As had been rumored for some time, the Justice Department on Thursday unsealed indictments against seven Iranian hackers tied to the Iran’s Islamic Revolutionary Guards Corps alleging that they were responsible for hacks against 46 American banks, corporations and financial institutions as well as a small dam in Rye, New York.  Among the targets of the hackers were Ally Bank, American Express, Ameriprise, Bank of America, J.P. Morgan Chase, Citibank, Citizens Bank, Wells Fargo, AT&T and the NY Stock Exchange.

The attacks against the financial institutions were distributed denial of service (DDOS) attacks where the targeted companies were shut down after being overwhelmed by a coordinated onslaught of requests sent by networks of botnet computers.  Generally, these attacks are not much more than nuisances as the primary damage is just the taking down of the targeted websites for a few hours.

In the case of the attack on the Rye dam, however, the attack was intended to be able to control the dam allowing the hacker to release water, however, because the gate had been disconnected for maintenance at the time of the hacking, the hackers were unable to actually exercise control over the dam.

There is little expectation that the hackers named in the indictments will ever be brought to the United States to stand trial, however, the indictments serve both to put Iran and others seeking to take similar actions against the United States and its infrastructure on notice that they are being monitored as well as to possibly spur governmental sanctions against country’s sponsoring such activities.


The takeaway from these indictments is clear and something I have been warning you about for years, namely, that the infrastructure of the United States as well as every other country on the Globe is in danger of potentially devastating cyberattacks.  Our electrical grid, water supply, nuclear power plants and every other aspect of our infrastructure are part of the vulnerable Internet of Things and neither the federal government nor private industry that own and control most of these infrastructure elements have done enough to protect their security.  Hopefully, these indictments will serve to induce the government and private industry to take strong and effective action immediately.