Federal prosecutors in New York have accused seven Iranian operatives of carrying out 176 days of coordinated denial-of-service attacks against 46 "major financial institutions" including the New York Stock Exchange, Bank of America and Capital One.
The "experienced computer hackers" worked for a private company that court records said "performed work on behalf of the Iranian government."
The "large-scale coordinated campaign" began in December 2011 and ran through May 2013, according to prosecutors. During that time, "hundreds of thousands of customers were unable to access their bank accounts online." Neutralizing the cyber-attacks cost the banks tens of millions of dollars, prosecutors charged.
One of the Iranians was also accused of obtaining "unauthorized" remote access to the controls of Bowman Dam in Rye, New York.
Currently, there have been no arrests. But top Justice Department and FBI officials insisted the charges brought today will send a "powerful message" around the world.
"Like past nation state-sponsored hackers, these defendants and their backers believed that they could attack our critical infrastructure without consequence, from behind a veil of cyber anonymity," the head of the Justice Department's National Security Division, Assistant Attorney General John Carlin, said. "This indictment once again shows there is no such veil – we can and will expose malicious cyber hackers engaging in unlawful acts that threaten our public safety and national security."
Likewise, FBI Director James Comey vowed his agents "will find those behind cyber intrusions and hold them accountable — wherever they are, and whoever they are."