The US Department of Justice has charged nine Iranians with hacking hundreds of American university, government and corporate email accounts and computer systems as part of a widespread cyber attack they saY was ordered by the Iranian government.
The nine men all worked for a company called the MaBna Institute which, according to prosecutors, launched a ‘coordinated campaign of cyber intrusions’ which began in 2013 and harvested 31 terabytes of data.
Together they got into systems which belong to 144 U.S. universities, 176 foreign universities, 47 domestic and foreign private sector companies, the U.S. Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the United Nations, and the United Nations Children’s Fund.
Australia, Canada, China, Denmark, Finland, Germany, Ireland, Israel, Italy, Japan, Malaysia, Netherlands, Norway, Poland, Singapore, South Korea, Spain, Sweden, Switzerland, Turkey and the United Kingdom were also targeted.
Among the companies which were targeted were entertainment and news corporations, technology companies and banking firms.
None are named in the indictment but all have been notified by the FBI.
According to the Justice Department, the value of the information they stole from US universities alone was $3.4billion.
Officials say the hack was ordered by the Iranian Revolutionary Guard Corps, a branch of the country’s military. The information was also sold privately throughout Iran to state universities.
Scroll down for full indictment
These are the nine Iranians who have been charged with hacking into US and foreign government systems to steal 31 terabytes of information valued at at least $3.4billion from 2013, allegedly at the behest of the Iranian government
US Deputy Attorney General Rod Rosenstein announced the charges at a press conference in Washington DC on Friday
In response to the indictment, the Treasury has imposed a list of sanctions against the men and the company.
The men were all named at a press conference held by US Deputy Attorney General Rod J. Rosenstein on Friday.
U.S. Attorney Geoffrey S. Berman for the Southern District of New York described the effort as ‘one of the largest state-sponsored hacking sprees in history’ in a statement on Friday.
WHO WAS TARGETED
US Department of Labor
Federal Energy Regulatory Commission
State of Hawaii
State of Indiana
State of Indiana Department of Education
United Nations Children’s Fund
Three academic publishers
Two media and entertainment companies
One law firm
11 tech firms
Five consulting firms
Two banking and investment firms
Two online car sales companies
One healthcare company
One employee benefit company
One industrial machinery company
One biotech company
One stock images company
176 universities and 11 private companies were targeted abroad. Those victims are spread across;
The individuals charged are Gholamreza Rafatnejad, 38; Ehsan Mohammadi, 37; Abdollah Karima, aka Vahid Karima, 39; Mostafa Sadeghi, 28; Seyed Ali Mirkarimi, 34; Mohammed Reza Sabahi, 26; Roozbeh Sabahi, 24; Abuzar Gohari Moqadam, 37; and Sajjad Tahmasebi, 30.
‘These nine Iranian nationals allegedly stole more than 31 terabytes of documents and data from more than 140 American universities, 30 American companies, five American government agencies, and also more than 176 universities in 21 foreign countries,’ Rosenstein said.
‘For many of these intrusions, the defendants acted at the behest of the Iranian government and, specifically, the Iranian Revolutionary Guard Corps.
‘The Department of Justice will aggressively investigate and prosecute hostile actors who attempt to profit from America’s ideas by infiltrating our computer systems and stealing intellectual property.
‘This case is important because it will disrupt the defendants’ hacking operations and deter similar crimes,’ he added.
They men were all hit with sanctions as was the Mabna Institute which operates out of the Iranian city of Shiraz.
The company acted at the behest of the Iranian Revolutionary Guard Corps, a branch of the country’s armed forces.
The company was founded in 2013 with the intention of ‘stealing access to non-Iranian scientific resources. access to non-Iranian scientific resources,’ according to the Department of Justice.
Some of the men accused were ‘hackers-for-hire’ who were brought on specifically to target America’s ‘greatest minds’, they said.
Among their techniques was to pose as professors from other universities to send spear phishing emails to other professionals.
The hackers sent links to other articles they said they would find interesting, and if the victim clicked on it, they would be sent to a fake internet page made to look like the homepage of the university they worked for.
It made the victim think they had been logged out of their account and prompted them to reenter their details. Once they re-entered the credentials, the hackers obtained them.
100,000 professors around the world were targeted and around half worked at US universities.
Around 8,000, including 3,700 in the US, fell for the scam and had their data compromised.
Not only was the information given to the military, but prosecutors say it was privately sold throughout Iran.
According to the indictment, the hack was ordered by the Iranian Revolutionary Guard Corps, a branch of the Iranian military whose soldiers are pictured above
All nine of the men are now considered fugitives, Rosenstein said at a press conference on Friday
The indictment is the latest show of poor relations between Trump and Iran. Iranian president Hassan Rouhani is pictured (right)
Thirty-six private companies around the world were also targeted.
They are based in the US, Germany, Sweden, Switzerland, Italy and the UK.
HOW THEY DID IT
The Iranian hackers employed two techniques to steal the information; spear phishing emails and password spraying
To target the univerisites, hackers posed as other professors from different institutions and emailed links which appeared to be for academic articles to their victims.
Once the victims clicked on the link, they were taken to a fake page which appeared to be the homepage of their own university. It asked them for their log-in details and suggested they had been logged out of their account.
If the professors re-entered their credentials, the hackers were able to see them and kept a record.
Of the 100,000 professors targeted around the world, 3,700 in the US and another 4,000 abroad fell for it.
To gain access to the email accounts of people in private corporations, government agencies and NGOs, the hackers simply guessed their passwords based on commonly-used words.
Once they were in, they were able to extract entire mailboxes and set up automatic forwarding systems so that they would see any future outgoing or incoming emails.
Those companies include; Three academic publishers, two media and entertainment companies, one law firm, 11 technology firms, five consulting firms, four marketing firms, two banking and investment firms, two online car sales companies, one healthcare company, one employee benefit company, one industrial machinery company, one biotechnology company and one stock images company.
Those companies were targeted using a technique known as ‘password spraying’ when hackers guessed their passwords to gain access to accounts.
They pillaged their email accounts, sometimes emptying entire mailboxes and setting up a forwarding system so the hackers would see any outgoing and incoming mail after the initial breach.
The charges are the latest indicator of Trump’s crusade against Iran which he previously described as one of ‘the world’s leading state sponsor of terror.’
The action is the fourth time in the past few months that the administration of U.S. President Donald Trump has blamed a foreign government for major cyber attacks, a practice that was relatively rare under the Obama administration.
Last week, the administration accused the Russian government of cyber attacks stretching back at least two years that targeted the U.S. power grid. Washington imposed new sanctions on 19 Russians and five groups, including Moscow´s intelligence services, for meddling in the 2016 U.S. presidential election and other cyber attacks.
The Obama administration in 2016 indicted seven Iranians for distributed-denial-of-service attacks on dozens of U.S. banks and for trying to shut down a New York dam.
Those hackers were also accused of working on behalf of Iran’s government.