Iran Hacking Operation Swiped 15B Pages of Academic Data, Infiltrated Government Agencies

Iran Hacking Operation Swiped 15B Pages of Academic Data, Infiltrated Government Agencies
(Office of the Iranian Supreme Leader via AP)

WASHINGTON — Deputy Attorney General Rod Rosenstein today announced the indictment of nine Iranians accused of perpetrating a large-scale hacking campaign on U.S. colleges and businesses on behalf of the Islamic Revolutionary Guard Corps.

Gholamreza Rafatnejad, 38, Ehsan Mohammadi, 37, Abdollah Karima aka Vahid Karima, 39, Mostafa Sadeghi, 28, Seyed Ali Mirkarimi, 34, Mohammed Reza Sabahi, 26, Roozbeh Sabahi, 24, Abuzar Gohari Moqadam, 37, and Sajjad Tahmasebi, 30, all citizens and residents of Iran, are charged with computer fraud, wire fraud, conspiracy and identity theft in conducting a coordinated campaign since 2013 of cyber intrusions into computer systems belonging to 144 U.S. universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies, the U.S. Department of Labor, the Federal Energy Regulatory Commission, the state of Hawaii, the state of Indiana, the United Nations, and the United Nations Children’s Fund.

They worked for the Iran-based Mabna Institute, which was also sanctioned by Treasury’s Office of Foreign Assets Control today along with the nine defendants.

Altogether, the hackers stole more than 31 terabytes of academic data and intellectual property from universities, and email accounts of employees at private sector companies, government agencies, and non-governmental organizations, said the DOJ.

At a news conference today, Rosenstein said the Justice Department is “working with foreign law enforcement agencies and providing the private sector with information that will help to neutralize Mabna’s hacking infrastructure.”

“By bringing these criminal charges, we reinforce the norm that most of the civilized world accepts: Nation-states should not steal intellectual property for the purpose of giving domestic industries a competitive advantage,” he said. “As a result of the indictment, these defendants are now fugitives from justice. There are more than 100 countries where they may face arrest and extradition to the United States. And, thanks to the Treasury Department, the defendants will find it difficult to engage in business or financial transactions outside of Iran.”

U.S. Attorney Geoffrey Berman said the defendants “targeted more than 100,000 accounts of university professors around the world and, by tricking professors to click on false links, compromised 8,000 accounts,” and “once they gained access to these accounts, the defendants stole massive amounts of academic data and intellectual property.”

“The universities combined had to pay $3.4 billion to access this information. The defendants got it for free,” Berman said. “They targeted data and research from all fields, including science and technology, engineering, social science, medical and other professional fields.”

The stolen documents amounted to more than 15 billion pages of data, he said, comprising “the innovations and intellectual property of some of our country’s greatest minds.”

In the private-sector hacking, the Iranians allegedly infiltrated law firms, technology companies, consulting companies, financial services firms, health care companies, biotechnology companies and others.

“Once they gained access, the defendants, among other things, stole entire e-mail mailboxes from the victims. They even set up rules in the stolen accounts to secretly forward all new e-mails to the defendants,” Berman said. On the government hacking, the Iranians are accused of going after agencies with “details of some of this country’s most sensitive infrastructure.”

“Do not forget: At the crux of this case is the fact that the government of Iran systematically and methodically hacked into our country’s computer networks with the intent to steal as much information as possible,” he added.