The US Department of Justice [official website] on Thursday unsealed [press release] the indictment against seven Iranian computer specialists. The computer specialists regularly works for the country’s Islamic Revolutionary Guards Corps. The indictment charged [text, PDF] that the computer specialists were behind cyber attacks on dozens of American banks and that the group attempted to take over the controls for a small dam in Rye, New York. The list of banks that were attacked include JPMorgan Chase, Bank of American, Capital One and PNC Bank. The indictment also cited attacks on the New York Stock Exchange and AT&T. The indictment charged Ahmad Fathi, Hamid Firoozi, Amin Shokohi, Sadegh Ahmadzadegan, Omid Ghaffarinia, Sina Keissar and Nader Saedi. Intelligence experts have long speculated [NYT report] that the attacks aimed at some of America’s largest banks have been in retaliation for an American-led cyber-attack on Iran’s main nuclear enrichment plant. All of the attacks were “disturbed denial of service” attacks (DDoS), in which the target’s computers are overwhelmed by coordinated computer requests from thousands of machines around the world. This type of attack often results in a network crash putting the servers of the target out of service.
The Obama administration has identified cyber-security as “one of the most serious economic and national security issues” that the US is currently facing, and the US government has dedicated significant resources to address the issue. In April 2013 the US House of Representatives passed a controversial cybersecurity bill [JURIST report] that allows corporations to share customers’ personal data with other firms and the US government, even if a company contract prohibits such activity. A year prior, Obama administration official Melanie Ann Pustay testified before the Senate Judiciary Committee to urge congressional officials to amend [JURIST report] the Freedom of Information Act in order to strengthen the government’s ability to prevent disclosure of information related to critical infrastructure and cyber-security.