The DDoS attacks, which overwhelmed servers and thereby denied Internet access to legitimate users, collectively required tens of millions of dollars to mitigate. The attacks began in December 2011, and by September 2012 were occurring on nearly a weekly basis. On certain days, hundreds of thousands of customers were cut off from online access to their bank accounts.

According to court documents, one of the hackers who helped build the botnet used in some of the attacks received credit for his computer intrusion work from the Iranian government toward completion of his mandatory military service requirement. Other defendants have claimed responsibility for hacking servers belonging to NASA and for intrusions into thousands of other servers in the U.S., the United Kingdom, and Israel.

Since the attacks, the FBI and the Department of Justice have worked with the private sector to neutralize and remediate the botnets. The Bureau also conducted extensive outreach to Internet service providers to assist in removing the malware from affected servers. Through these efforts, more than 90 percent of the threat has been successfully eliminated.

“By calling out the individuals and nations who use cyber attacks to threaten American enterprise, as we have done in this indictment, we will change behavior,” Comey said. Referring to the fact that the defendants are currently out of U.S. reach, he added, “The world is small, and our memories are long. No matter where hackers are in the world and no matter how hard they try to conceal their identities, we will find ways to pierce that shield and identify them. That is the message of this case.”

In addition to targeting the U.S. financial sector, one of the defendants repeatedly gained access to computer systems of the Bowman Dam in Rye, New York in 2013. Although the defendant never gained control of the dam, his access allowed him to learn critical information about the dam’s operation, including details about gates that control water levels and flow rates. The breach underscored the potential vulnerabilities of the nation’s critical infrastructure to foreign hackers and could have posed “a clear and present danger to the public health and safety of Americans,” said Attorney General Lynch.

Resources:

- Press release

- Wanted poster