U.S. Charges Nine Iranians With Cyberattack Campaign
The Wall Street Journal- 23 March 20 18- Federal prosecutors unsealed criminal charges Friday accusing nine Iranians of orchestrating years of cyberattacks on behalf of the Iranian government to steal data from hundreds of universities and businesses in the U.S. and abroad, in one of the largest state-sponsored hacking cases ever charged by the Justice Department.
Prosecutors say the defendants stole more than 31 terabytes of data for financial gain. Among the victims were 144 American universities, 36 American companies and five American government agencies, including the U.S. Labor Department.
Many of the cyberintrusions were performed on behalf of the Islamic Revolutionary Guard Corps, an Iranian government entity responsible for gathering intelligence, according to prosecutors. The group has been labeled a terrorist organization by the U.S.
“At the crux of this case is the fact that the government of Iran systematically and methodically hacked into our country’s computer networks with the intent to steal as much information as possible,” said Geoffrey Berman, the interim Manhattan U.S. attorney.
The hacking campaign lasted from 2013 through at least late 2017, according to prosecutors.
The defendants—Gholamreza Rafatnejad, Ehsan Mohammadi, Abdollah Karima, Mostafa Sadeghi, Seyed Ali Mirkarimi, Mohammed Reza Sabahi, Roozbeh Sabahi, Abuzar Gohari Moqadam and Sajjad Tahmasebi—are at large overseas and haven’t been arrested. The U.S. doesn’t have an extradition treaty with Iran.
Lawyers for the defendants couldn’t immediately be identified. They each face seven criminal charges in Manhattan federal court, including conspiracies to commit computer intrusions and wire fraud.
U.S. officials said the defendants were affiliated with the Mabna Institute, an Iran-based company founded in 2013 to help Iranian universities and research organizations steal access to scientific resources outside Iran. The institute allegedly employs hackers-for-hire to take academic data, intellectual property and email accounts.
On Friday, the U.S. Treasury also imposed sanctions against the nine defendants and the Mabna Institute. The sanctions block their access to U.S. companies and entities, including financial transactions.
Friday’s actions represent a broader strategy by the Trump administration to pressure Iran as Washington pushes Europe to bolster its own sanctions regime against Iran. The Trump administration has particularly targeted the IRGC, trying to loosen the group’s grip on the country.
A spokesman for the Iranian mission to the United Nations didn’t respond to a request for comment.
The Iranians allegedly targeted more than 100,000 email accounts of professors around the world and successfully compromised approximately 8,000 of them. About half of the compromised accounts belonged to professors at U.S. universities.
Prosecutors say the hackers stole data and intellectual property across all fields of research, including science, technology, engineering and medical fields.
The stolen materials and login credentials were obtained for the IRGC’s benefit and sold to public universities in Iran, U.S. officials said. One service allowed customers in Iran to directly access online library systems of certain U.S. universities.
Prosecutors said universities had paid a total of $3.4 billion to access the academic materials that the hackers had accessed for free.
The indictment showed the group using techniques that exploited common mistakes among computer users.
The suspects breached university networks by sending professors emails in which the hackers pretended to be professors at other schools expressing interest in their academic articles, the indictment said. The emails contained purported links to other articles, which led to a site designed to look like a login page for the victim professor’s university. If the professor clicked on the links and entered his or her login credentials, hackers would capture the credentials and access the university computer systems.
The group is also accused of hacking email accounts at 36 private companies in the U.S., including 11 technology firms, a law firm, a health-care company and five consulting firms. The indictment didn’t name the corporate victims.
With the companies, the hackers used a technique called “password spraying” to gain access to email accounts by plugging in commonly used passwords, according to the indictment. After obtaining access, the defendants took entire email inboxes from victims and established rules that automatically forwarded all future emails from the account to the hackers.
David Bowdich, the Federal Bureau of Investigation’s acting deputy director, said all computer users should use multifactor authentication and strong passwords.
The group also allegedly hacked the U.S. government and other agencies, including the U.S. Labor Department, the United Nations and the states of Hawaii and Indiana. Another victim was the Federal Energy Regulatory Commission, which regulates wholesale energy markets and contains details of the country’s most sensitive infrastructure, according to prosecutors.
In recent years, the Justice Department has become more willing to publicly announce criminal charges against nation-state hackers, a practice known as “naming and shaming” because the defendants typically live in countries where U.S. officials can’t make arrests.
Whether such “name-and-shame” indictments deter nation-state hackers has been debated among law-enforcement officials, some of whom argue keeping the cases under seal better facilitates intelligence-gathering. Before publicizing such charges, prosecutors have to weigh the likelihood the defendants will travel or can be lured to another country where arrests can be made.
The first public indictment against hackers tied to the Iranian government was unsealed in 2016, when prosecutors said Iranian hackers attacked the U.S. financial system and accessed the server that controlled a dam in Rye, N.Y.
On Friday, the U.S. Treasury also imposed sanctions against Behzad Mesri, an alleged hacker linked to Iran’s military who was charged last year with stealing unreleased scripts of “Game of Thrones” from HBO’s computer network and threatening to leak them publicly unless HBO paid a multimillion-dollar ransom.
Mr. Mesri is at large overseas, and a lawyer for him couldn’t be identified
Prosecutors say the defendants stole more than 31 terabytes of data for financial gain. Among the victims were 144 American universities, 36 American companies and five American government agencies, including the U.S. Labor Department.
Many of the cyberintrusions were performed on behalf of the Islamic Revolutionary Guard Corps, an Iranian government entity responsible for gathering intelligence, according to prosecutors. The group has been labeled a terrorist organization by the U.S.
“At the crux of this case is the fact that the government of Iran systematically and methodically hacked into our country’s computer networks with the intent to steal as much information as possible,” said Geoffrey Berman, the interim Manhattan U.S. attorney.
The hacking campaign lasted from 2013 through at least late 2017, according to prosecutors.
The defendants—Gholamreza Rafatnejad, Ehsan Mohammadi, Abdollah Karima, Mostafa Sadeghi, Seyed Ali Mirkarimi, Mohammed Reza Sabahi, Roozbeh Sabahi, Abuzar Gohari Moqadam and Sajjad Tahmasebi—are at large overseas and haven’t been arrested. The U.S. doesn’t have an extradition treaty with Iran.
Lawyers for the defendants couldn’t immediately be identified. They each face seven criminal charges in Manhattan federal court, including conspiracies to commit computer intrusions and wire fraud.
U.S. officials said the defendants were affiliated with the Mabna Institute, an Iran-based company founded in 2013 to help Iranian universities and research organizations steal access to scientific resources outside Iran. The institute allegedly employs hackers-for-hire to take academic data, intellectual property and email accounts.
On Friday, the U.S. Treasury also imposed sanctions against the nine defendants and the Mabna Institute. The sanctions block their access to U.S. companies and entities, including financial transactions.
Friday’s actions represent a broader strategy by the Trump administration to pressure Iran as Washington pushes Europe to bolster its own sanctions regime against Iran. The Trump administration has particularly targeted the IRGC, trying to loosen the group’s grip on the country.
A spokesman for the Iranian mission to the United Nations didn’t respond to a request for comment.
The Iranians allegedly targeted more than 100,000 email accounts of professors around the world and successfully compromised approximately 8,000 of them. About half of the compromised accounts belonged to professors at U.S. universities.
Prosecutors say the hackers stole data and intellectual property across all fields of research, including science, technology, engineering and medical fields.
The stolen materials and login credentials were obtained for the IRGC’s benefit and sold to public universities in Iran, U.S. officials said. One service allowed customers in Iran to directly access online library systems of certain U.S. universities.
Prosecutors said universities had paid a total of $3.4 billion to access the academic materials that the hackers had accessed for free.
The indictment showed the group using techniques that exploited common mistakes among computer users.
The suspects breached university networks by sending professors emails in which the hackers pretended to be professors at other schools expressing interest in their academic articles, the indictment said. The emails contained purported links to other articles, which led to a site designed to look like a login page for the victim professor’s university. If the professor clicked on the links and entered his or her login credentials, hackers would capture the credentials and access the university computer systems.
The group is also accused of hacking email accounts at 36 private companies in the U.S., including 11 technology firms, a law firm, a health-care company and five consulting firms. The indictment didn’t name the corporate victims.
With the companies, the hackers used a technique called “password spraying” to gain access to email accounts by plugging in commonly used passwords, according to the indictment. After obtaining access, the defendants took entire email inboxes from victims and established rules that automatically forwarded all future emails from the account to the hackers.
David Bowdich, the Federal Bureau of Investigation’s acting deputy director, said all computer users should use multifactor authentication and strong passwords.
The group also allegedly hacked the U.S. government and other agencies, including the U.S. Labor Department, the United Nations and the states of Hawaii and Indiana. Another victim was the Federal Energy Regulatory Commission, which regulates wholesale energy markets and contains details of the country’s most sensitive infrastructure, according to prosecutors.
In recent years, the Justice Department has become more willing to publicly announce criminal charges against nation-state hackers, a practice known as “naming and shaming” because the defendants typically live in countries where U.S. officials can’t make arrests.
Whether such “name-and-shame” indictments deter nation-state hackers has been debated among law-enforcement officials, some of whom argue keeping the cases under seal better facilitates intelligence-gathering. Before publicizing such charges, prosecutors have to weigh the likelihood the defendants will travel or can be lured to another country where arrests can be made.
The first public indictment against hackers tied to the Iranian government was unsealed in 2016, when prosecutors said Iranian hackers attacked the U.S. financial system and accessed the server that controlled a dam in Rye, N.Y.
On Friday, the U.S. Treasury also imposed sanctions against Behzad Mesri, an alleged hacker linked to Iran’s military who was charged last year with stealing unreleased scripts of “Game of Thrones” from HBO’s computer network and threatening to leak them publicly unless HBO paid a multimillion-dollar ransom.
Mr. Mesri is at large overseas, and a lawyer for him couldn’t be identified
#ایران #تهران #قیام_دیماه#اعتصاب #تظاهرات_سراسری #قیام سراسری #اتحاد #آزادی#ما براندازیم #نوروز مبارک #آ#ايران
مطالب مارا درتو ئیتر بنام @ bahareazady ودر وبلاک خط سرخ مقاومت دنبال کنید
