The US charged seven hackers linked to the Iranian government with executing large-scale cyberattacks on dozens of banks as well as a small dam outside New York City – intrusions that law enforcement officials said reached into America's infrastructure and disrupted the nation's financial system.
An indictment announced by the Justice Department shows a determination by overseas hackers to cripple vital American interests, the officials said.
The hackers are accused of infecting thousands of people's computers with malware to create a network used to overwhelm servers of major institutions to knock them offline. Those included the Bank of America, NASDAQ and the New York Stock Exchange.
"The attacks were relentless, systematic and widespread," said Attorney General Loretta Lynch. "They threatened our economic well-being and our ability to compete fairly in the global marketplace, both of which are directly linked to our national security."
In addition, one of the alleged hackers is accused of repeatedly gaining access to the control system of the Bowman Avenue Dam, a small flood-control structure in Rye Brook, about 20 miles north of New York City. With that access, the hacker was able to gain information about the dam's operations, including its water level, temperature and sluice gate.
The hacker would have been able to operate a digitally controlled sluice gate and send water pouring into the city of Rye, but the gate had been disconnected for maintenance when the intrusion occurred, the officials said.
While that attack did no harm, one official said the hacker obtained knowledge that could be used on other dams and infrastructure.
The indictments unsealed stem from cyber intrusions between 2011 and 2013 that officials say targeted 46 victims, primarily in the financial sector, disabling bank websites and interfering with customers' ability to do online banking. The attacks, which occurred sporadically over 176 days, cost the institutions tens of millions of dollars in remediation costs, but no customers lost money or had their personal information stolen.
The accused hackers worked for a pair of Iranian computer companies linked to the Iranian government, including the Islamic Revolutionary Guard Corps, the US said. Charges include violating US laws, including computer hacking and gaining unauthorised access to a protected computer.
None of the individuals is in American custody, and it's not clear whether they will ever be arrested or whether criminal indictments in absentia can be effective in combatting such crimes.
The Justice Department in May 2014 indicted five Chinese military officials suspected of hacking into several major American companies – including US Steel and Westinghouse – and stealing trade secrets and confidential business information. None has been brought to the US to face charges.
Officials said the goal of such indictments is to put cybercriminals on notice that their mouse clicks can be traced, even from the other side of the globe.
"The message of this case is that we will work together to shrink the world and impose costs on these people so that no matter where they are, we will reach them," said FBI Director James Comey.
The Justice Department is determined to remove a cloak of "perceived anonymity" long enjoyed by foreign hackers, said John Carlin, the department's top national security official.
The seven defendants are Ahmad Fathi, 37; Hamid Firoozi, 34; Amin Shokohi, 25; Sadegh Ahmadzadega, 23; Omid Ghaffarinia, 25; Sina Keissar, 25, and Nader Saedi, 26. Faroozi is charged by himself in the hack of the dam.
The criminal case is the latest salvo in a contentious cyber relationship between Iran and the US, and it comes amid a warming of relations between the longtime foes following last year's landmark nuclear agreement.
Since rolling back its nuclear program this year, Iran has regained access to some $100 billion in overseas assets and the two countries' top diplomats have been meeting and discussing global matters at their most intensive level since Iran's 1979 overthrow of the US-backed shah.
Significant tensions remain, however. Iran has conducted several ballistic missile tests in violation of a UN ban, prompting the latest US sanctions against the Islamic Republic.
In 2010, the so-called Stuxnet virus disrupted the operation of thousands of centrifuges at a uranium enrichment facility in Iran. Iran says that assault and other computer virus attacks are part of a concerted effort by Israel, the US and their allies to undermine its nuclear programme through covert operations.
The latest Iranian attacks were a reminder of US vulnerabilities, said Luke Demobosky, who supervised cyber cases at the Justice Department until March 1. "We were very fortunate that this access did not lead to something catastrophic, but the next one might," he said.
In December, hackers linked to Russia used a coordinated attack to take down part of Ukraine's power grid, blacking out more than 225,000 people after hitting regional electric power distribution companies. US officials called that the realisation of a nightmare scenario — that hackers can remotely take down a critical system on which a country depends.