Nine Iranian citizens have been charged in a huge hacking campaign that compromised U.S. universities, private companies and U.S. government entities.
The hackers, Gholamreza Rafatnejad, 38; Ehsan Mohammadi, 37; Abdollah Karima, aka Vahid Karima, 39; Mostafa Sadeghi, 28; Seyed Ali Mirkarimi, 34; Mohammed Reza Sabahi, 26; Roozbeh Sabahi, 24; Abuzar Gohari Moqadam, 37; and Sajjad Tahmasebi, 30, were all leaders, contractors, associates, hackers-for-hire or affiliates of the Mabna Institute. The Iran-based company was created in 2013 for the express purpose of illegally gaining access to non-Iranian scientific resources through computer intrusions. Members of the institute were contracted by the Islamic Revolutionary Guard Corps — one of several entities within the Iranian government responsible for gathering intelligence — as well as other Iranian government clients
FBI Deputy Director David Bowdich said that the hackers “compromised approximately 144 U.S.-based universities and 176 foreign universities in 21 countries” during a four-year campaign. He went on to say that, when the FBI learned of the campaign, “We notified the victims so they could take action to minimize the impact. And then we took action to find and stop these hackers.” Organizations that were compromised included the U.S. Department of Labor, the Federal Energy Regulatory Commission, the state of Hawaii, the state of Indiana, the United Nations, and the United Nations Children’s Fund.
The hackers targeted email accounts and computer systems through an elaborate spear phishing campaign, and stole more than 30 terabytes of academic data and intellectual property. Mabna Institute targeted and successfully compromised more than 8,000 American university professors’ accounts, gaining access to approximately $3.4 billion worth of data for free. An FBI agent who investigated the case said the hackers’ “primary goal was to obtain user names and passwords for the accounts of professors so they could gain unauthorized access and steal whatever kind of proprietary academic information they could get their hands on.”
In addition to targeting universities, the hackers gained access to employee e-mail accounts at nearly 50 private companies around the world — the majority of them U.S. firms — and during the same period began conducting intrusions against various U.S. federal agencies and other organizations such as the United Nations.
One brute force tactic that was employed was password spraying — simply collecting lists of names and e-mail accounts through open-source Internet searches and then guessing the users’ passwords, betting that some users never changed default company passwords or used common ones such as “password123.”
The nine defendants have been charged with conspiracy to commit computer intrusions, wire fraud, unauthorized access of a computer, and aggravated identity theft.
“This investigation involved a complex threat in a dynamic landscape, but today’s announcement highlights the commitment of the FBI and our partners to vigorously pursue those that threaten U.S. property and security,” said FBI Director Christopher Wray. “Today, not only are we publicly identifying the foreign hackers who committed these malicious cyber intrusions, but we are also sending a powerful message to their backers, the Government of the Islamic Republic of Iran: your acts do not go unnoticed. We will protect our innovation, ideas and information, and we will use every tool in our toolbox to expose those who commit these cyber crimes. Our memory is long; we will hold them accountable under the law, no matter where they attempt to hide.”