WASHINGTON (CN) - A grand jury indicted seven Iranian hackers on cybercrime charges Thursday. Federal prosecutors blame the hackers with breaching the servers of 46 financial institutions and taking control of a New York dam.
Each of the seven remains at large, and Iran is unlikely to assist in their capture. Though the companies that employed the hackers work with the Iranian government and the Iranian Revolutionary Guard Corps Attorney, there is no confirmation yet whether Iran directed the attacks.
U.S. Attorney General Loretta Lynch stayed mum on the issue at a joint press conference this morning, but Assistant Attorney General for National Security John Carlin referred to the hackers at a press conference Thursday as "nation state-sponsored."
The indictment says seven employees of Iranian computer companies ITSecTeam and Mersad Company launched coordinated DDoS attacks, short for distributed denial of service, on financial institutions in New York between 2011 and 2013. Six of the hackers remain at large.
Using a series of computers infected with malware to overwhelm the Internet-connected servers, a DDoS attackers bogs down its target's bandwidth with traffic from the compromised computers, preventing the server from maintaining legitimate internet traffic.
In this case, the Iranian attackers crippled the servers of 46 "major financial institutions" with as many as 140 gigabits of data per second, preventing hundreds of thousands of people from accessing their online bank accounts, according to the indictment.
Companies like Bank of America, NASDAQ, Capital One, ING, BB&T and PNC Bank lost tens of millions of dollars as they worked to get their systems back online after an attack, which typically occurred between Tuesday and Thursday during business hours, Lynch said.
"These attacks were relentless, systematic and widespread," Lynch said. "They threatened our economic well-being and our ability to compete fairly in the global marketplace - both of which are directly linked to our national security. And we believe that they were conducted with the sole purpose of undermining the targeted companies and damaging the online operation of America's free market."
U.S. Attorney Preet Bharara, for the Southern District of New York, said the choice to target New York was a careful one.
"The Iranian defendants intended New York to be the epicenter of harm," Bharara said at Thursday's press conference. "Because New York is the financial capital of the world, because New York has always been the blue chip target for those who want to harm our country."
Ahmad Fathi, Amin Shokohi, Sadegh Ahmadzadegan, Omid Ghaffarinia, Sina Keissar, Nader Saedi and Hamid Firoozi face up 10 years in prison if convicted of conspiracy to commit and aid and abet computer hacking.
Firoozi, a 34-year-old hacker accused of breaking into the Bowman Dam in Rye, N.Y., faces an additional five years.
If the dam had not been disconnected from the system while undergoing maintenance, Firoozi would have been able to control water levels and flow rates at will, Lynch said.
While the alleged hackers will be hard to reach in Iran, FBI Director James Comey said the indictment helps shatter the perception that cybercriminals can remain anonymous hiding behind their computer screens.
"People often ask us, 'well these people are in Iran so how are you ever going to get them,'" Comey said. "The world is small and our memories are long. We never say never. People often like to travel for vacation or education and we want them looking over their shoulder both when they travel and when they sit at a keyboard. That's the message of this case. There is no place safe on this increasingly small world."
Subscribe to Closing Arguments
Sign up for new weekly newsletter Closing Arguments to get the latest about ongoing trials, major litigation and hot cases and rulings in courthouses around the U.S. and the world.