Advertisement

Iranian hacker indictment part of U.S. "name and shame" tactic

 
Published March 26, 2016

WASHINGTON — The indictment charging seven Iranian hackers with attacking dozens of banks and a small dam near New York City is part of a strategy to "name and shame" foreign governments that support such attacks, the Justice Department's top national security official said Friday.

Where punishing cyberattacks were once investigated mostly for intelligence purposes, U.S. officials are increasingly investigating them with an eye toward building a criminal prosecution and identifying by name the hackers believed responsible — and the foreign nation that may be sponsoring them.

"We need to show that these are not anonymous, that there's no free pass because you do it behind a keyboard in a country far away," Assistant Attorney General John Carlin, the head of the department's national security division, said in an interview with the Associated Press.

U.S. officials say the strategy, in place since 2012, also is demonstrated in indictments two years ago linking Chinese military hackers to economic espionage of American corporations and in the public blaming of North Korea for a cyberattack against Sony Pictures Entertainment.

The goal, Carlin said, is to have a new "sheriff" patrolling a cyberspace that he says has long resembled the Wild West, where foreign hackers have acted with impunity.

"If you let someone walk across your lawn long enough and don't tell them to stop, they get the right to walk across your lawn," he said.

It's hard to prove the strategy's effectiveness, or whether such indictments actually lead to a decrease in hacking attempts. It's also unclear whether any of the Iranian hackers will ever be apprehended. The five Chinese defendants indicted on similar charges in May 2014 have yet to appear in an American courtroom.