US charges Iranians with hacking banks and dam

The United States on Thursday unsealed an indictment against seven Iranians charged with hacking into American banks, causing losses of tens of millions of dollars.

The indictment said they were working for firms linked to the Iranian government and the Revolutionary Guard Corps.

Additionally, one of the hackers was named in a separate case involving the hacking of a US dam's computer systems.

"Today we have unsealed an indictment against seven alleged experienced hackers employed by computer security companies working on behalf of the Iranian government, including the Revolutionary Guard Corps," Attorney General Loretta Lynch told a news conference.

The Revolutionary Guard Corps is one of several entities within the Iranian government responsible for Iranian intelligence, the indictment said.

The hack attacks began in December 2011 and escalated in September 2012, then occurring on a near weekly basis until May 2013, the indictment said. Bank of America, JP Morgan Chase, Citibank and HSBC were among those affected, it added.

A grand jury in Manhattan found that the seven defendants conducted a series of cyber-attacks against civilian targets in the financial world, costing the victims tens of millions of dollars, Lynch said.

She said the "relentless, systematic and widespread" attacks threatened the well-being of the US and undermined national security.

One of seven Iranian suspects in the indictment also hacked into the system controlling an American dam in 2013, prosecutors announced Thursday.

Hamid Firoozi repeatedly hacked into the system which controlled Bowman Dam in Rye, New York between August and September 2013, allowing him to obtain information about the status and operation of the facility, the indictment said.

According to the Wall Street Journal, Firoozi used a cellular modem to access the control systems at the 20-foot Bowman Avenue dam in Rye.

The attack appears to have occured as part of tit-for-tat retaliations between the US and Iran over the use of the Stuxnet computer worm to damage Iranian nuclear facilities in 2012.

Lawmakers had callled for the US government to set clear standards and responses for such attacks.

“We don’t know what constitutes an act of war, what the appropriate response is, what the line is between crime and warfare,” Rep. Jim Himes said in a House Intelligence Committee hearing last September.

Cybersecurity experts have identified three distinct types of cyber intrusions: corporate espionage intended to financially benefit foreign companies, hacks intended to do damage to infrastructure and intelligence-gathering efforts performed by enemy states.