International cyber warfare took a very local turn on Thursday, when U.S. Attorney General Loretta Lynch, FBI Director James Comey and U.S. Attorney Preet Bharara announced indictments against seven Iranian contractors who work extensively with their country's military. The seven, all men, allegedly attacked U.S. banks in a manner that's been done by other cyber warriors before. But it was the other thing that they did, according to prosecutors, that's unusual and concerning.
"The threat to our infrastructure, like Bowman Dam," said Attorney General Loretta Lynch at a press conference in Washington, "is definitely of concern to us."
She was referring to the Bowman Avenue Dam in Rye Brook. It's a 50 foot-long structure that the town's mayor, Paul Rosenberg, described as a "little, unimportant dam."
He, just like the attorney general and other federal law enforcement figures said they see the overwhelming importance that the water control structure has in bringing the Iranian alleged cyber criminals to justice.
According to the indictment unsealed on Thursday, the Iranian hackers managed to access software being used during the replacement of a sluice gate on the dam a few years ago. Even though the hackers weren't able to take over operation of the structure that regulates the water flow of Blind Brook here, they were able to access infrastructure -- ours -- half a world away.
It's an impressive act of cyber warfare, but as Lynch pointed out, one other thing that was not achieved by the accused rogue programmers is most prized by them.
"An important part of their activity is perceived anonymity," she said. "This indictment shows they cannot hide."
That indictment not only named Ahmad Fathi, Hamid Firoozi, Amin Shokohi, Mohammad Sadegh Ahmadzategun, Omid Ghaffarinia, Sina Keissar and Nader Saedi, the FBI added them to its Most Wanted list, and published their photos.
Even though their access to infrastructure, in the form of the dam, has gotten a lot of attention, the hackers' most serious crime was disrupting the day to day transactions of thousands of customers of U.S. banks, including JPMorgan Chase and Bank of America.
The cyber attacks on banks cost tens of millions in dollars, the attorney general said, in time lost and security fixes.
"We've got to put it out there so the world knows these people are bad people," cyber security expert Robert Strang said in an interview. "They committed crimes and people need to know to stay away from them."
Strang is the former head of New York state's 9/11 task force, and as CEO of Investigative Management Group, he's a cyber security consultant to a variety of Fortune 500 companies.
He said that naming the alleged attackers, even if they can't be extradited, is an effective deterrent. It's also the latest battle in the cyber war, he said.
"We're getting better, they're getting better," he said, describing the overall situation between law enforcement and cyber criminals," he said. "I tell young people, when they ask about a career, to go into cyber security. Unfortunately, there's a great future in it."