9 Iranians Indicted for Massive Hacking Scheme

Cybercrime , Cyberwarfare / Nation-state attacks , Fraud Management, Cybercrime

Thousands of Professors Worldwide Among Allegedly Those Targeted

9 Iranians Indicted for Massive Hacking Scheme

(Watch for updates on this developing story)

See Also: How to Scale Your Vendor Risk Management Program

The U.S. Department of Justice has announced the indictment of nine Iranians alleged to have penetrated systems belonging to hundreds of U.S. and foreign universities, government entities and private companies to steal more than 31 terabytes of documents and data.

Among those who were victims of the hacks were 8,000 professors at 144 U.S. universities and 176 foreign universities, the Justice Department said. Also targeted were 30 U.S. companies and five U.S. government agencies.

In addition to the indictments on multiple charges revealed Friday, the Justice Department announced that all of those charged, and the Mabna Institute, the company they worked for, will be designated for sanctions.

Iran Government Involvement

“The defendants conducted many of these intrusions on behalf of … Iran’s Islamic Revolutionary Guard Corps, one of several entities within the government of Iran responsible for gathering intelligence, as well as other Iranian government and university clients,” the Justice Department notes.

The hackers used stolen account credentials to obtain unauthorized access to professors’ accounts, which they used to steal research and other academic data and documents, including, among other things, academic journals, theses, dissertations and electronic books, prosecutors say.

According to the Washington Post, as a result of the indictments, the defendants cannot travel to more than 100 countries without fear of arrest and extradition to the United States. The sanctions block any transactions with those named and freeze any assets they may have under U.S. jurisdiction, the newspaper reports.

Commenting on the indictments, Rep. Jim Langevin, D-R.I., co-chair of the Congressional Cybersecurity Caucus and a senior member of the House Committees on Armed Services and Homeland Security, said: “Any actor, state, criminal or otherwise, must realize that malicious actions in cyberspace will have consequences. … The internet is not the “Wild West,” and when rogue institutions like the Iranian Revolutionary Guard Corps use illicit hacking campaigns to support their deeds, the United States will not sit idly by.”