The Obama administration on Thursday indicted seven Iranians for a series of coordinated cyberattacks against the U.S. financial sector and for infiltrating a New York dam in 2013.
The charges are the first major public step the U.S. has taken to curb Iran’s rapidly developing cyber program, which has been pestering American companies with low-level hacks and probing for critical infrastructure network vulnerabilities for several years.
“Cybercriminals often think it’s a freebie to reach into the United States to do harm,” FBI Director James B. Comey said during remarks announcing the charges. “The message of this case is we will work together to shrink the world and impose costs on those people so that no matter where they are, we will try to reach them.”
The unsealed indictment directly ties the seven alleged hackers to the Iranian government, claiming they were employed by computer security firms working on behalf of Tehran.
The strikes on the financial sector, which occurred between late 2011 and mid-2013, left hundreds of thousands unable to connect to their accounts online, costing victims tens of millions of dollars.
Only one of the seven alleged hackers was charged with illegally accessing the control systems of the Bowman Dam in Rye, N.Y. — access that would have given him the ability to control water levels and flow rates.
Officials emphasized that the charges are intended to “send a powerful message” to foreign hackers.
“We will not allow any individual, group, or nation to sabotage American financial institutions or undermine the integrity of fair competition in the operation of the free market,” Attorney General Loretta Lynch said.
Some onlookers see the move as a targeted warning to Iran amid fears that Tehran would use a new influx of resources from its recently struck nuclear deal to fund cyber warfare efforts.
Iran’s economic sanctions were lifted in January, giving Tehran access to roughly $100 billion of its formerly frozen assets that can now be funneled into cyber and technology development.
To critics of the White House’s handling of Iran, though, the move confirms Obama’s long-standing failure to recognize the country’s cyberspace aggression.
“It is validation of what we had assessed … about the intent of the Iranian government: to probe and find vulnerabilities in American critical infrastructure,” said Fred Kagan, a national security scholar at the conservative American Enterprise Institute and co-author of a recent report on the Iranian cyber threat.
The White House battled criticism throughout the nuclear talks that lifting sanctions would merely buttress Tehran’s military efforts and cyber warfare program, while failing to stop the country from obtaining a nuclear weapon.
“Every person who voted to support the Iran nuclear deal knew fully well Iran’s bad behavior,” Sen. Cory GardnerCory GardnerProtecting the outdoors: Three cheers for America's best idea Ex-Sen. Cory Gardner joins lobbying firm Biden administration reverses Trump changes it says 'undermined' conservation program MORE (R-Colo.), who is working on a bill to sanction Iran for its cyber activity, told The Hill when news of the pending indictments leaked earlier this month. “There is no surprise that Iran has committed cyberattacks against the United States.”
Security experts started warning years ago that Iran’s cyber warriors have already infiltrated critical networks in over a dozen countries, including the U.S.
“These guys aren’t motivated by traditional espionage intelligence, like China, or financial gain, like Russian fraudsters,” said Jon Miller, vice president of strategy at security firm Cylance, which published a groundbreaking 2014 report on the extent of Iranian hacking. “They’re looking for a strategic, militaristic upper hand.”
Iran started ramping up its cyber efforts in 2010, shortly after a computer worm — believed to be built by the U.S. and Israel — damaged the country's nuclear infrastructure.
“They’re having no challenges whatsoever successfully exploiting worldwide critical infrastructure — corporations, devices, really whatever they put in their sights — and it’s because the bar to compromise is so low,” he added.
Obama’s critics alleged the administration kept this information under wraps while the Iran nuclear deal was being hammered out.
“I’m concerned this information was not broadly shared during the Iran negotiations,” Sen. Steve Daines (R-Mont.) told The Hill after news broke of the upcoming indictments, adding that the timing was “absolutely” suspect.
“The White House knew about it, and why weren’t they talking about this?” he added.
Preet Bharara, U.S. attorney for the Southern District of New York, pushed back at these allegations during Thursday’s press conference.
“We bring a case when it’s right to bring the case for the needs of the case itself,” he said. “There are a lot of considerations that go into the timing.”
Adam Segal, a cyber policy specialist and senior fellow at the Council on Foreign relations, explained that selectively revealing information is commonplace during sensitive international negotiations.
“States are always asking themselves, ‘Alright what is the value of publicly revealing this?’” said Segal, author of the new book, “The Hacked World Order.” “So you can imagine in the depths of the negotiations over the deal ... they didn’t want to blow it up over this, but afterwards there are reasons to send [a signal].”
Now, observers are watching to see if the Obama administration will tie the indictments to a new round of sanctions on Iran.
President Obama last year issued an executive order that empowered the Treasury Department to levy sanctions for hacking. But the administration has yet to yield its new powers. Many suspect the Iranian dam hack may be the first test case.
“Are we going to impose sanctions on Iran in any meaningful way?” Kagan asked. “If we don’t impose a cost on them, then just naming them gives them street cred in Tehran.”
—This post was updated at 11:01 a.m.