Security Experts:

Connect with us

Hi, what are you looking for?



Iranian Hacked Computer Controlling US Dam: Prosecutors

One of seven Iranian suspects indicted by the US government and linked to the Iranian government hacked into the system controlling an American dam in 2013, prosecutors announced Thursday.

One of seven Iranian suspects indicted by the US government and linked to the Iranian government hacked into the system controlling an American dam in 2013, prosecutors announced Thursday.

U.S. authorities announced today charges against seven Iranian nationals for their alleged involvement in cyberattacks aimed at banks and a small New York dam.

According to authorities, the seven suspects are experienced hackers employed by two IT security companies working for the Iranian government, including the Islamic Revolutionary Guard Corps. The attacks launched by these individuals, all of whom are still at large, are said to have cost victims tens of millions of dollars.

The alleged hackers indicted today are believed to be responsible for the distributed denial-of-service (DDoS) attacks launched against 46 U.S. banks between late 2011 and mid-2013.

One of the suspects, Hamid Firoozi, has also been charged in connection to a hacker attack targeting the Bowman Dam in Rye, New York. Authorities said he repeatedly breached the dam’s computer systems between August and September 2013, allowing him to obtain information about the status and operation of the facility.

In a presentation at the RSA Conference, Andre McGregor, former FBI cyber special agent and current director of security at Tanium, said the attackers breached the New York dam after finding one of the facility’s Windows XP machines on the Internet using the Shodan search engine. They gained access to the device by brute-forcing its password, which was “666666.”

The expert said the attackers believed the dam was much bigger than it actually was, and while they managed to access its control systems, they couldn’t cause any damage because the facility was not functional at the time. McGregor noted that a group acting as a front for the Iranian Revolutionary Guard Corps took credit for the attack only after U.S. authorities made the incident public.

“At the time of his alleged intrusion, the dam was undergoing maintenance and had been disconnected from the system. But for that fact, that access would have given him the ability to control water levels and flow rates – an outcome that could have posed a clear danger to the public health and safety of Americans,” said Attorney General Loretta E. Lynch.

In an interview with SecurityWeek, McGregor said the US determines the source of an attack based on evidence collected from the systems of targeted organizations, and information from intelligence community partners involved in cyber intelligence collection outside the United States, such as the CIA, the NSA and the Department of Defense.

Iranian hackers are believed to be responsible not only for the attacks on banks and the New York dam, but also the operations aimed at Saudi Arabian oil company Saudi Aramco and the Sands Casino in Las Vegas.

The news that Iranian hackers have been indicted comes just days after US authorities unveiled criminal charges against three alleged members of the Syrian Electronic Army hacktivist group. The suspects, Syrian nationals Ahmad Umar Agha, Firas Dardar and Peter Romar, have been charged with conspiracy, unauthorized access to computers, receiving the proceeds of extortion, money laundering and wire fraud.

The FBI also announced that it added Agha and Dardar, who are both believed to be residing in Syria, to its “Cyber Most Wanted” list, offering $100,000 for information leading to their arrest.

“While the attackers don’t appear to have penetrated the dam’s operational systems, this event is a reminder of how important it is for us to protect critical infrastructure, whether at the nation-wide, state, local, or private sector level,” Steve Grobman, Intel Security CTO, told SecurityWeek.

“This event is also a reminder that cyber-attack and cyber-exploitation tools and expertise are available to those willing to pay for them,” Grobman added. “An entire underground cyber-exploitation ecosystem has evolved, where the latest malware and hackers services to execute attacks can be purchased. This magnifies the capabilities of a less resourced entity to launch sophisticated attacks.”

“It’s a matter of resources, motivation, persistence, and opportunity,” he said.

RelatedCyberterrorist Attacks Unsophisticated but Effective, Says Former FBI Agent

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...


A newly identified threat actor tracked as NewsPenguin has been targeting military organizations in Pakistan with sophisticated malware.