March 20, 2016
Iran was responsible for a 2013 cyber attack on a flood control dam located outside New York City, the US Justice Department has determined.
US officials have told several news outlets in recent days that the Justice Department will soon file charges over the cyber attack that targeted the Bowman Avenue Dam in Rye Brook, New York in 2013. Some reports said five Iranians would be named.
According to CNN, US officials have been able to trace the attack to hackers working for the Iranian government. The incident was considered unsophisticated, as hackers were only able to gain control of some of the dam’s technology through a cellular module, but did not have the power to shut off the dam or control its water supply.
The dam is a very small one that is essentially designed to keep heavy rain water out of the streets in the city of Rye and the village of Rye Brook.
New York City, which is about 20 miles (30 kilometers) south, would not be impacted if the small dam were breached.
But what has raised eyebrows all across the country is the awareness that Iranian hackers were probing American infrastructure.
Some dismissed the cyber attack as possibly little more than a show by hardliners in Iran in response to the far more serious US Stuxnet attack that crashed about 1,000 Iranian centrifuges at the uranium enrichment plant in Natanz a few years earlier. That attack reached into an Iranian computer system that was intentionally not linked to the Internet. The Rye Brook attack only got into the non-operational parts of the dam that were linked to the Internet.
Some speculated the Islamic Republic picked the Bowman Avenue Dam in Rye Brook because it was the closest dam to New York City and an attack on that dam might be perceived as an attack on the largest concentration of population in the United States.
Still, the incident gained the attention of the White House, and the US Department of Homeland Security has warned American companies to strengthen their systems to avoid such an assault.
A public announcement of Iran’s involvement in the hacking incident could come as early as next month, a Washington source told CNN.
Leo Taddeo, chief security officer of the Cyptzone security company, told CNN a “public shaming” of Iran by the US could prove beneficial to American companies seeking to protect their infrastructure.
The public attribution of the dam attack is part of a US policy shift in recent years to publicly “name and shame” countries and, if possible, individuals behind the proliferation of cyber intrusions targeting US companies and government networks.
In 2014, the Justice Department filed charges against members of the Chinese military allegedly behind a series of intrusions at US industrial companies. Last year, the FBI publicly named North Korea as behind an attack on Sony Pictures Entertainment, the firm that produced a comedy film mocking North Korea.
US officials said the Rye Brook attack occurred while Iranian hackers also were striking a multitude of US financial institutions. Those attacks were very simple, but conducted on a massive scale. The Iranian hackers did not try to steal any money or records. They simply overloaded bank websites with so many visits that regular clients couldn’t get on and access their accounts. The attacks continued for a year before ending.
The dam attackers appeared to use off-the-shelf malicious software tools, officials said. US officials were puzzled about why a relatively minor piece of US infrastructure was targeted.
“The fact that you can affect the infrastructure with stuff you can download off the Internet shouldn’t give us any comfort,” Taddeo said.