Infrastructure protectionU.S. files case against Iranian government hackers behind attack on N.Y. dam

The flag of Iran // Source: commons.wikimedia.com

In 2013 hackers infiltrated the operations center for the Bowman Avenue Dam, a small dam on Blind Brook in Rye Brook, New York. DHS, in a classified report, later identified the attackers r identified the attackers as the same Iranian group responsible for attacks on PNC Financial Services Group, SunTrust, and Capital One Financial (“Iranian hackers attacked New York dam,” HSNW, 22 December 2015).

Now, CNN reports that the Department of Justice is set to file an indictment against the hackers behind the intrusion – hackers operating on the instructions of the Iranian government.

The government says that the controls of the dam were not accessed, and only “back office systems” were penetrated. The intrusion was made through a broadband cellular modem used to connect the small facility to the Internet. The Bowman Avenue facility was targeted by a network scan for industrial control systems exposed to the Internet.

CBS News reports that the National Security Agency (NSA) intercepted the scans from Iran, and passed a list of scanned Internet addresses to DHS. The address for the network at the Bowman Avenue Dam was on the list — but DHS officials were at first concerned that the attackers were going after the Arthur R. Bowman Dam near Prineville, Oregon, a much larger dam (but one with no floodgate controls).

The IP address was eventually traced to the small flood control dam in Rye.

DHS and the Department of Justice have now decided to move forward with the case against the Iranian hackers. Department of Justice spokesperson Marc Raimondi said in written statement to CNN that the DOJ takes “malicious activity in cyberspace seriously, and we will continue to use all the tools at our disposal to prevent, deter, detect, counter and mitigate such activity.”