The US government on Thursday charged seven hackers allegedly linked to the Iranian government for a campaign of cyber-attacks targeting 46 financial institutions and a New York dam.
It is the first time the United States has charged individuals linked with a foreign government with trying to disrupt critical infrastructure.
The accused Iranian hackers broke into computers of major US banks between 2011 and 2013, causing millions of dollars in lost business, the US Justice Department said.
Those targeted included the New York Stock Exchange, the Bank of America, NASDAQ, JPMorgan Chase Wells Fargo and American Express.
The seven accused worked for a pair of Iranian computer companies linked to the Iranian government, including the Islamic Revolutionary Guard Corps, US officials said.
They are accused of infecting thousands of people’s computers with malware to create a network used to overwhelm servers of major institutions to knock them offline.
“These attacks were relentless, they were systematic, and they were widespread,” US Attorney General Loretta Lynch told a Washington news conference on Thursday.
“They threatened our economic wellbeing and our ability to compete fairly in the global marketplace, both of which are directly linked to our national security.”
There was no immediate comment from Tehran.
One of the alleged hackers is accused of repeatedly gaining access to the control system of the Bowman Avenue Dam, a small flood-control structure in Rye Brook, about 30km north of New York City. With that access, the hacker was able to gain information about the dam’s operations, including its water level, temperature and sluice gate.
The hacker would have been able to operate a digitally controlled sluice gate and send water pouring into the city of Rye, but the gate had been disconnected for maintenance when the intrusion occurred, US officials said.
While that attack did no harm, one official told the Associated Press that the hacker had obtained knowledge that could be used on other dams and infrastructure. The official spoke on condition of anonymity because he was not authorised to talk publicly.
The seven defendants were identified as Ahmad Fathi, 37; Hamid Firoozi, 34; Amin Shokohi, 25; Sadegh Ahmadzadega, 23; Omid Ghaffarinia, 25; Sina Keissar, 25, and Nader Saedi, 26.
They are accused of conspiracy to commit computer hacking while employed by two Iran-based computer companies, ITSecTeam and Mersad Company.
The alleged hackers live in Iran and the Iranian government is not expected to extradite them.
“It’s very unlikely that the Iranian government will allow these people to be arrested and have them sent to the United States to face these charges,” said Al Jazeera’s Kimberly Halkett, reporting from Washington.
Yet, US officials said the goal of such indictments is to put cyber-criminals on notice that their activities can be traced.
“The message of this case is that we will work together to shrink the world and impose costs on these people so that no matter where they are, we will reach them,” said FBI Director James Comey.