U.S. Sanctions Iranian Nationals for Cyber Attacks against Banks

The Trump administration sanctioned seven Iranian nationals and an Iranian cyber security firm on Thursday on account of their culpability in cyber attacks against American banks.

Eleven entities and individuals were sanctioned, the Treasury Department announced, for supporting the Islamic Revolutionary Guards Corps (IRGC) — Iran’s élite state security battalion — and other entities implicated in cyberattacks targeting the U.S. financial system.

As the The Hill reports:

The seven Iranian nationals added to the Office of Foreign Assets Control sanctions list are the same ones indicted by the Justice Department in March 2016 for their role in coordinated cyberattacks against the U.S. financial sector between 2011 and 2013.

Treasury Secretary Steven Mnuchin cast the new sanction as part of a broader effort by the Trump administration to “take strong actions to counter Iran’s provocations.”

Those sanctioned include a private Iranian computer security company called ITSec Team, which allegedly conducted distributed denial of service (DDoS) attacks against at least nine large U.S. financial organizations, including banks and stock exchanges, between 2011 and 2012. The security company also did work on behalf of the Iranian government during the same period, according to the Treasury.

The administration also sanctioned three Iranian nationals for acting in connection with ITSec Team and sanctioned four Iranian nationals for their work on behalf of an Iran-based computer security company called Mersad Co., which has been affiliated with the IRGC, the Treasury said.

Both computer security companies are accused of coordinating DDoS attacks against 46 major companies, many of them part of the U.S. financial sector, between December 2011 and May 2013.

“Treasury will continue to take strong actions to counter Iran’s provocations, including support for the IRGC-Qods Force and terrorist extremists, the ongoing campaign of violence in Syria, and cyber-attacks meant to destabilize the U.S. financial system,” Mnuchin said in a statement.

Dam Cyberattack
The seven wanted Iranian hackers — Mohammad Sadegh Ahmadzadegan, Omid Ghaffarinia, Ahmad Fathi, Hamid Firoozi, Sina Keissar, Nader Saedi, and Amin Shokohi. (The Japan Times)

At least 46 major financial institutions and financial sector companies were targeted per a Reuters report of the original 2016 indictment, including JPMorgan Chase (JPM.N), Wells Fargo (WFC.N), and American Express (AXP.N); the telecommunications giant AT&T (T.N) was also targeted.

This instance of cyber warfare against American financial institutions is one leg in the Iranian jihād against the United States. Jihād of the sword is difficult, expensive, and requires calculated decisions. Those of the mouth, pen, and, in this case, of money, require only the abilities of a small number of talented individuals, whose efforts are difficult for a superpower to notice if it is not on constant, many-eyed guard.

The United States has not paid sufficient attention to its electronic and financial safety in this century, and it is likely a vain hope that government agencies will act sufficiently in the face of cyber attacks before something of greater magnitude renders any action irrelevant.

Leave a Reply