News: U.S. Justice Department Indicts Iranian Hackers

U.S. Justice Department Indicts Iranian Hackers

Last week, the U.S. Justice Department issued criminal indictments against seven Iranian hackers. These hackers, working for private companies in Iran, are accused of orchestrating DDoS attacks against U.S. financial institutions from 2011-2013 as well as intruding into the control panel of a small dam in Rye, New York. It is thought that these attacks were a response to the U.S. tightening financial restrictions on Iran during those years and the NSA-based Stuxnet attack on their uranium enrichment facility in 2010.

Image via Vanity Fair

The seven men charged, Ahmad Fathi, Hamid Firoozi, Amin Shokohi, Sadegh Ahmadzadegan (Nitr0jen26), Omid Ghaffarinia (PLuS), Sina Keissar, and Nader Saedi (Turk Server), all worked for two firms connected to the Iranian military, ITSecTeam and Mersad Co.

They are accused of commandeering web servers around the world to serve as zombies in their massive flood of packets aimed at targets in the States. If you remember from last year, I pointed out here that U.S. financial institutions were being attacked daily with DDoS attacks; These were apparently the attacks the Iranians were indicted for.

Cyber War: The Way of the World in the 21st Century

The significance of this indictment is probably most important in highlighting how international relations and warfare are being conducted in the 21st century.

At least 29 nations now have dedicated cyberwar departments whose task is to spy on and intrude on their enemies' computer systems. Many other nations, like the U.S., Russia, and apparently Iran now, contract out out some of these activities to private companies. Several U.S. Department of Defense contractors now have cyber warfare and cyber espionage units.

I can personally testify that both the CIA and NSA contract out these services to private companies, as I have trained many of their personnel at these companies.

Image via Unknown

This also highlights why I contend that hacking is the most important and valuable skill set in the 21st century. Nations without a cyberwar unit are like countries without an air force; they simply will not have a chance of success in any future conflicts. As such, nations around the world are scrambling to hire skilled hackers to man their cyber warfare units.

The UK's Ministry of Defence recently dropped its grooming requirements for its hacking units, and the U.S. Army has talked about dropping grooming and fitness requirements for similar jobs (they have been using waivers on a case-by-case basis so far), hoping to attract more long-haired, overweight, and bearded hackers.

Risks to Individual Hackers

The downside to this indictment is that the U.S., instead of indicting and verbally attacking Iran for these activities, is indicting the individuals who were ordered to undertake these attacks. This means that if these individuals travel to a country where the U.S. has jurisdiction, they may be arrested and brought stateside for trial.

Although that may seem like an appropriate response, remember that these types of actions can go both ways. If you are working for a contractor of the DoD or another nation's military, and you are given orders to hack their financial infrastructure, you may be indicted by the that nation's law enforcement. Then, while vacationing someplace on a sunny beach with the love of your life, you could be arrested and detained for your "crimes." I think this sets a very dangerous precedent. Its akin to charging individual soldiers for crimes in a war.

It is likely that all nations will continue to heat up their cyber warfare efforts, driving the demand for skilled hackers in coming years. That's great for all of us. Let's hope, though, that this indictment of Iranian hackers does not set a precedent as it will put all hackers taking orders from their government at risk.

6 Comments

Very good article, OTW.

Iran and the alleged hackers still deny any participation in that hack, so I won't jump to any conclusions.

I definitely share your concerns. It is completely irrational to target the individual hackers. It's like a government would sue a soldier for shooting an enemy soldier (and in this case, the enemy soldier shot first - on behalf of his government).

If this becomes the norm, life as a cyber warrior would become very difficult.

It's one of the reasons why I chose to not become a cyber warrior later on in my life.

Being a cyber warrior seems fun and all, but right now it isn't worth the risk.

Also important: when a soldier shoots another soldier, the two countries usually are at war. Iran and the US aren't at war at the moment, so the situation is different.

-Phoenix750

You also have countries like Russia or China who prefer to kill their former Cyber Warriors rather than let them retire and become a possible information leak.

And yes, I know the U.S. and Iran are not officially at war. But that is probably only because the rules of cyberwar are yet to be defined. If Stuxnet would have been an analogue attack, that would have definitely been a declaration of war.

I believe it's about time that the UN defines rules for cyberwar then.

I'd also not be surprised if the US would kill their cyberwarriors too in the future. Unlike what it's constitution might say, the US is far from democratic nowadays. That's a fact. Maybe killing people would be a bit over the top, but it's always a possibility!

I'm just saying: we only know what we are being told.

-Phoenix750

its not so bad here...its usually easier to just pay unholy amounts of money to keep people quiet or threaten their family that works too.

Shared this with some friends. I really like these articles

Share Your Thoughts

  • Hot
  • Latest