Attacks/Breaches

3/23/2018
11:30 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

DoJ Indicts 9 Iranians for Hacking into Hundreds of Universities, FERC, Dept. of Labor, Others

Suspects were operating on behalf of Iranian government and the Iranian Revolutionary Guard, US officials said.

The US Department of Justice today announced indictments of nine Iranian nationals for stealing more than 31 terabytes of data from over 140 universities, 30 companies, and five government agencies in the US as well as from victims in 21 other countries in one of the largest nation-state sponsored cyberattack campaigns ever prosecuted by the agency.

The alleged hackers worked on behalf of the Iranian government's Islamic Revolutionary Guard, under the guise of an Iranian company called the Mabna Institute, where they were leaders, contractors, associates or hired hackers for Mabna, which first launched the attacks in 2013. In addition to the 176 universities worldwide hit by the attackers, other victims included the US Department of Labor, the Federal Energy Regulatory Commission (FERC), the State of Hawaii, the State of Indiana, the United Nations, and the United Nations Children's Fund. 

Some 8,000 professors' accounts were hacked, and their stolen credentials and email passed to the IRGC as well as later sold in Iran via Megapaper.ir and Gigapaper.ir, websites where customers could access the online library systems of the hacked universities. 

The alleged hackers named in the indictment are Gholamreza Rafatnejad, Ehsan Mohammadi, Abdollah Karima aka Vahid Karima, Mostafa Sadeghi, Seyed Ali Mirkarimi, Mohammed Reza Sabahi, Roozbeh Sabahi, Abuzar Gohari Moqadam, and Sajjad Tahmasebi. They were each charged with multiple counts of conspiracy and unauthorized access to a computer, as well as aggravated identity theft. But prosecution depends on actual arrest or extradition to the US. The US does not have an extradition agreement with Iran.

"The numbers alone in this case are staggering, over 300 universities and 47 private sector companies both here in the United States and abroad were targeted to gain unauthorized access to online accounts and steal data. An estimated 30 terabytes was removed from universities’ accounts since this attack began, which is roughly the equivalent of 8 billion double-sided pages of text," said FBI Assistant Director William F. Sweeney Jr. "It is hard to quantify the value on the research and information that was taken from victims but it is estimated to be in the billions of dollars. The nine Iranians indicted today now find themselves wanted by the FBI and our partner law enforcement agencies around the globe – and like other cyber criminals they will soon learn their ability to freely move was just limited to the virtual world only."

According to the indictment, the Mabna Institute was under contract with the Iranian government as well as private entities for the operation, which began with a spear phishing campaign against more than 100,000 professors worldwide. They were able to infiltrate email accounts of some 8,000 of them, mostly in the US, but also in Australia, Canada, China, Denmark, Finland, Germany, Ireland, Israel, Italy, Japan, Malaysia, Netherlands, Norway, Poland, Singapore, South Korea, Spain, Sweden, Switzerland, Turkey, and the UK.

The hackers stole intellectual property from the universities, including academic journals, theses, dissertations, and electronic books.

Other US victims included three academic publishers, two media and entertainment companies, one law firm, 11 technology companies, five consulting firms, four marketing firms, two banking and/or investment firms, two online car sales companies, a healthcare company, an employee benefits company, an industrial machinery company, a biotechnology company, a food and beverage company, and a stock images company.

Those private sector victims were targeted via "password-spraying" methods that the hackers used to pilfer their credentials.  

DoJ Deputy Attorney General Rod Rosenstein said in a statement: "The Department of Justice will aggressively investigate and prosecute hostile actors who attempt to profit from America’s ideas by infiltrating our computer systems and stealing intellectual property. This case is important because it will disrupt the defendants' hacking operations and deter similar crimes," Rosenstein said.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the security track here. Register with Promo Code DR200 and save $200.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/27/2018 | 8:24:04 PM
Re: Universities Have More Intellectual Property than Industry
Scale of roll out (50,000+ users), cost, and resistance to change (user complexity) all present difficult challeges. That is true, two-factor is not something cheap to implement.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/27/2018 | 8:23:05 PM
Re: Universities Have More Intellectual Property than Industry
Technologies such as multi-factor authentication present defensive strategies as far as phishing is concerned. Two-factor is really good to secure logins, there are other issues once students are in the system.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/27/2018 | 8:19:19 PM
Re: Universities Have More Intellectual Property than Industry
We conssitently discover compromised accounts daily. That is the main problem with the students, some of the may be hacker by themselves.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/27/2018 | 8:13:55 PM
Re: Universities Have More Intellectual Property than Industry
Security to a large degree is inversely porportional to ease of use I agree with this, more security means more difficulties to get things done.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/27/2018 | 8:11:53 PM
Re: Universities Have More Intellectual Property than Industry
The challenge to a large degree is how sharp the spear phishing point is Students are target all the times and those put university systems at risk.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/27/2018 | 8:10:03 PM
Re: Universities Have More Intellectual Property than Industry
There are so many moving parts in academia, so "locking down" that traditionally and culturally open environment is a huge challenge for these institutions. I agree, university would like to keep systems open to public to spread the knowledge.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/27/2018 | 8:07:38 PM
Re: Universities Have More Intellectual Property than Industry
Universities have valuable IP that foreign adversaries would benefit from obtaining. That is true, everybody is after new knowledge wherever it is obviously.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/27/2018 | 8:05:20 PM
Re: Universities Have More Intellectual Property than Industry
This is particularly troublesome since many universities do not make cybersecurity a top issue in order to maintain an "open" environment That might be because university are open system in general, they want to release research results to get credit.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/27/2018 | 8:03:53 PM
Re: Universities Have More Intellectual Property than Industry
the attackers are going after the leading-bleeding edge research at universities. That is really interesting for me too. They were after knowledge obviously.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/27/2018 | 8:01:34 PM
31 terabytes
31 terabytes is huge number or research papers, most of those researches would be public at one point I would assume anyway.
Page 1 / 2   >   >>
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
White Hat to Black Hat: What Motivates the Switch to Cybercrime
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
PGA of America Struck By Ransomware
Dark Reading Staff 8/9/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Now about that mortgage refinance offer from Wells Fargo .....
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-6970
PUBLISHED: 2018-08-13
VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privil...
CVE-2018-14781
PUBLISHED: 2018-08-13
Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G The models identified above, when paired with a remote controller and having the "easy bolus" and "remote bolu...
CVE-2018-15123
PUBLISHED: 2018-08-13
Insecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart home.
CVE-2018-15124
PUBLISHED: 2018-08-13
Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device.
CVE-2018-15125
PUBLISHED: 2018-08-13
Sensitive Information Disclosure in Zipato Zipabox Smart Home Controller allows remote attacker get sensitive information that expands attack surface.