A number of high-profile cases involving international cyber attacks on the U.S. have been unsealed for the public. The incidents, released by the Department of Justice, involve everything from hacking U.S. banks to online hoaxes regarding a terrorist attack, and hacking critical infrastructure sectors—including a defense contractor and a New York dam.
Mitigating cybercrimes that originate within the U.S. is a challenge, much less from hostile international actors. These attacks remind us ever more the importance cyber security continues to play in our national security and day-to-day life.
Syrian Electronic Army
Three members of the Syrian Electronic Army (SEA) were charged with a number of crimes including targeting U.S. government sites, spear-phishing and ransomware attacks, and targeting media sites. The Syrian Electronic Army has established itself in support of Syrian dictator Bashar al-Assad.
Two criminal complaints are cited, one beginning in 2011 and the other beginning in 2013. The three Syrian nationals named in the complaints—Ahmad “The Pro” Agha, Firas “The Shadow” Dardar, and Peter “Pierre” Romar—not only worked to attack public and private organizations “antagonistic” towards the Syrian government, but later used their computer skills to exploit their victims for monetary gains.
A Chinese national pleaded guilty to an indictment brought against him in 2014 for conspiracy to hack sensitive information from military contractors. Between 2008 and 2014, Su “Stephen” Bin conspired with two others in China to steal information regarding the C-17 strategic transport aircraft and other jet fighter crafts. The F-22 Raptor and F-35 Lighting were also referenced in the file. Bin and his co-conspirators were then planning to sell the information they gathered illegally for financial gain.
Bin operated a business that supplied equipment to the aviation and aerospace industry. He used this and his prior knowledge of the industry so he and his co-conspirators illegally accessed Boeing’s information systems. Bin was later arrested in Canada and extradited to the U.S. There has been no indictment of the co-conspirators.
Islamic Revolutionary Guard Corps
Seven workers affiliated with Iran’s Islamic Revolutionary Guard Corps are charged with hacking U.S. banks and a dam in New York.
Between 2011 and 2013, employees of Iran-based computer companies “ITSecTeam” and “Mersad” Company launched distributed denial of service attacks on U.S. financial companies. At least 46 major financial institutes are reported to have been impacted including Bank of America, Capital One, J.P. Morgan Chase, Wells Fargo, BB&T, PNC Bank, American Express, Citibank, and the New York Stock Exchange to name a few. AT&T was also a victim of attacks. The group of seven worked together to create malicious code to expand its network of bots used to distribute the denial of service attacks.
Between August and Sept. 2013, one of the indicted illegally gained access to the supervisory control and data acquisition system of Bowman Dam, NY—allowing him access to its water level controls. Thankfully, a tragedy was avoided because the controls were manually disconnected at the time of the attack.
The indictment was issued on January 21st, less than a week after the implementation of the U.S. deal with Iran. The fact the indictment wasn’t unsealed until now should be of concern regarding how the administration may be misleading the public in favor of the deal.
All three incidents occurred prior to 2014. This alone should remind policymakers that seeking justice for cybercrimes requires patience and time (especially compared to the relatively very fast nature of a cyber attack).
Cyber attacks are on the rise, for both the U.S. public and private sector, as well as for our allies abroad. The U.S. must remain vigilant in its deterrence of cyber bad-actors who seek to steal, manipulate, or destroy the vital information held by our banks, our water systems, or our defense industry.