United States Institute of Peace

The Iran Primer

US Navy Seizes Iranian Arms Shipment

On April 4, the U.S. Navy announced that the USS Sirocco had seized an Iranian arms shipment in the Arabian Sea on March 28, likely bound for Houthi rebels in Yemen. Iran is widely accused of backing the Houthis, a Zaydi Shiite movement that has been fighting Yemen’s Sunni-majority government since 2004.
The incident is the third of its kind in the last two months. On February 27, the Australian Navy seized more than 2,000 pieces of weaponry on a boat off the coast of Oman. On March 20, French naval forces seized a weapons cache in the northern Indian Ocean. Both shipments likely originated in Iran and were bound for Yemen via Somalia, according to U.S. military sources. The following is a press release from the U.S. Naval Forces Central Command followed by comments from U.S. officials.
For the third time in recent weeks, international naval forces operating in the waters of the Arabian Sea seized a shipment of illicit arms March 28, which the United States assessed originated in Iran and was likely bound for Houthi insurgents in Yemen.

The U.S. Navy Coastal Patrol ship USS Sirocco, operating as part of U.S. Naval Forces Central Command, intercepted and seized the shipment of weapons hidden aboard a small, stateless dhow. The illicit cargo included 1,500 AK-47s, 200 RPG launchers and 21 .50 caliber machine guns. 

The seizure was supported by USS Gravely (DDG 107), which was directed to the scene by United States Naval Forces Central Command following the discovery of the weapons by Sirocco's boarding team.

The weapons are now in U.S. custody awaiting final disposition. The dhow and its crew were allowed to depart once the illicit weapons were seized.

This seizure is the latest in a string of illicit weapons shipments assessed by the U.S. to have originated in Iran that were seized in the region by naval forces. 

The Royal Australian Navy's HMAS Darwin intercepted a dhow Feb. 27, confiscating nearly 2,000 AK-47 assault rifles, 100 rocket-propelled grenade launchers, 49 PKM general purpose machine guns, 39 PKM spare barrels and 20 60mm mortar tubes. 

A March 20 seizure by the French Navy destroyer FS Provence yielded almost 2,000 AK-47 assault rifles, 64 Dragunov sniper rifles, nine anti-tank missiles and other associated equipment. 

NAVCENT is responsible for approximately 2.5 million square miles of area including the Arabian Gulf, Red Sea, Gulf of Oman, parts of the Indian Ocean and 20 countries. 
 – April 4, 2016, in a U.S. Navy press release
White House Press Secretary Josh Earnest
Q    The Navy says in recent days it stopped an Iranian vessel loaded with weapons, likely heading for Yemen -- 1,500 AK-47s, 200 RPG launchers, 21 .50-caliber machine guns.  Is that an example of the Iranians following the letter of the agreement but not necessarily the spirit of it?  Or is that a violation?
MR. EARNEST:  Well, I think one thing that this illustrates is the commitment on the part of the United States to countering Iran's destabilizing activities in the region.  We obviously work with a whole host of other countries in that effort, and one of the things that President Obama will discuss at the GCC Summit in Saudi Arabia next month -- or I guess it's later this month now -- will be ramping up our efforts to counter Iran's destabilizing activities in the region.  And one example of their destabilizing activities is their ongoing materiel support for Houthi rebels in Yemen.
What I can tell you is that we obviously are concerned about this development because offering up support to the rebels in Yemen is something that is not at all consistent with U.N. Security Council resolutions.  And I'm confident that the United States and our other partners on the Security Council will take a close look at this incident, consider the available evidence, and if and when it's appropriate, raise this for other members of the Security Council.
Q    Would the United States like to see some kind of consequences for this kind of destabilizing behavior?  
MR. EARNEST:  I think at this point, it's too early to say exactly what we would suggest, but, again, I think this is a clear illustration that the United States is quite serious about working with other countries in the region to counter Iran's destabilizing activities in the Middle East.
– April 4, 2016, in a press briefing
Click here to read more on Yemen’s Houthis 

Iran Reacts to Ballistic Missile Sanctions

Iranian leaders declared that the Islamic Republic will continue its ballistic missile program in spite of new U.S. sanctions. The sanctions, enacted on March 24, targeted two Iranian companies for supporting Iran’s ballistic missile program. Foreign Minister Mohammad Javad Zarif claimed that Tehran’s missile program “has nothing to do with nuclear weapons” and pledged to respond to the new sanctions by boosting Iran’s missile power.
The new sanctions came after Iran’s Revolutionary Guards launched several ballistic missiles on March 8 and 9. The launches appeared to be inconsistent with U.N. Security Council Resolution 2231, which bans Iran from testing ballistic missiles capable of carrying nuclear warheads. Iran, however, has argued that its missile program is defensive in nature. The following are statements from Iranian officials on Iran's ballistic missile program.
Supreme Leader Ayatollah Ali Khamenei
“The global arrogance utilizes political, economic, cultural, and military means to undermine the Islamic Republic and the nation. A reality as such should never be overlooked.”
“They use dialog, economic relations, sanctions, military threat, and other means to realize their objectives. Likewise, we should make optimum use of all these tools to fight back and defend.”
“If the Islamic establishment seeks technology and negotiations but does not have defensive power, it will have to back down in the face of any petty country that appears as a threat.”
“That they say the future of the world is one of negotiation and not one of missiles... if this is said out of ignorance, well it is ignorance. However, if this is said knowingly, then it is treason.”
“The Islamic Republic must utilize every tool…I am not opposed to political dialog, not with everyone of course. I am fine with political dialog on the level of global issues. These are times of both missiles and negotiations.”
“Negotiations should be carried out in such a way that we do not get a raw deal…That we negotiate, put things on paper, but sanctions are not removed, and trade doesn’t get going, it shows something is wrong.”
March 30, 2016, in a speech
President Hassan Rouhani
Rouhani"We will pursue any measure to boost our defense might and this is a strategic policy.”
"But at the same time we should remain vigilant so that Iran's enemies do not find any excuse to take advantage of the situation."
March 28, 2016, according to the press
Foreign Minister Mohammad Javad Zarif
Zarif“We will respond to recent US measures against Iran’s missile program by further boosting our missile power.”
Tehran has no limitations on developing its missile program “because this program has nothing to do with nuclear weapons.”
March 26, 2016, according to the press
"Since we do not have nuclear warheads and we have undertaken not to develop them, and the international community has put in place the best mechanisms money can buy in order to make sure that we do not develop nuclear weapons... we do not design any missiles to carry things we do not have. So these missiles do not fall within the purview of (resolution) 2231 and they are not illegal.”
March 15, 2016, according to the press
Defense Minister General Hossein Dehghan

"Americans are basically against any increase in the national power of the Islamic Republic of Iran in any dimension."
"All the missile test-firings and maneuvers are held according to pre-scheduled plans and are meant to measure the level of defensive readiness and capabilities."
 March 30, 2016, according to the press
“I am certain that the Security Council and the United Nations will not respond as our actions are neither a breach of the Joint Comprehensive Plan of Action (the July nuclear deal) nor are they against Resolution 2231."
 March 31, 2016, according to the press
Deputy Chief of Staff of the Armed Forces Brigadier General Massoud Jazayeri
"The US calculations about the Islamic Republic and the Iranian nation are fully incorrect."
"The White House should know that defense capacities and missile power, specially at the present juncture where plots and threats are galore, is among the Iranian nation's redlines and a backup for the country's national security and we don’t allow anyone to violate it." 
 April 4, 2016, according to the press
Secretary of the Expediency Council Mohsen Rezaei 
"Iran's missiles serve deterrent purposes and if we lose them, we will be attacked."
 March 31, 2016, according to the press
IRGC Brigadier General Amir Ali Hajizadeh
"Even if they build a wall around Iran, our missile program will not stop.”
"They are trying to frighten our officials with sanctions and invasion. This fear is our biggest threat."
March 28, 2016, according to the press
Ambassador to the United Nations Gholam Ali Khoshroo
The missile tests were “part of efforts by the country’s Armed Forces to strengthen its legitimate defense capabilities.”
March 26, 2016, according to the press
“Iran, as a country living in the most unstable and volatile region of the world, is fully entitled to build a credible conventional capability to deter and defend against any aggression.”
March 25, 2016, according to the press

Click here to read more on Iran's missile launches in March.

Click here to read more on the latest U.S. sanctions on Iran's ballistic missile program. 


Obama on Iran at Nuclear Security Summit

On April 1, President Barack Obama said that the nuclear deal has “achieved a substantial success” during a meeting with leaders from the world’s six major powers on the sidelines of the 4th Nuclear Security Summit. But Obama also claimed in remarks to the press that Iran has undermined the "spirit" of the agreement by engaging in "provocative actions" such as ballistic missile tests. Leaders from more than 50 countries convened in Washington, DC on March 31 and April 1 for the summit, where they discussed measures to secure nuclear materials and prevent nuclear terrorism.The following are Obama’s comments on Iran during the summit.
It is a pleasure to be here with our P5+1 partners, the European Union, and Director General Amano of the International Atomic Energy Agency.  Because of the nations that are represented here today, we achieved a historic deal to prevent Iran from obtaining a nuclear weapon.  And today is an opportunity to review progress as that deal continues to be implemented. 
Our work together is a key part of the comprehensive agenda that I outlined in Prague seven years ago -- stopping the spread of nuclear weapons and seeking the long-term vision of a world without them.  That included strengthening the global regime that prevents the spread of nuclear weapons.  And one of the greatest tests of that regime was Iran’s nuclear program.  After nearly two years of intensive negotiations, backed by strong sanctions, the countries represented in this room achieved what decades of animosity and rhetoric did not -- a long-term deal that closes off every possible path to building a nuclear weapon, and subjects Iran to the most comprehensive nuclear inspections ever negotiated.
And thanks to this deal, we have seen real progress.  Already, Iran has dismantled two-thirds of its installed centrifuges.  Iran has shipped 98 percent of its enriched uranium stockpile out of Iran.  Iran has removed the Arak reactor core and filled it with concrete.  If Iran were to cheat, the breakout time to build a nuclear weapon has gone from two to three months to about a year.
In January, the IAEA verified that Iran had fulfilled key commitments of the deal.  And today, Director General Amano will update us on implementation.  Our nations have lifted nuclear-related sanctions and it will take time for Iran to reintegrate into the global economy, but Iran is already beginning to see the benefits of this deal. 
I think it's important to note that this deal does not resolve all of our differences with Iran, including destabilizing activities in the region.  Except for limited exceptions, the U.S. trade embargo on Iran remains in place.  And we also continue to vigorously enforce sanctions pertaining to Iran’s support for terrorism, human rights abuses, and ballistic missile programs.  That's U.S. policy.  But what this group -- that doesn’t agree on all aspects of policy -- does agree on is that this deal has achieved a substantial success, and focused on the dangers of nuclear proliferation in an effective way.
The road to this deal was not easy.  It took commitment, diplomacy, hard work.  It took the leaders and countries gathered around this table coming together and working out our own differences in approach.  Full and continued implementation is going to take the same kind of cooperation and consultation.  But I am extremely grateful to our partners in this effort. 
Even as we continue to face nuclear threats around the world -- which is the topic of this summit -- this deal does remind us that when the international community stands as one, we can advance our common security. 
So I want to thank all the leaders who are gathered here, the countries who are participating, Director General Amano.  This is a success of diplomacy that hopefully we'll be able to copy in the future.
 – April 1, 2016, at a meeting with P5+1 leaders
We’ve succeeded in uniting the international community against the spread of nuclear weapons, notably in Iran. A nuclear-armed Iran would have constituted an unacceptable threat to our national security and that of our allies and partners. It could have triggered a nuclear arms race in the Middle East and begun to unravel the global nonproliferation regime.
After Iran initially rejected a diplomatic solution, the United States mobilized the international community to impose sanctions on Iran, demonstrating that nations that fail to meet their nuclear obligations will face consequences. After intense negotiations, Iran agreed to a nuclear deal that closes every single one of its paths to a nuclear weapon, and Iran is now being subjected to the most comprehensive inspection regimen ever negotiated to monitor a nuclear program. In other words, under this deal, the world has prevented yet another nation from getting a nuclear bomb. And we’ll remain vigilant to ensure that Iran fulfills its commitments.
– March 30, 2016, in a Washington Post op-ed

"They [Iran] have, in fact, based on the presentations that were made by the IAEA this morning to the P5+1, have, in fact, followed the implementation steps that were laid out.  And as a consequence, sanctions related to their nuclear program have been brought down.  Part of the challenge that they face is that companies haven’t been doing business there for a long time, and they need to get comfortable with the prospects of this deal holding.
"One of the things that Secretary Lew and his counterparts within the P5+1 and elsewhere are going to be doing is providing clarity to businesses about what transactions are, in fact, allowed.  And it’s going to take time over the next several months for companies and their legal departments to feel confident that, in fact, there may not be risks of liability if they do business with Iran.
"And so some of the concerns that Iran has expressed we are going to work with them to address.  It is not necessary that we take the approach of them going through dollar-denominated transactions.  It is possible for them to work through European financial institutions, as well.  But there is going to need to be continued clarification provided to businesses in order to -- for deal flows to begin.
"Now, what I would say is also important is Iran’s own behavior in generating confidence that Iran is a safe place to do business.  In a deal like this, my first priority, my first concern was making sure that we got their nuclear program stopped, and material that they already had that would give them a very short breakout capacity, that that was shipped out.  That has happened.  And I always said that I could not promise that Iran would take advantage of this opportunity and this window to reenter the international community.
"Iran, so far, has followed the letter of the agreement.  But the spirit of the agreement involves Iran also sending signals to the world community and businesses that it is not going to be engaging in a range of provocative actions that might scare business off.  When they launched ballistic missiles with slogans calling for the destruction of Israel that makes businesses nervous.  There is some geopolitical risk that is heightened when they see that taking place.
"If Iran continues to ship missiles to Hezbollah, that gets businesses nervous.  And so part of what I hope happens is we have a responsibility to provide clarity about the rules that govern so that Iran can, in fact, benefit, the Iranian people can benefit from an improved economic situation.  But Iran has to understand what every country in the world understands, which is businesses want to go where they feel safe, where they don't see massive controversy, where they can be confident that transactions are going to operate normally.  And that's an adjustment that Iran is going to have to make as well.
"And, frankly, within Iran, I suspect there are different views.  In the same way that there are hardliners here in the United States who, even after we certify that this deal is working, even after our intelligence teams, Israeli intelligence teams say this has been a game-changer, are still opposed to the deal on principle, there are hardliners inside of Iran who don't want to see Iran open itself up to the broader world community and are doing things to potentially undermine the deal.
"And so those forces that seek the benefits of the deal not just in narrow terms but more broadly, we want to make sure that, over time, they're in a position to realize those benefits."
 – April 1, 2016, in remarks to the press following the Nuclear Security Summit

Poll: Iranian Opinions on Rouhani, Elections

The majority of Iranians hold favorable views of President Hassan Rouhani and voted for his supporters in the February elections for Parliament and the Assembly of Experts, according to a new poll by the Center for International and Security Studies at Maryland (CISSM), working in conjunction with the Program for Public Consultation and IranPoll.com. Around 63 percent of respondents voted for pro-Rouhani candidates, compared to 22 percent who voted for his critics. Rouhani’s overall favorability rating is 84 percent. But the number of Iranians expressing a “very favorable” view of Rouhani fell from 61 percent in August 2015 to 40 percent in the recent poll. 

Regarding the nuclear deal, a majority of Iranians – 72 percent – approve of the agreement. But only 29 percent are confident that the United States will comply with its obligations under the deal, compared to 45 percent in September 2015. The following are key results from two telephone polls of around 1,000 Iranians conducted from Feb. 15 to Feb. 24, 2016 and from March 3 to March 13, 2016.
Views of the Conduct of the February 2016 Majlis Elections
Four in ten Iranians say the Majlis (Iran’s Parliament) elections were very fair, and another four in ten think they were somewhat free and fair. Also, eight in ten say they were at least somewhat satisfied with the final makeup of the candidates for whom they could vote.
Views of the Outcome of the Majlis Elections: President Rouhani & his Critics
A large majority of Iranians say they voted for candidates who were supporters of President
Hassan Rouhani. Rouhani still enjoys high levels of popular support in Iran. Nearly eight in ten Iranians continue to have a favorable opinion of Rouhani. Yet the percentage saying they have a very favorable opinion has consistently eroded since August 2015, soon after the nuclear deal was reached. Two thirds support greater economic engagement with the West—a Rouhani agenda. While views about the current economic situation have not improved, optimism has grown, with more than half now thinking that the economy is getting better.
Views of the Outcome of the Majlis Elections: Principlist, Reformist, and Independents
In terms of the preferred candidates’ political orientation, roughly equal proportions say they voted for the Principlists, Reformists, and independents. While those who voted for Reformist candidates were more likely to say they voted for pro-Rouhani candidates, a majority in all three groups said they voted for pro-Rouhani candidates, suggesting that Rouhani’s support is broadbased.
Priorities of the Next Majlis
The most important issues Iranians want the new Majlis to tackle are unemployment and Iran’s low-performing economy. Majorities are optimistic that the new Majlis will move Iran in the right direction. Majorities also express confidence that the new Majlis will be successful in reducing Iran’s unemployment, improving its relations with other countries, and improving its security.
Civil Liberties in Iran
Two in three Iranians believe that it is important for President Rouhani to seek to increase civil liberties in Iran, and seven in ten are hopeful that the next parliament will be successful in this.
However, only one in eight complain that Iranians have too little freedom. Three in four continue to think that Iranian policymakers should take religious teachings into account when they make decisions.
Approval for the Nuclear Deal
Seven in ten Iranians approve of the nuclear deal Iran and the P5+1 countries reached in July 2015. However, the percentage saying they strongly favor the deal has declined substantially. Also, views of the deal have become more aligned with political attitudes: while a large majority of those who favored pro-Rouhani’s candidates continue to favor the deal, among those who favored Rouhani’s critics, support has declined so that views are now divided. Iranians are also becoming increasingly less confident that the United States will live up to its obligations under the nuclear deal. Despite their endorsement of the deal, four in five Iranians see the development of an Iranian nuclear program as very important.
Iran’s Involvement in the Region
Majorities think Iran should increase the role it plays in the region, its support of groups fighting ISIS, and its support for the government of Bashar Assad. At the same time, eight in ten Iranians approve of Iran participating in the international talks on the conflict in Syria, and an overwhelming majority approve of Iran collaborating with other countries to end the conflict in Syria. Although as recently as last August, a clear majority approved of direct Iranian cooperation with the US to counter ISIS in Iraq, yet views are now divided.
Click here for more information.

US Indicts Iranians Suspected of Cyberattacks

On March 24, the U.S. Justice Department unsealed an indictment against seven Iranian computer experts suspected of cyberattacks on American entities between 2011 and 2013. The alleged hackers targeted 46 American financial institutions, disrupting services and disabling bank websites. One of them is accused of attempting to access the control system of the Bowman Avenue Dam in New York in 2013. All of the suspects worked for private companies with links to the Islamic Revolutionary Guard Corps.

Iranian Foreign Ministry Spokesperson Hossein Jaberi Ansari criticized the indictments, claiming that the United States “is not in any position to charge citizens of other countries, not least Iran’s, without providing any documentary evidence." He added that “Iran has never had dangerous actions in cyberspace on its agenda nor has it ever supported such actions." The following is a press release from the Justice Department on the indictments.

A grand jury in the Southern District of New York indicted seven Iranian individuals who were employed by two Iran-based computer companies, ITSecTeam (ITSEC) and Mersad Company (MERSAD), that performed work on behalf of the Iranian Government, including the Islamic Revolutionary Guard Corps, on computer hacking charges related to their involvement in an extensive campaign of over 176 days of distributed denial of service (DDoS) attacks.
Ahmad Fathi, 37; Hamid Firoozi, 34; Amin Shokohi, 25; Sadegh Ahmadzadegan, aka Nitr0jen26, 23; Omid Ghaffarinia, aka PLuS, 25; Sina Keissar, 25; and Nader Saedi, aka Turk Server, 26, launched DDoS attacks against 46 victims, primarily in the U.S financial sector, between late 2011 and mid-2013.  The attacks disabled victim bank websites, prevented customers from accessing their accounts online and collectively cost the victims tens of millions of dollars in remediation costs as they worked to neutralize and mitigate the attacks on their servers.  In addition, Firoozi is charged with obtaining unauthorized access into the Supervisory Control and Data Acquisition (SCADA) systems of the Bowman Dam, located in Rye, New York, in August and September of 2013.
The indictment was announced today by Attorney General Loretta E. Lynch, Director James B. Comey of the FBI, Assistant Attorney General for National Security John P. Carlin and U.S. Attorney Preet Bharara of the Southern District of New York.
“In unsealing this indictment, the Department of Justice is sending a powerful message: that we will not allow any individual, group, or nation to sabotage American financial institutions or undermine the integrity of fair competition in the operation of the free market,” said Attorney General Lynch.  “Through the work of our National Security Division, the FBI, and U.S. Attorney’s Offices around the country, we will continue to pursue national security cyber threats through the use of all available tools, including public criminal charges.  And as today’s unsealing makes clear, individuals who engage in computer hacking will be exposed for their criminal conduct and sought for apprehension and prosecution in an American court of law.”
“The FBI will find those behind cyber intrusions and hold them accountable — wherever they are, and whoever they are,” said Director Comey.  “By calling out the individuals and nations who use cyber attacks to threaten American enterprise, as we have done in this indictment, we will change behavior.”
“Like past nation state-sponsored hackers, these defendants and their backers believed that they could attack our critical infrastructure without consequence, from behind a veil of cyber anonymity,” said Assistant Attorney General Carlin.  “This indictment once again shows there is no such veil – we can and will expose malicious cyber hackers engaging in unlawful acts that threaten our public safety and national security.”
“The charges announced today respond directly to a cyber-assault on New York, its institutions and its infrastructure,” said U.S. Attorney Bharara.  “The alleged onslaught of cyber-attacks on 46 of our largest financial institutions, many headquartered in New York City, resulted in hundreds of thousands of customers being unable to access their accounts and tens of millions of dollars being spent by the companies trying to stay online through these attacks.  The infiltration of the Bowman Avenue dam represents a frightening new frontier in cybercrime.  These were no ordinary crimes, but calculated attacks by groups with ties to Iran’s Islamic Revolutionary Guard and designed specifically to harm America and its people.  We now live in a world where devastating attacks on our financial system, our infrastructure and our way of life can be launched from anywhere in the world, with a click of a mouse.  Confronting these types of cyber-attacks cannot be the job of just law enforcement.  The charges announced today should serve as a wake-up call for everyone responsible for the security of our financial markets and for guarding our infrastructure.  Our future security depends on heeding this call.”
According to the indictment unsealed today in federal court in New York City:
DDoS Attacks
The DDoS campaign began in approximately December 2011, and the attacks occurred only sporadically until September 2012, at which point they escalated in frequency to a near-weekly basis, between Tuesday and Thursdays during normal business hours in the United States.  On certain days during the campaign, victim computer servers were hit with as much as 140 gigabits of data per second and hundreds of thousands of customers were cut off from online access to their bank accounts. 
Fathi, Firoozi and Shokohi were responsible for ITSEC’s portion of the DDoS campaign against the U.S. financial sector and are charged with one count of conspiracy to commit and aid and abet computer hacking.  Fathi was the leader of ITSEC and was responsible for supervising and coordinating ITSEC’s portion of the DDoS campaign, along with managing computer intrusion and cyberattack projects being conducted for the government of Iran.  Firoozi was the network manager at ITSEC and, in that role, procured and managed computer servers that were used to coordinate and direct ITSEC’s portion of the DDoS campaign.  Shokohi is a computer hacker who helped build the botnet used by ITSEC to carry out its portion of the DDoS campaign and created malware used to direct the botnet to engage in those attacks.  During the time that he worked in support of the DDoS campaign, Shokohi received credit for his computer intrusion work from the Iranian government towards his completion of his mandatory military service requirement in Iran.
Ahmadzadegan, Ghaffarinia, Keissar and Saedi were responsible for managing the botnet used in MERSAD’s portion of the campaign, and are also charged with one count of conspiracy to commit and aid and abet computer hacking.  Ahmadzadegan was a co-founder of MERSAD and was responsible for managing the botnet used in MERSAD’s portion of the DDoS campaign.  He was also associated with Iranian hacking groups Sun Army and the Ashiyane Digital Security Team (ADST), and claimed responsibility for hacking servers belonging to the National Aeronautics and Space Administration (NASA) in February 2012.  Ahmadzadegan has also provided training to Iranian intelligence personnel.  Ghaffarinia was a co-founder of MERSAD and created malicious computer code used to compromise computer servers and build MERSAD’s botnet.  Ghaffarinia was also associated with Sun Army and ADST, and has also claimed responsibility for hacking NASA servers in February 2012, as well as thousands of other servers in the United States, the United Kingdom and Israel.  Keissar procured computer servers used by MERSAD to access and manipulate MERSAD’s botnet, and also performed preliminary testing of the same botnet prior to its use in MERSAD’s portion of the DDoS campaign.  Saedi was an employee of MERSAD and a former Sun Army computer hacker who expressly touted himself as an expert in DDoS attacks.  Saedi wrote computer scripts used to locate vulnerable servers to build the MERSAD botnet used in its portion of the DDoS campaign.
For the purpose of carrying out the attacks, each group built and maintained their own botnets, which consisted of thousands of compromised computer systems owned by unwitting third parties that had been infected with the defendants’ malware, and subject to their remote command and control.  The defendants and/or their unindicted co-conspirators then sent orders to their botnets to direct significant amounts of malicious traffic at computer servers used to operate the websites for victim financial institutions, which overwhelmed victim servers and disabled them from customers seeking to legitimately access the websites or their online bank accounts.  Although the DDoS campaign caused damage to the financial sector victims and interfered with their customers’ ability to do online banking, the attacks did not affect or result in the theft of customer account data.
DDoS Botnet Remediation
Since the attacks, the Department of Justice and the FBI have worked together with the private sector to effectively neutralize and remediate the defendants’ botnets.  Specifically, through approximately 20 FBI Liaison Alert System (FLASH) messages, the FBI regularly provided updated information collected from the investigation regarding the identity of systems that been infected with the defendants’ malware and operating as bots within the malicious botnets.  In addition, the FBI conducted extensive direct outreach to Internet service providers responsible for hosting systems that have been infected with the defendants’ malware to provide them information and assistance in removing the malware to protect their customers and other potential victims of the defendants’ unlawful cyber activities.  Through these outreach efforts and the cooperation of the private sector, over 95 percent of the known part of the defendants’ botnets have been successfully remediated.
Bowman Dam Intrusion
Between Aug. 28, 2013, and Sept. 18, 2013, Firoozi repeatedly obtained unauthorized access to the SCADA systems of the Bowman Dam, and is charged with one substantive count of obtaining and aiding and abetting computer hacking.  This unauthorized access allowed him to repeatedly obtain information regarding the status and operation of the dam, including information about the water levels, temperature and status of the sluice gate, which is responsible for controlling water levels and flow rates.  Although that access would normally have permitted Firoozi to remotely operate and manipulate the Bowman Dam’s sluice gate, Firoozi did not have that capability because the sluice gate had been manually disconnected for maintenance at the time of the intrusion.
Remediation for the Bowman Dam intrusion cost over $30,000.
* * *
All seven defendants face a maximum sentence of 10 years in prison for conspiracy to commit and aid and abet computer hacking.  Firoozi faces an additional five years in prison for obtaining and aiding and abetting unauthorized access to a protected computer at the Bowman Dam.
An indictment is merely an accusation and all defendants are presumed innocent unless proven guilty in a court of law.
The case was investigated by the FBI, including the Chicago; Cincinnati; New York; Newark, New Jersey; Phoenix; and San Francisco Field Offices.  This case is being prosecuted by Assistant U.S. Attorney Timothy T. Howard of the Southern District of New York, with the substantial assistance of Deputy Chief Sean M. Newell of the National Security Division’s Counterintelligence and Export Control Section.
Click here to read the full indictment

Connect With Us

Our Partners

Woodrow Wilson International Center for Scholars Logo