The 7 Most Wanted Iranian Hackers By the FBI

On January 21, 2016, a grand jury in the Southern District of New York indicted seven Iranian nationals for their involvement in conspiracies to conduct a coordinated campaign of distributed denial of service (“DDoS”) attacks against the United States financial sector and other United States companies from 2011 through 2013.  Each defendant was a manager or employee of ITSecTeam or Mersad, private security computer companies based in the Islamic Republic of Iran that performed work on behalf of the Iranian Government, including the Islamic Revolutionary Guard Corps.

The 7 Most Wanted Iranian Hackers By the FBI

Ahmad Fathi
Hamid Firoozi
Amin Shokohi
Mohammad Sadegh Ahmadzadegan

Sina Keissar
Nader Saedi
Omid Ghaffarinia
Seven Iranians working on behalf of the Iranian government have been indicted for a series of cyber crimes that cost U.S. financial institutions tens of millions of dollars and compromised critical controls of a New York dam.

Using botnets and other malicious computer code, the individuals—employed by two Iran-based computer companies sponsored and directed by the Iranian government—engaged in a systematic campaign of distributed denial of service (DDoS) attacks against nearly 50 institutions in the U.S. financial sector between late 2011 and mid-2013. The repeated, coordinated attacks disabled bank websites and prevented customers from accessing their online accounts.

The indictments were unsealed today in federal court in New York City. The defendants are all believed to be in Iran, but Interpol Red Notices have been issued for their arrests and extraditions to the U.S. if they travel outside of Iran.

“The FBI will find those behind cyber intrusions and hold them accountable, wherever they are, and whoever they are,” said Director James B. Comey at a press conference today at the Department of Justice in Washington, D.C., where the charges were announced. Attorney General Loretta Lynch added, “We will continue to pursue national security cyber threats through the use of all available tools, including public criminal charges.”

The DDoS attacks, which overwhelmed servers and thereby denied Internet access to legitimate users, collectively required tens of millions of dollars to mitigate. The attacks began in December 2011, and by September 2012 were occurring on nearly a weekly basis. On certain days, hundreds of thousands of customers were cut off from online access to their bank accounts.

According to court documents, one of the hackers who helped build the botnet used in some of the attacks received credit for his computer intrusion work from the Iranian government toward completion of his mandatory military service requirement. Other defendants have claimed responsibility for hacking servers belonging to NASA and for intrusions into thousands of other servers in the U.S., the United Kingdom, and Israel.

Since the attacks, the FBI and the Department of Justice have worked with the private sector to neutralize and remediate the botnets. The Bureau also conducted extensive outreach to Internet service providers to assist in removing the malware from affected servers. Through these efforts, more than 90 percent of the threat has been successfully eliminated

By calling out the individuals and nations who use cyber attacks to threaten American enterprise, as we have done in this indictment, we will change behavior,” Comey said. Referring to the fact that the defendants are currently out of U.S. reach, he added, “The world is small, and our memories are long. No matter where hackers are in the world and no matter how hard they try to conceal their identities, we will find ways to pierce that shield and identify them. That is the message of this case.”

In addition to targeting the U.S. financial sector, one of the defendants repeatedly gained access to computer systems of the Bowman Dam in Rye, New York in 2013. Although the defendant never gained control of the dam, his access allowed him to learn critical information about the dam’s operation, including details about gates that control water levels and flow rates. The breach underscored the potential vulnerabilities of the nation’s critical infrastructure to foreign hackers and could have posed “a clear and present danger to the public health and safety of Americans,” said Attorney General Lynch.