Attacks/Breaches

3/23/2018
11:30 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

DoJ Indicts 9 Iranians for Hacking into Hundreds of Universities, FERC, Dept. of Labor, Others

Suspects were operating on behalf of Iranian government and the Iranian Revolutionary Guard, US officials said.

The US Department of Justice today announced indictments of nine Iranian nationals for stealing more than 31 terabytes of data from over 140 universities, 30 companies, and five government agencies in the US as well as from victims in 21 other countries in one of the largest nation-state sponsored cyberattack campaigns ever prosecuted by the agency.

The alleged hackers worked on behalf of the Iranian government's Islamic Revolutionary Guard, under the guise of an Iranian company called the Mabna Institute, where they were leaders, contractors, associates or hired hackers for Mabna, which first launched the attacks in 2013. In addition to the 176 universities worldwide hit by the attackers, other victims included the US Department of Labor, the Federal Energy Regulatory Commission (FERC), the State of Hawaii, the State of Indiana, the United Nations, and the United Nations Children's Fund. 

Some 8,000 professors' accounts were hacked, and their stolen credentials and email passed to the IRGC as well as later sold in Iran via Megapaper.ir and Gigapaper.ir, websites where customers could access the online library systems of the hacked universities. 

The alleged hackers named in the indictment are Gholamreza Rafatnejad, Ehsan Mohammadi, Abdollah Karima aka Vahid Karima, Mostafa Sadeghi, Seyed Ali Mirkarimi, Mohammed Reza Sabahi, Roozbeh Sabahi, Abuzar Gohari Moqadam, and Sajjad Tahmasebi. They were each charged with multiple counts of conspiracy and unauthorized access to a computer, as well as aggravated identity theft. But prosecution depends on actual arrest or extradition to the US. The US does not have an extradition agreement with Iran.

"The numbers alone in this case are staggering, over 300 universities and 47 private sector companies both here in the United States and abroad were targeted to gain unauthorized access to online accounts and steal data. An estimated 30 terabytes was removed from universities’ accounts since this attack began, which is roughly the equivalent of 8 billion double-sided pages of text," said FBI Assistant Director William F. Sweeney Jr. "It is hard to quantify the value on the research and information that was taken from victims but it is estimated to be in the billions of dollars. The nine Iranians indicted today now find themselves wanted by the FBI and our partner law enforcement agencies around the globe – and like other cyber criminals they will soon learn their ability to freely move was just limited to the virtual world only."

According to the indictment, the Mabna Institute was under contract with the Iranian government as well as private entities for the operation, which began with a spear phishing campaign against more than 100,000 professors worldwide. They were able to infiltrate email accounts of some 8,000 of them, mostly in the US, but also in Australia, Canada, China, Denmark, Finland, Germany, Ireland, Israel, Italy, Japan, Malaysia, Netherlands, Norway, Poland, Singapore, South Korea, Spain, Sweden, Switzerland, Turkey, and the UK.

The hackers stole intellectual property from the universities, including academic journals, theses, dissertations, and electronic books.

Other US victims included three academic publishers, two media and entertainment companies, one law firm, 11 technology companies, five consulting firms, four marketing firms, two banking and/or investment firms, two online car sales companies, a healthcare company, an employee benefits company, an industrial machinery company, a biotechnology company, a food and beverage company, and a stock images company.

Those private sector victims were targeted via "password-spraying" methods that the hackers used to pilfer their credentials.  

DoJ Deputy Attorney General Rod Rosenstein said in a statement: "The Department of Justice will aggressively investigate and prosecute hostile actors who attempt to profit from America’s ideas by infiltrating our computer systems and stealing intellectual property. This case is important because it will disrupt the defendants' hacking operations and deter similar crimes," Rosenstein said.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the security track here. Register with Promo Code DR200 and save $200.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/27/2018 | 8:24:04 PM
Re: Universities Have More Intellectual Property than Industry
Scale of roll out (50,000+ users), cost, and resistance to change (user complexity) all present difficult challeges. That is true, two-factor is not something cheap to implement.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/27/2018 | 8:23:05 PM
Re: Universities Have More Intellectual Property than Industry
Technologies such as multi-factor authentication present defensive strategies as far as phishing is concerned. Two-factor is really good to secure logins, there are other issues once students are in the system.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/27/2018 | 8:19:19 PM
Re: Universities Have More Intellectual Property than Industry
We conssitently discover compromised accounts daily. That is the main problem with the students, some of the may be hacker by themselves.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/27/2018 | 8:13:55 PM
Re: Universities Have More Intellectual Property than Industry
Security to a large degree is inversely porportional to ease of use I agree with this, more security means more difficulties to get things done.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/27/2018 | 8:11:53 PM
Re: Universities Have More Intellectual Property than Industry
The challenge to a large degree is how sharp the spear phishing point is Students are target all the times and those put university systems at risk.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/27/2018 | 8:10:03 PM
Re: Universities Have More Intellectual Property than Industry
There are so many moving parts in academia, so "locking down" that traditionally and culturally open environment is a huge challenge for these institutions. I agree, university would like to keep systems open to public to spread the knowledge.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/27/2018 | 8:07:38 PM
Re: Universities Have More Intellectual Property than Industry
Universities have valuable IP that foreign adversaries would benefit from obtaining. That is true, everybody is after new knowledge wherever it is obviously.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/27/2018 | 8:05:20 PM
Re: Universities Have More Intellectual Property than Industry
This is particularly troublesome since many universities do not make cybersecurity a top issue in order to maintain an "open" environment That might be because university are open system in general, they want to release research results to get credit.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/27/2018 | 8:03:53 PM
Re: Universities Have More Intellectual Property than Industry
the attackers are going after the leading-bleeding edge research at universities. That is really interesting for me too. They were after knowledge obviously.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/27/2018 | 8:01:34 PM
31 terabytes
31 terabytes is huge number or research papers, most of those researches would be public at one point I would assume anyway.
Page 1 / 2   >   >>
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20161
PUBLISHED: 2018-12-15
A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the...
CVE-2018-20159
PUBLISHED: 2018-12-15
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a "...
CVE-2018-20157
PUBLISHED: 2018-12-15
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
CVE-2018-20154
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.
CVE-2018-20155
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.