US Grand Jury Indicts Iranians For Global University Hacks
An FBI investigation which has taken place over five years saw the indictments of nine Iranian hackers announced at a special Department of Justice press conference by Deputy Attorney General Rosenstein on March 23.
The charges are a boost to the credibility and reputation of the FBI which has been under near constant attack by the GOP and White House administration due to the Russia inquiry led by Special Prosecutor Robert Mueller and President Trump's hideous relationship with now former directors James Comey and Andrew McCabe.
FBI Director Christopher Wray and the many Department of Justice employees who worked to secure the indictments were openly praised by the on-stage team led by Rosenstein.
"Strategically, the announcement of non-Russia related indictments not only bolsters the FBI's domestic position, but acts as a stark warning to other foreign states and the Kremlin. With fresh Mueller indictments due, believed to include public officials and Russian state hackers, Rosenstein has set a clear stall and told America's remaining friends the US still has skin in the game."
The Deputy Attorney General announced that a: "federal grand jury in the Southern District of New York indicted nine Iranians for conspiring to hack into computers and defraud American and foreign universities, businesses, and government agencies."
The indictment alleges that the defendants worked on behalf of the Iranian government and named the Islamic Revolutionary Guard Corps as ultimately responsible.
The hackers targeted the systems of 320 universities across 22 countries, stealing scientific research worth an estimated $3.4 billion. The files and data was then either used by the Revolutionary Guard or sold on for profit.
The nine defendants hid behind an organisation known as the Mabna Institute, created by two of the defendants under the mask of a legitimate organisation aimed at helping Iranian universities access scientific research.
The indictment charges nine defendants with seven federal offences, including computer fraud, wire fraud, conspiracy, and identity theft.
"the Mabna Institute stole more than 31 terabytes of academic data and intellectual property from universities, and email accounts of employees at private sector companies, government agencies, and non-governmental organizations."
The Iranians, Gholamreza Rafatnejad, Ehsan Mohammadi, Abdollah Karima, aka Vahid Karima, Mostafa Sadeghi, Seyed Ali Mirkarimi, Mohammed Reza Sabahi, Roozbeh Sabahi, Abuzar Gohari Moqadam, and Sajjad Tahmasebi, all citizens and residents of Iran, were each leaders, contractors, associates, hackers-for-hire or affiliates of the Mabna Institute.
The Iran-based company, since at least 2013, conducted a coordinated campaign of cyber intrusions into computer systems belonging to 144 U.S. universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies, the U.S. Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the United Nations, and the United Nations Children’s Fund.
Through the defendants’ activities, the Mabna Institute stole more than 31 terabytes of academic data and intellectual property from universities, and email accounts of employees at private sector companies, government agencies, and non-governmental organizations.
Rosenstein added: "The events described in this indictment highlight the need for universities and other organizations to emphasize cyber security, increase threat awareness, and harden their computer networks. The second important point is that our work on this case is critically important because it will disrupt the criminal operations of the Mabna Institute and deter similar crimes by others."
The prosecutors and FBI are now working with foreign law enforcement agencies and the private sector to help "neutralize Mabna’s hacking infrastructure."
As a result of the indictment, the defendants are now fugitives and cannot travel to more than one hundred countries without fear of arrest and extradition. They have been named, the Department of Justice stated, to strip them of their anonymity and ensure they cannot hide.
In a pointed remark, Rosenstein added: "By making clear that criminal actions have consequences, we deter schemes to victimize the United States, its companies, and its citizens, and we help protect foreign allies."
"That type of criminal activity does not just cause economic harm. It also threatens our national security. Identifying and prosecuting computer hackers is a priority for the Department of Justice."
Strategically, the announcement of non-Russia related indictments not only bolsters the FBI's domestic position, but acts as a stark warning to other foreign states and the Kremlin. With fresh Mueller indictments due, believed to include public officials and Russian state hackers, Rosenstein has set a clear stall and told America's remaining friends the US still has skin in the game.
Rosenstein's announcement commenced with a renewed commitment to the protection of America from hackers and set out the true scope of the harm they cause.
"When hackers gain unlawful access to computers, it can take only a few minutes to steal discoveries produced by many years of work and many millions of dollars of investment. That type of criminal activity does not just cause economic harm. It also threatens our national security. Identifying and prosecuting computer hackers is a priority for the Department of Justice," he said.
Last night, the Daily Beast reported fresh evidence confirming the DNC hacker who worked with Julian Assange to ruin Hillary Clinton's election bid was a Russian GRU agent. This has been public knowledge since 2017 and is likely to form one strand of the forthcoming Mueller charges.
Background to the Mabna Institute and the University Hacks From the DOJ:
Gholamreza Rafatnejad and Ehsan Mohammadi, two of the defendants, founded the Mabna Institute in approximately 2013 to assist Iranian universities and scientific and research organizations in stealing access to non-Iranian scientific resources. In furtherance of its mission, the Mabna Institute employed, contracted, and affiliated itself with hackers-for-hire and other contract personnel to conduct cyber intrusions to steal academic data, intellectual property, email inboxes and other proprietary data, including Abdollah Karima, aka Vahid Karima, Mostafa Sadeghi, Seyed Ali Mirkarimi, Mohammed Reza Sabahi, Roozbeh Sabahi, Abuzar Gohari Moqadam, and Sajjad Tahmasebi. The Mabna Institute contracted with both Iranian governmental and private entities to conduct hacking activities on their behalf, and specifically conducted the university spearphishing campaign on behalf of the IRGC. The Mabna Institute is located at Tehran, Sheikh Bahaii Shomali, Koucheh Dawazdeh Metri Sevom, Plak 14, Vahed 2, Code Posti 1995873351.
The Mabna Institute, through the activities of the defendants, targeted more than 100,000 accounts of professors around the world. They successfully compromised approximately 8,000 professor email accounts across 144 U.S.-based universities, and 176 universities located in foreign countries, including Australia, Canada, China, Denmark, Finland, Germany, Ireland, Israel, Italy, Japan, Malaysia, Netherlands, Norway, Poland, Singapore, South Korea, Spain, Sweden, Switzerland, Turkey and the United Kingdom. The campaign started in approximately 2013, continued through at least December 2017, and broadly targeted all types of academic data and intellectual property from the systems of compromised universities. Through the course of the conspiracy, U.S.-based universities spent more than approximately $3.4 billion to procure and access such data and intellectual property.
The members of the conspiracy used stolen account credentials to obtain unauthorized access to victim professor accounts, which they used to steal research, and other academic data and documents, including, among other things, academic journals, theses, dissertations, and electronic books. The defendants targeted data across all fields of research and academic disciplines, including science and technology, engineering, social sciences, medical, and other professional fields. The defendants stole at least approximately 31.5 terabytes of academic data and intellectual property, which they exfiltrated to servers outside the United States that were under the control of members of the conspiracy.
In addition to stealing academic data and login credentials for the benefit of the Government of Iran, the defendants also sold the stolen data through two websites, Megapaper.ir (Megapaper) and Gigapaper.ir (Gigapaper). Megapaper was operated by Falinoos Company, a company controlled by Abdollah Karima, aka Vahid Karima, the defendant, and Gigapaper was affiliated with Karima. Megapaper sold stolen academic resources to customers within Iran, including Iran-based public universities and institutions, and Gigapaper sold a service to customers within Iran whereby purchasing customers could use compromised university professor accounts to directly access the online library systems of particular U.S.-based and foreign universities.
Prior to the unsealing of the Indictment, the FBI provided foreign law enforcement partners with detailed information regarding victims within their jurisdictions, so that victims in foreign countries could be notified and foreign partners could assist in remediation efforts.
The FBI provided private sector partners detailed information regarding the vulnerabilities targeted and the intrusion vectors used by the Mabna Institute in their campaign against private sector companies.
Rafatnejad, Mohammadi, Karima, Sadeghi, Mirkarimi, Sabahi, Sabahi, Moqadam and Tahmasebi was each is charged with one count of conspiracy to commit computer intrusions, which carries a maximum sentence of five years in prison; one count of conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison; two counts of unauthorized access of a computer, each of which carries a maximum sentence of five years in prison; two counts of wire fraud, each of which carries a maximum sentence of 20 years in prison; and one count of aggravated identity theft, which carries a mandatory sentence of two years in prison. The maximum potential sentences in this case are prescribed by Congress and are provided here for informational purposes only, as any sentencings of the defendants will be determined by the assigned judge.