The US Department of Justice on Friday announced an indictment against nine Iranians charged with conducting an extensive, wide-ranging hacking campaign against the US on behalf of Iran’s military, accusing them of stealing thousands of academic papers from universities in a campaign to gather what US officials called "sensitive data."
All nine were hired by or in some way affiliated with the Mabna Institute, a consulting company whose website says it has offices in Tehran and Barcelona, but that Deputy Attorney General Rod Rosenstein said had contracts with Iran’s Islamic Revolutionary Guard Corps to undertake the hacking.
Since 2013, Rosenstein said, Mabna has hacked 144 American universities, 47 companies around the world, the United Nations, and several US government targets, including the Department of Labor and the states of Hawaii and Indiana.
Rosenstein suggested the purpose of the hacks was to give Iranian businesses proprietary information from US sources.
"By bringing these criminal charges, we reinforce a norm that most of the civilized world accepts: nation-states should not steal intellectual property for the purpose of giving domestic industries a competitive advantage," Rosenstein said.
The charges were announced at the same time that the Treasury Department announced it was imposing sanctions on the nine individuals and the institute for the hacks. A federal grand jury in Manhattan returned the indictment in February, but it wasn't unsealed until Friday.
“We will not tolerate the theft of U.S. intellectual property, or intrusions into our research institutions and universities," said Sigal Mandelker, the Treasury under secretary for terrorism and financial intelligence. "Treasury will continue to systematically use our sanctions authorities to shine a light on the Iranian regime’s malicious cyber practices, and hold it accountable for criminal cyber-attacks.”
There was no indication Friday that the hacks had caused permanent damage to any of the penetrated computer systems. But the timing of the indictments suggests they were part of a get-tough program by the Trump administration two months before it must certify whether Iran is complying with the Joint Comprehensive Plan of Action, the Obama-era plan to keep Iran from acquiring nuclear weapons. President Donald Trump has repeatedly said he intends to pull out of the deal, and has pressured European allies to join him or force Iran to renegotiate.
“As part of this administration's Iran strategy, we are committed to using our authorities to combat the regime's deception and its efforts to corrupt the international financial system,” Mandelker said.
The indictment doesn't make mention of destructive cyberattacks, the kind that Iran has previously been accused of deploying against adversaries in countries such as Saudi Arabia.
Instead, the scheme laid out in the indictment is largely one of massive academic fraud. The hackers sent phishing emails to about 100,000 professors, about half of whom were in the US, and whose specialties varied across the science and engineering fields, the indictment says.
Those efforts successfully garnered the credentials for about 8,000 logins around the world, again with about half of those at US universities. With those credentials, the Iranians were able to download about 31.5 terabytes of information, including doctoral dissertations and other studies. The hacked materials were in turn sold on two Iranian websites: Megapaper.ir, which sold the papers, and Gigapeper.ir, which sold academics' account login information so that customers could sign into academic libraries.
The indictment was the latest effort in a years-long strategy by the US to name hackers it believes are working for foreign governments. Such charges carry no chance of causing the hackers' own governments to extradite them. But state-sponsored hackers tend to be young and ambitious, and the US believes that naming them — which effectively limits their ability to travel to only the small number of countries that won’t extradite them to the US — can act as a deterrent against future hacks.
For years, the US engaged in an uneasy and destructive cyberwar with Iran, in which hacking played a central role for both sides, and which included both the Stuxnet worm that is thought responsible for the destruction of Iranian nuclear centrifuges and the Iranians' penetration of the control system for the Bowman dam in New York. That destructive activity quieted down around 2014, when the two countries agreed to the Iran nuclear deal.
The charges announced on Friday, which were filed in the US District Court for the Southern District of New York, included conspiracy to commit computer intrusions, conspiracy to commit wire fraud, computer fraud, wire fraud, and aggravated identify theft.
In 2014, the Justice Department accused five members of the Chinese military of hacking US targets and handing stolen intellectual property to Chinese businesses, a line the US says it does not cross.
Last week, the Trump administration formally accused Russian government hackers of a massive, sophisticated, and multipronged attempt to infiltrate the US power grid.
Rosenstein was joined at Friday's press conference by Manhattan's interim US Attorney Geoffrey Berman, who was appointed to the post — one of the most high-profile federal prosecutor jobs in the country — in January by Attorney General Jeff Sessions. Berman previously was under consideration by the White House to be Trump's nominee for the US attorney job, but the president has yet to announce his pick.
Berman told reporters on Friday that he had a message for the Iranian defendants: "We have worked tirelessly to identify you and you cannot hide behind a keyboard halfway around the world and expect not to be held to account."