News WrapGet Handpicked Stories from our editors directly to your mailbox

US charges 9 Iranians with global hacking campaign

An Iranian firm allegedly stole data from 320 universities in the US and 21 other countries.

US charges 9 Iranians with global hacking campaign

Washington: The US today announced charges against nine Iranians for their massive hacking into over 300 universities worldwide and the theft of precious academic data and intellectual property.

The Justice Department indictment alleges that the defendants worked on behalf of the Iranian government, specifically the Islamic Revolutionary Guard Corps (IRGC).

They hacked the computer systems of nearly 320 universities in 22 countries, 144 are American universities, Deputy Attorney General Rod Rosenstein told reporters at a news conference here.

"The defendants stole research that cost those universities approximately USD 3.4 billion to procure and maintain. That stolen information was used by the Revolutionary Guard or sold for profit in Iran," he said.

The defendants worked for an organisation known as the Mabna Institute, which two of the defendants founded for the stated purpose of helping Iranian universities access scientific research.

Their work consisted of stealing research through illegal computer intrusions. The indictment charges defendants for committing seven federal crimes. The charges include computer fraud, wire fraud, conspiracy and identity theft, he said.

Rosenstein said every sector of the US economy was the target of malicious cyber-attacks. "Everyone who owns a computer needs to be vigilant to prevent attacks. Academic institutions are prime targets for foreign cybercriminals. Universities can thrive as marketplaces of ideas and engines of research and development only if their work is protected from theft," he said.

This indictment publicly identifies the conspirators and this type of public identification helps to deter state-sponsored computer intrusions by stripping hackers of their anonymity and by imposing real consequences, Rosenstein said.

Revealing the Mabna Institute's nefarious activities makes it harder for them to do business. "Additionally, we're working with foreign law enforcement agencies and providing the private sector with information that will help to neutralise Mabna's hacking infrastructure," he said.

As a result of the indictment, these defendants are now fugitives from justice. There are more than 100 countries where they may face arrest and extradition to the US.

According to the Department of Justice, Gholamreza Rafatnejad and Ehsan Mohammadi founded the Mabna Institute in 2013 to assist Iranian universities and scientific and research organisations in stealing access to non-Iranian scientific resources.

The Mabna Institute employed, contracted, and affiliated itself with hackers-for-hire and other contract personnel to conduct cyber intrusions to steal academic data, intellectual property, email inboxes and other proprietary data.

It contracted with both Iranian government and private entities to conduct hacking activities on their behalf, and specifically conducted the university spearphishing campaign on behalf of the IRGC.

According to the indictment, the Mabna Institute, through the activities of the defendants, targeted more than 100,000 accounts of professors around the world.

They successfully compromised approximately 8,000 professor email accounts across 144 US-based universities, and 176 universities located in foreign countries, including Australia, Canada, China, Denmark, Finland, Germany, Ireland, Israel, Italy, Japan, Malaysia, The Netherlands, Norway, Poland, Singapore, South Korea, Spain, Sweden, Switzerland, Turkey and the UK, it said.

"The campaign started in approximately 2013, continued through at least December 2017, and broadly targeted all types of academic data and intellectual property from the systems of compromised universities.

"Through the course of the conspiracy, US-based universities spent more than about USD 3.4 billion to procure and access such data and intellectual property," it said.