WASHINGTON -- The indictment against seven Iranian hackers linked to attacks on dozens of banks and a small dam near New York City is part of a strategy to name and shame foreign governments that support such attacks, the Justice Department's top national security official said Friday.
Though cyberattacks were once investigated mostly for intelligence purposes, U.S. officials are increasingly investigating them with an eye toward building a criminal prosecution and identifying by name the hackers believed to be responsible -- and the nation that may be sponsoring them.
"We need to show that these are not anonymous, that there's no free pass because you do it behind a keyboard in a country far away," Assistant Attorney General John Carlin, the head of the department's national security division, said in an interview with The Associated Press.
Iran on Saturday brushed aside the charges filed against its citizens by U.S. prosecutors, accusing Washington of putting millions of Iranians in danger with its own attacks on Iran's nuclear program.
Iran's Foreign Ministry spokesman, Hossein Jaberi Ansari, told reporters that the U.S. "is not in any position to charge citizens of other countries, not least Iran's, without providing any documentary evidence," according to the semiofficial Iranian Students' News Agency.
Iran's mission to the United Nations did not immediately respond to a request for comment.
U.S. officials say their strategy, known colloquially as "name and shame," in place since 2012, also is demonstrated in indictments two years ago linking Chinese military hackers to economic espionage of American corporations and in the public blaming of North Korea for a cyberattack against Sony Pictures Entertainment.
The goal, Carlin said, is to have a new "sheriff" patrolling a cyberspace that he says has long resembled the Wild West, where foreign hackers have acted with impunity.
"If you let someone walk across your lawn long enough and don't tell them to stop, they get the right to walk across your lawn," he said.
It's hard to prove the strategy's effectiveness, or whether such indictments actually lead to decreases in hacking attempts. It's also unclear whether any of the Iranian hackers will ever be apprehended. The five Chinese defendants indicted on similar charges in May 2014 have yet to appear in an American courtroom, leading to criticism that the cases make a publicity splash but have little practical impact.
But government officials say their tactic can at least put foreign governments on notice that their actions are being watched, trap the defendants in their home countries and encourage a more frank dialogue. Some officials and experts, for instance, see a link between the Chinese hacking case and an agreement between China and the U.S. last year to curb economic cyberespionage.
"The Chinese response over the last 10 years was, 'We don't hack.' Now [you] have the president of China saying, 'We're going to make changes,'" said Shawn Henry, a former FBI executive assistant director and president of CrowdStrike Services, a cybersecurity company.
Henry said the prosecutions can take time to yield results and the success of the tactics needs to be evaluated over the long run. For instance, a CrowdStrike report issued last fall -- weeks after China and the U.S. announced their agreement -- showed continued Chinese hacking attempts on American corporate intellectual property
In publicly announcing charges, federal officials have likely deterred the hackers from ever traveling, which probably limits their chances of being arrested.
In other cases, though, prosecutors have filed charges under seal that were unveiled only after the targeted defendant traveled. That was the case with Su Bin, a Chinese businessman arrested in Canada two years ago and who pleaded guilty Wednesday to hacking U.S. defense contractors and stealing military information.
The most recent case, announced Thursday, accuses Tehran-linked hackers of reaching into the U.S. infrastructure and disrupting its financial system. It was the first time the FBI attributed a breach of a U.S. computer system that controls critical infrastructure to a hacker linked to a foreign government.
The intrusions between 2011 and 2013 targeted 46 victims, disabling bank websites and interfering with customers' ability to do online banking, the indictment states. The entire coordinated campaign occurred sporadically over 176 days and cost the institutions tens of millions of dollars in remediation costs; no customers lost money or had their personal information stolen.
The hackers worked for two Iranian computer companies linked to the Iranian government, including the Islamic Revolutionary Guard Corps, the U.S. said. Charges include violating U.S. laws on computer hacking and gaining unauthorized access to a protected computer.
Iran has previously been suspected in hacking attempts. A Wall Street Journal report in November linked Iran's Revolutionary Guard to similar hacking and phishing attempts targeting the email and social-media accounts of Obama administration officials.
But Jaberi Ansari said Saturday that "Iran has never had dangerous actions in cyberspace on its agenda nor has it ever supported such actions," adding that the U.S. was behind a series of cyberattacks on Iran's nuclear program that put "the lives of millions of innocent people" at risk of an environment disaster, according to the semiofficial Iranian news agency.
Information for this article was contributed by Jon Gambrell and Bradley Klapper of The Associated Press; and by Golnar Motevalli of Bloomberg News.
A Section on 03/27/2016