

In distributed denial of service — or DDoS — attacks such as those for which the seven are accused, hackers flood the victim's computer servers with so much fraudulent traffic that they cannot handle legitimate requests. The defendants swamped banking servers with as much as three times the amount of their operating capacity, or 140 gigabytes of data per second. That's about the equivalent of 1.4 million text documents or 140,000 photo images, depending on the size of each file.

The hackers broke into thousands of other computers and computer servers, including some in the United States, to carry out the attacks without the users' knowing, the indictment says. The Iranians also leased computer servers in the United States to control the attacks and monitor them.

“We will not allow any individual, group or nation to sabotage American financial institutions or undermine the integrity of fair competition in the operation of the free market,” Attorney General Loretta Lynch said in Washington.

Pittsburgh-based PNC welcomed news of the indictment, spokeswoman Marcey Zwiebel said.

“We're continually investing in new technologies and trying to develop strategies to protect customer information and prevent disruption from activities like these DDoS attacks,” she said.

Officials at two other major banks in the area that were hit, Fifth Third and Citizens, declined to comment.

The indictments build on work done in Pittsburgh when federal prosecutors in May 2014 charged five members of the Chinese military with computer theft for attacks on U.S. Steel, Alcoa and other area organizations, said David Hickton, the U.S. attorney for Western Pennsylvania.

“It is a great case as well as an exciting further step in the campaign to apply law to the digital space and to confront state-sponsored cybercrime,” Hickton said.

Even when federal investigators have little chance of bringing the defendants to the United States for trial, indictments have an impact, said James Lewis, senior fellow in the Strategic Technologies Program at the Center for Strategic & International Studies, a Washington think tank.

“The Department of Justice is trying to send a message that says two things: ‘You're not invisible to law enforcement anymore,' and, ‘If you do something, there will be consequences,' ” Lewis said. “Psychologically, it creates a lot of pressure on them.”

Andrew Conte is a member of the Tribune-Review investigations team. Reach him at andrewconte@tribweb.com.

TribLIVE commenting policy

You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.