By Stormi O'Donnell
SecureWorld Media
Seven Iranian hackers have been indicted by a grand jury for targeting banks and a New York dam in denial of service (DDoS) attacks. The group was employed by two Iran-based computer companies, ITSecTeam (ITSEC) and Mersad Company (MERSAD). The companies performed work for the Iranian Government.
The string of attacks lasted 176 days and cost tens of millions of dollars. The bank attacks shut down websites, and stopped customers from accessing their accounts online. One of the accused, Hamid Firoozi, is also accused of hacking into the Supervisory Control and Data Acquisition (SCADA) systems of the Bowman Dam, located in Rye, New York, in August and September of 2013. The dam hack should serve as a wakeup call for everyone, as it proves that our infrastructure can and has been hacked.
"Like past nation state-sponsored hackers, these defendants and their backers believed that they could attack our critical infrastructure without consequence, from behind a veil of cyber anonymity," said Assistant Attorney General Carlin. "This indictment once again shows there is no such veil - we can and will expose malicious cyber hackers engaging in unlawful acts that threaten our public safety and national security."
The problem with this case is that it claims Firoozi hacked into the dam infrastructure not once, but twice. The alleged attack also happened in 2013, meaning this was by no means a quick investigation. If a hacker was able to successfully tap into critical infrastructure twice, and get away with it for a couple of years, then what does it say about security?
Checkout this excerpt from the press release:
Between Aug. 28, 2013, and Sept. 18, 2013, Firoozi repeatedly obtained unauthorized access to the SCADA systems of the Bowman Dam, and is charged with one substantive count of obtaining and aiding and abetting computer hacking. This unauthorized access allowed him to repeatedly obtain information regarding the status and operation of the dam, including information about the water levels, temperature and status of the sluice gate, which is responsible for controlling water levels and flow rates. Although that access would normally have permitted Firoozi to remotely operate and manipulate the Bowman Dam's sluice gate, Firoozi did not have that capability because the sluice gate had been manually disconnected for maintenance at the time of the intrusion.
Yes, Firoozi would have normally been able to remotely operate the dam's gate if it wouldn't have been down for maintenance. While the indictment is great news, the real story here is that our critical infrastructure is open to hackers. It's time to make major investments in cybersecurity, and if this doesn't prove it, then we're all in for a long ride.