Nine Iranian hackers working on behalf of the Iranian government have been charged by U.S. prosecutors with carrying out a years-long cybercampaign to steal valuable research and other proprietary data from hundreds of American and foreign universities, private companies, and government and nongovernmental institutions.
The charges, announced by senior law enforcement officials in Washington, represent the latest and one of the largest Iranian hacking conspiracies uncovered by U.S. authorities in recent years. They come as the administration of President Donald Trump steps up pressure on Tehran over its nuclear and terrorism-related activities.
Deputy Attorney General Rod Rosenstein said the hackers’ campaign, which started in 2013 and continued through at least December 2017, compromised the computer systems of 320 universities in 22 countries, including 144 American universities, and resulted in the theft of massive quantities of research that cost the schools about $3.4 billion.
The cyberattack was carried out by hackers working for the Mabna Institute, a Tehran-based company founded by two of the perpetrators. They remain at large.
“Academic institutions are prime targets for foreign cybercriminals,” Rosenstein said. “Universities can thrive as marketplaces of ideas and engines of research and development only if their work is protected from theft.”
The foreign universities were located in Australia, Canada, China, Denmark, Finland, Germany, Ireland, Israel, Italy, Japan, Malaysia, the Netherlands, Norway, Poland, Singapore, South Korea, Spain, Sweden, Switzerland, Turkey and the United Kingdom, according to a grand jury indictment unsealed Friday.
The Mabna Institute was founded in 2013 by hackers Gholamreza Rafatnejad and Ehsan Mohammadi, with the aim of helping Iranian universities and other research organizations in stealing access to non-Iranian scientific research, according to the indictment.
Rosenstein said the hackers carried out the campaign on behalf of Iran’s Islamic Revolutionary Guard Corps., one of several Iranian intelligence-gathering entities, as well as other Iranian government institutions and universities.
Professors’ accounts
In addition to providing the data to the Iranian government, they also sold it through two websites. One site sold stolen research to Iranian universities and institutions. The other site sold stolen university professor accounts to customers that allowed them to directly access online library systems of American and foreign universities.
The Mabna Institute hackers used stolen account credentials to target the email accounts of about 100,000 professors around the world, ultimately gaining access to the accounts of about 8,000 professors.
Once they had gained control over their accounts, the hackers stole research and other academic data and documents, including academic journals, theses, dissertations, and electronic books.
The hackers stole about 31.5 terabytes 15 billion pages of academic data and intellectually property in a range of files — science, technology, engineering, social sciences, media and other professional fields — and transferred them to servers in Iran, officials said.
Among other institutions targeted by the hackers were 47 U.S. and foreign private companies, the U.S. Department of Labor, the Federal Energy Regulatory Commission, the states of Hawaii and Indiana, the United Nations, and the United Nations Children’s Fund, officials said.
“The Department of Justice will aggressively investigate and prosecute hostile actors who attempt to profit from America’s ideas by infiltrating our computer systems and stealing intellectual property,” Rosenstein said. “This case is important because it will disrupt the defendants’ hacking operations and deter similar crimes.”
U.S. sanctions
The alleged hackers, who remain at large, face one count of conspiracy to commit computer intrusions, one count of conspiracy to commit wire fraud, two counts of unauthorized access of a computer, two counts of wire fraud, and one count of aggravated identity theft.
The U.S. Treasury Department announced Friday that it was imposing sanctions on the Mabna Institute and 10 Iranians for the “malicious cyber enabled activity.”
The department has already sanctioned the Revolutionary Guards for supporting terrorism.
FBI Director Chris Wray said the indictment was meant as a “powerful message” to the Iranian government that “your acts do not go unnoticed.”
“We will protect our innovation, ideas and information, and we will use every tool in our toolbox to expose those who commit these cybercrimes,” Wray said. “Our memory is long; we will hold them accountable under the law, no matter where they attempt to hide.”
…