U.S. indicts Iranian hackers

The Departments of Justice and Treasury announced indictments and sanctions for an Iranian company and 10 individuals for stealing billions of dollars in research and intellectual property from universities in the United States and around the world.

Cyber Attack
 

Federal officials announced indictments and sanctions in a hacking prosecution involving the theft of $4.2 billion in research data and intellectual property by individuals linked to Iran's Revolutionary Guard.

In a joint press conference held March 23, officials from the Departments of Justice and Treasury, led by Deputy Attorney General Rod Rosenstein, announced charges against the Mabna Institute and nine individuals for computer fraud, wire fraud, conspiracy and identity theft for a multiyear campaign that included stealing 31.5 terabytes and $4.2 billion of research data and intellectual property from universities in the United States and around the world.

According to officials, the group pilfered data from 320 research universities, 144 of which are located in the U.S., on behalf of the Revolutionary Guard Corps, a powerful branch of the Iranian military.

Treasury officials announced economic sanctions on Mabna and 10 individuals for the same offenses.

According to the indictment, the group also compromised the computer systems of "at least five U.S. federal and state government agencies, at least 36 private sector companies, and at least two non-governmental organizations" though it's not clear to what extent those systems were breached or what if any data was stolen. The Department of Labor, the Federal Energy Regulatory Commission, Hawaii, Indiana and the United Nations are listed as victims.

The indictments mean the individuals will be subject to extradition to the U.S. in over 100 countries, while the sanctions could significantly limit their ability to do business outside of Iranian borders.

"When hackers gain unlawful access to computers, it can take them only a few minutes to steal discoveries that were produced by many years of work and many millions of dollars of investment," said Rosenstein. "That type of activity does not just cause economic harm, it also threatens America's national security."

According to the indictment, the group used a mix of online research, spear phishing, stolen account credentials and social engineering to target 3,768 university professors and approximately 8,000 email accounts in order to steal intellectual property and research data. The indictment alleges the stolen data was turned over to the Revolutionary Guard Corps and used to benefit Iranian private businesses.

White House Cybersecurity Coordinator Rob Joyce called on other nations to "follow suit and impose costs" on Iran. Following the press conference, the United Kingdom's National Cyber Security Centre assessed with "high confidence" that Mabna Institute and the Iranian government were behind the attacks.

The announcements continue a pattern of U.S. intelligence and law enforcement's "name and shame" strategy against state-sponsored hacking operations. Top national security officials in the Trump administration have increasingly relied on the tactic over the past year, saying that calling out countries on the world stage strips them of plausible deniability and puts international pressure on them to stay within established norms. 

"It is vitally important that we back the emerging consensus regarding norms of state behavior with action, which is exactly what the government has done today," said Rep. Jim Langevin (D-R.I.), co-chair of the Congressional Cybersecurity Caucus. "The world of these hackers has just gotten much smaller thanks to [what] awaits them in an American courtroom."

David Bowdich, deputy director of the FBI, indicated that the individuals were not Iranian government officials or intelligence operatives, but rather private government contractors "hacking at the behest" of the Iranian military. That led some former intelligence officials to question whether the U.S. was opening the door for other countries to take similar actions against contractors who work for the U.S. government.

Jake Williams, a cybersecurity expert and Army veteran, spoke out against the moves on Twitter, saying the U.S. itself may be crossing a line by charging private contractors that work on behalf of their governments.

"Mabna Institute is as much a [government]-controlled entity as Booz Allen [Hamilton] is over here in the U.S.," said Williams. "We're charging [government] hackers and government contractors. Speak out against this now or shut up when it happens to us."