WASHINGTON, D.C. — The Obama administration is preparing to publicly attribute a 2013 cyber attack against a New York dam to Iranian hackers, according to U.S. officials familiar with the investigation.
The Justice Department has prepared an indictment against people thought to be behind the attack, according to the officials. An announcement could come in the next week.
The intrusion at the Bowman Avenue Dam, around 30 miles north of New York City in suburban Rye, New York, isn’t considered sophisticated — the hackers managed only to get access to some back office systems, not the operational systems of the dam, U.S. officials say. U.S. investigators quickly determined the attack was carried out by hackers working for the Iranian government.
But the attack alarmed Obama administration officials who have voiced concerns about the vulnerability of U.S. infrastructure to cyber attacks.
White House and Justice Department spokesmen declined to comment on plans to attribute blame for the attack. But Justice Department spokesman Marc Raimondi said in a statement that the agency takes “malicious activity in cyberspace seriously, and we will continue to use all the tools at our disposal to prevent, deter, detect, counter and mitigate such activity.”
The public attribution of the dam attack is part of a U.S. strategy shift in recent years to publicly “name and shame” countries and, if possible, people behind the proliferation of cyber intrusions targeting U.S. companies and government networks.
In 2014, the Justice Department filed charges against members of the Chinese military allegedly behind a series of intrusions of U.S. industrial companies. Last year, the FBI publicly named North Korea as behind the devastating attack on Sony Pictures Entertainment.
Leo Taddeo, chief security officer of security firm Cryptzone and former chief of cyber investigations for the FBI in New York, says the U.S. private sector companies that operate the nation’s critical infrastructure need the government’s help to try to discourage such attacks.
“We’re always concerned when we see nation-state activity probing our infrastructure,” Taddeo said, speaking generally about the Rye attack.
“By naming and shaming, you might bring attention to the issue and bring additional resources to bear on it,” he said.
U.S. officials say the Rye attack occurred at a time that Iranian hackers also were conducting similar probing attacks on U.S. financial institutions.
Also at the time, the U.S. and Iran were conducting talks over the Iranian nuclear program.
The dam attackers appeared to use off-the-shelf malicious software tools, officials say. And U.S. officials were puzzled about why a relatively minor piece of U.S. infrastructure was targeted.
“The fact that you can affect the infrastructure with stuff you can download off the Internet shouldn’t give us any comfort,” Taddeo said. It shows that “actors with very little skill” can do tremendous damage, he added.
Iranian cyber activity is on the upswing, and top U.S. intelligence officials say they are increasing resources to counter the possible threat, even amid a diplomatic rapprochement between the U.S. and Iran following the nuclear agreement.
The U.S. has also been partly behind cyber attacks on Iran’s nuclear program. In 2009 and 2010, U.S. and Israeli spies used a malicious computer bug called Stuxnet to damage an Iranian nuclear facility.