U.S. Tells Iran’s Cyberspies: You Can’t Hide Anymore
Top U.S. law enforcement officials on Thursday unsealed an indictment against seven alleged Iranian hackers who are accused of launched a massive campaign of attacks on U.S. bank websites and tried to take over the control systems of a small dam in New York.
But the more interesting story isn’t one about Iranian hackers. It’s about American ones.
In laying out the case, the Justice Department and the FBI revealed—albeit in broad strokes—the powerful capabilities that the U.S. government possesses to root out hackers around the world, and identify them by name, where they live, and where they work. And what’s more, officials want hackers to know that they cannot hide.
That’s a remarkable turnaround from just a few years ago, when U.S. officials were loath to acknowledge that they’d implanted sensors and other surveillance software in foreign countries’ computer networks. Now, officials are advertising that fact.
No matter how hard hackers try to remain anonymous, “we will find ways to pierce that shield and identify them,” FBI Director James Comey told reporters at a press conference in Washington, echoing similar tough talk by Attorney General Loretta Lynch, U.S. Attorney Preet Bharara, and Assistant Attorney General John Carlin, collectively some of the biggest guns in U.S. law enforcement.
Comey revealed little about the specific methods investigators used to find the seven alleged hackers, who officials say worked for two Iranian companies with connections to the Iranian government and the country’s Revolutionary Guard Corps.
“We want to know that we can [find them], we don’t want them to know how we can,” Comey said.
“I think that says it all,” Rich Barger, the co-founder of security firm ThreatConnect and a former Army intelligence analyst, told The Daily Beast. “I think that serves as a deterrent. And I think it reinforces to the American people that the U.S. is going to lean forward into some of these more noteworthy attacks.”
This is the third time that the government has publicly implicated state-backed hackers or a specific country for attacking U.S. networks. In 2014, the Justice Department indicted Chinese hackers linked to the People’s Liberation Army (PLA) for stealing trade secrets and intellectual property from U.S. companies. Later that year, President Obama singled out North Korea as responsible for a damaging hack on the computers of Sony Pictures Entertainment. The U.S. responded by levying sanctions and launching retaliatory cyber attacks on North Korean computer networks.
And in 2015, the U.S. threatened to sanction Chinese companies and individuals ahead of a state visit by China’s president, Xi Jinping. Those threats helped persuade China to reach a deal with the U.S. to stop hacking American companies for commercial gain, officials have said.
“The Justice Department and parts of the White House want to send a message to potential attackers; you aren’t invisible and there will be consequences,” James Lewis, a senior fellow and security expert at the Center for Strategic and International Studies, told The Daily Beast. “I see the PLA indictment, Sony, Xi sanctions threats, and now this as a progression that come from the same strategy.”
Lewis added that recent U.S. actions dispel the “attribution myth” that there’s some insurmountable technical barrier that keeps investigators from ever knowing for sure who was behind a particular hack.
The Obama administration chipped away at that idea when it blamed North Korea for the Sony hacks. U.S. officials told The Daily Beast at the time that they were sure the Hermit Kingdom was to blame because U.S. intelligence had penetrated North Korean networks and could trace the attacks back to their source.
The new indictments of Iranian hackers appear to flow from the same kind of spycraft. Officials know the hackers’ names, their ages, their employers, the dates the men were plying their trade, as well as some personal details. For instance, one alleged hacker, Amin Shokohi, received credit for his work toward his mandatory military service in Iran, prosecutors allege.
It’s been a busy week for U.S. cyber sleuths. On Wednesday, a Chinese man pleaded guilty to hacking U.S. defense companies. And earlier this week the FBI revealed that it may have found a way to extract information from the iPhone used by one of the San Bernardino shooters without forcing Apple to assist the investigation, a stunning turnaround for an agency that had previously said it knew of no other way to crack the iPhone’s powerful security features.
Lawmakers congratulated the FBI and Justice Department for going after Iran and cracking down on China.
“The indictment and guilty plea prove the extent to which the United States will go to investigate, root out and pursue those who attack us through cyberspace, and it should serve as a strong message to all hackers, whether criminals or nation states, that their anonymity is not guaranteed online,” Rep. Adam Schiff, the senior Democrat on the House Intelligence Committee, said in a statement.
“We will use all tools in our arsenal to bring the perpetrators of illegal hacks to justice, wherever they may be,” Schiff said.