© 2022 Kansas City Public Radio
NPR in Kansas City
Play Live Radio
Next Up:
Available On Air Stations

U.S. Indicts 7 Iranians Accused Of Hacking U.S. Financial Institutions

Attorney General Loretta Lynch and FBI Director James Comey stand by a poster showing Iranians who are wanted by the FBI for computer hacking during a news conference at the Justice Department in Washington on Thursday.

The U.S. Department of Justice has indicted seven Iranians with intelligence links over a series of crippling cyberattacks against 46 U.S. financial institutions between 2011 and 2013.

The indictment, which was unsealed Thursday, also accuses one of the Iranians of remotely accessing the control system of a small dam in Rye, N.Y, during the same period.

NPR's Carrie Johnson tells our Newscast unit that "FBI Director James Comey says the defendants are overseas, but U.S. authorities were able to pierce the shield of anonymity and identify them." She adds: "The FBI will be watching if the men travel outside of Iran, and within reach of the American justice system."

In prepared remarks, Attorney General Loretta Lynch said the indictment is meant to send a message: "That we will not allow any individual, group, or nation to sabotage American financial institutions or undermine the integrity of fair competition in the operation of the free market."

"The attacks were relentless, systematic and widespread," Lynch said. "They threatened our economic well-being and our ability to compete fairly in the global marketplace — both of which are directly linked to our national security."

According to the indictment, the seven men worked for two Iran-based computer security companies that have done work for the Iranian government, including the powerful Islamic Revolutionary Guard Corps. The men allegedly carried out large-scale distributed denial of service (DDoS) attacks, which overwhelm a server with communications in order to disable it.

The court documents detail the repeated series of attacks:

"The U.S. Financial Industry DDoS Attacks impacted, at a minimum, approximately 46 major financial institutions and other financial-sector corporations in the United States over a total of at least approximately 176 days of DDoS attacks. On certain days during these attacks, hundreds of thousands of customers were unable to access their bank accounts online. As a result of these attacks, those victim institutions incurred tens of millions of dollars in remediation costs as they worked to mitigate and neutralize the attacks on their computer servers."

As NPR's Tom Gjelten reported in 2013, U.S. officials and cybersecurity experts had suspected Iranian government involvement in the sophisticated attacks.

You can read the full indictment here:

Copyright 2020 NPR. To see more, visit https://www.npr.org.

KCUR serves the Kansas City region with breaking news and powerful storytelling.
Your donation helps make non-profit journalism available for everyone.