On Thursday March 24, 2016 the courts unsealed an indictment on seven Iranian government contractors for committing distributed denial-of-service (DDoS) attacks against 46 Wall Street financial institutions between 2011 and 2013. These same enemy combatants also penetrated a remote monitoring and control system (SCADA) that operates a dam some 20 miles outside of New York City.
The unsealed documents stated:
The U.S. Financial Industry DDoS Attacks impacted, at a minimum, approximately 46 major financial institutions and other financial-sector corporations in the United States over a total of at least approximately 176 days of DDoS attacks. On certain days during these attacks, hundreds of thousands of customers were unable to access their bank accounts online. As a result of these attacks, those victim institutions incurred tens of millions of dollars in remediation costs as they worked to mitigate and neutralize the attacks on their computer servers.
I refer to these seven as enemy combatants because they worked for two Iranian private security firms contracted by Iran’s government intelligence, the Islamic Revolutionary Guard Corps.
While the attacks are horrible, and it’s a good thing these spies were caught, should the case have been sealed?
One argument for not sealing the case to begin with is that tech companies like Microsoft, Cisco, Palo Alto, McAfee, etc. would have available data to provide better solutions. In addition I.T. departments around the world would be better informed when engineering their security. On the flip side revealing the information could have caused a major scare on Wall Street with severe market repercussions. But even worse than that, it may have provided a how to guide for other would be spies and criminals.
What would you do, seal or unseal?