Rye Dam Cyberattack Cited in Justice Dept. Indictment Against Iran
According to a Breaking News report issued by The New York Times Thursday morning, The Justice Department unsealed an indictment against seven Iranian computer specialists who regularly worked for the country’s Islamic Revolutionary Guards Corps, charging that they were behind cyberattacks on dozens of American banks and that they attempted to take over the controls of a small dam in Rye.
The indictment, while long expected, is the first time that the Obama administration has sought action against Iranians for a wave of computer attacks on the United States that began in 2011.
According to The New York Times report, the indictment does not say that the attacks were directed by the Revolutionary Guards. But it referred to those who were charged as “experienced computer hackers” who “performed work on behalf of the Iranian Government, including the Islamic Revolutionary Guard Corps.”
The indictment cited attacks on major American banks, the New York Stock Exchange and AT&T.
All of those attacks were “distributed denial of service” attacks, often called DDOS attacks, in which the target’s computers are overwhelmed by coordinated computer requests from thousands of machines around the world. The result is often that the targeted networks crash, putting them out of service for some number of hours.
But in the case of the Bowman Dam in Rye, a suburb of New York, there was an effort to take over the dam itself. The effort failed, but in some ways worried American investigators more because it was a different kind of attack, aimed at seizing control of a piece of infrastructure, according to the Times article.
The story first broke in December 2015 when a Wall Street Journal article said the breach was not sophisticated and occurred during the same time frame that Iranian hackers were targeting U.S. financial institutions. The attackers were unable to get into the full dam system, but could take control of the flood gates. The incident remains classified, the article said.
Rye Brook Mayor Paul Rosenberg was quoted at the time saying, “The dam is used to control water flow when it rains to prevent flooding downstream. The dam is managed by a piece of software that is industry standard and very common.” Rosenberg said he doubted the hackers could have wreaked heavy damage or that Rye was a substantial target, but it worries him that hackers are looking for any opportunity they could find to cause damage.
The Department of Homeland Security, which knew about the cyberattack, would not comment on the dam intrusion for The Wall Street Journal article, but did note in a statement that its cybersecurity center serves as a hub for monitoring and mitigating such attacks.
The Iranian hactivist group SOBH Cyber Jihad was reported to have claimed responsibility for the Rye Brook cyberattack and said they kept quiet for two years because of a “state-level” warning not to go public with it “for the greater good.” They came forward after the Wall Street Journal report.
Officials in Rye said the Department of Homeland Security notified them about unauthorized access to the city’s computer system and followed up with a report in January 2015. According to NBC News the intruder accessed and read files, including usernames and passwords, six times between Aug. 22 and Sept. 27, 2013.
Shocked when he heard the news and disturbed that he and other Westchester County officials had not been notified of the breach, County Executive Rob held a press conference Dec. 23. asking the Department of Homeland Security for details about the reported Iranian cyber-security breach at the Bowman Ave. Dam. He also demanded explanations about why the county wasn’t informed of the security risk.
“If this information was important enough to be reported to the White House then why wasn’t it reported to me and the county officials who would have been required to deal with the consequences of any terror attack?” asked Astorino. “It is unacceptable that in this day and age that I had to read about this in the newspaper. No amount of intelligence information is too small or insignificant when it comes to security.”
Despite being a member of the FBI Joint Terrorism Task Force, Westchester County was never alerted to the potential security risk. Since January 2010, a Westchester County police detective has been assigned full-time to the FBI Joint Terrorism Task Force to ensure access to the highest levels of intelligence information affecting Westchester and its citizens. Westchester is also part of a separate counter-terrorism zone that also includes Putnam County.
“Even though it was done with computers, this is considered a criminal break in,” said County Public Safety Commissioner George Longworth. “The link to a possible terror threat makes this extremely serious.”
In the indictment issued Thursday, none of the named Iranians live in the United States and it is doubtful that they will ever make it to an American courtroom. The Iranians named in the indictment were Ahmad Fathi, Hamid Firoozi, Amin Shokohi and Sadegh Ahmadzadegan, who went by the online handle of “Nitr0jen26.”
Also named were Omid Ghaffarinia, known as “PLuS,” Sina Keissar and Nader Saedi, also known as “Turk Server.” Their whereabouts were not described, but some worked for a firm the indictment called ITSec Team, and some for Mersad Company, both described as private security companies based in Iran.
Examiner Media – Keeping you informed with professionally-reported local news, features, and sports coverage.