9 Iranian hackers charged with hacking universities & stealing secrets

The US Justice Department charged nine Iranian nationals with allegedly hacking on behalf of Islamic Revolutionary Guard Corps (a branch of Iran’s armed forces) on Friday.

The nice individuals compromised hundreds of US firms and academic institutions and managed to steal over secrets as well as other sensitive data. The hacking spree took place in 2013 while the accused were identified to have links to an Iranian firm Mabna Institute.

More: Iranian StoneDrill Malware Destroying Everything on Infected Computers

The Justice Department has announced these charges at the same time when the Treasury Department announced imposing of sanctions on the 9 Iranian citizens and the Mabna Institute for hacking. In February, the indictment was returned by a federal grand jury in Manhattan but it was unsealed on Friday.

As per the statement issued by US Treasury’s, Sigal Mandelker: “Iran is engaged in an ongoing campaign of malicious cyber activity against the United States and our allies, the IRGC outsourced cyber intrusions to The Mabna Institute, a hacker network that infiltrated hundreds of universities to steal sensitive data.”

As of now, Iran’s Mission to the United Nations’ officials has not released any statement regarding the charging of 9 individuals.

According to the indictment, which was unsealed on Friday, the investigation revealed that Iranian government carried out a systematic and methodical hacking campaign. In this campaign, computer networks within the US were targeted with the intention of stealing as much information as possible. The case is believed to be one of the largest state-sponsored hacking campaigns that the Justice Department ever prosecuted.

It is also concluded that the primary objective behind the launching of this campaign was to steal trade secrets and academic research data. Not just the companies and institutions within the US but the UK, Canada, Germany, China, Japan, Australia, Israel and South Korea were also targeted.

In total, the Mabna Institute managed to steal over 31 TB of “academic data and intellectual property from universities,” and email accounts of government and non-government agencies and private sector employees were also hacked, the indictment revealed.

Since 2013, nearly 15 billion pages of valuable information have been stolen while at least 144 US universities and 176 universities across 21 countries were attacked. Furthermore, 47 local and international private sector firms and key US institutions including the Labour Department, the Federal Energy Regulatory Commission, states of Indiana and Hawaii were targeted along with the United Nations and the United Nations Children’s Fund.

The campaign involved sending out phishing emails to around 100,000 professors, the majority of whom were located in the US and had special expertise in science and engineering fields. Through these emails, 8,000 logins from across the world were obtained half of which were also from the US universities. The hacked material was downloaded and sold to two Iranian websites namely Megapaper.ir and Gigapeper.ir.

US Charge 9 Iranian Hackers for Hacking Companies & Stealing Secrets

One of the 9 individuals, Behzad Mesri, was charged in November with illegally obtaining sensitive materials including unreleased scripts of Game of Thrones and taunted HBO staff by hacking their emails and uploading the message “Hi All Losers!” He was also accused of accessing HBO’s computer servers and demand ransom of $6 million in Bitcoin. Mesri, allegedly, is connected to Iranian military and has been a member of Turk Black Hat security team, a group of hackers based in Iran.

It is also reported that all the 9 individuals were either hired by the Mabna Institute or were in some manner associated with the Iran-based consulting firm. Mabna Institute has branches in Tehran and Barcelona but Deputy Attorney General Rod Rosenstein claims that the company was hired by the IRGC for conducting the hacks. Rosenstein asserts that the purpose of the hack was to provide Iranian businesses exclusive information from US sources.

“By bringing these criminal charges, we reinforce a norm that most of the civilized world accepts: nation-states should not steal intellectual property for the purpose of giving domestic industries a competitive advantage,” Rosenstein added.

More: Mac malware from Iran targeting US defense industry, human rights activist

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.