Tuesday, September 26, 2023
Courthouse News Service
Tuesday, September 26, 2023 | Back issues
Courthouse News Service Courthouse News Service

Nine Iranian Hackers Accused of Massive Cyber-Theft Spree

With the Trump administration ratcheting up rhetoric against Iran, U.S. prosecutors charged nine Islamic Revolutionary Guard-linked hackers on Friday with a massive cybercrime spree, involving hundreds of institutions, 31.5 terabytes of data, and $3.4 billion in damages.

MANHATTAN (CN) – With the Trump administration ratcheting up rhetoric against Iran, U.S. prosecutors unsealed charges on Friday implicating nine hackers linked to the Islamic Revolutionary Guard in a staggering cybercrime spree.

The attacks, as detailed in a 27-page indictment, targeted hundreds of universities around the globe, gleaning 31.5 terabytes of data and leaving a $3.4 billion trail of damages in its wake.

“Today, in one of the largest state-sponsored hacking campaigns ever prosecuted by the Department of Justice, we have unmasked criminals who normally hide behind the ones and zeros of computer code,” U.S. Attorney Geoffrey Berman said in a statement.

All nine of the men – Gholamreza Rafatnejad, Ehsan Mohammadi, Abdollah Karima, Mostafa Sadeghi, Seyed Ali Mirkarimi, Mohammed Reza Sabahi, Roozbeh Sabahi, Abuzar Gohari Moqadam and Sajjad Tahmasebi – remain at large in a country with few prospects for extradition.

In that respect, the new case tracks charges brought last year against Behzad Mesri, accused of hacking HBO on behalf of the Iranian military.

The Washington Post reported at the time that the Department of Justice had put pressure on its prosecutors to finalize their investigations in line with the White House’s hardline policies against Iran, which have included new sanctions and abandonment of the Iran nuclear deal, otherwise known as the Joint Comprehensive Plan of Action.

Berman meanwhile has insisted that the charges were not revealed prematurely, saying that the hackers’ travel has been severely restricted, even if they have eluded capture.

“The only way they will see the outside world is through their computer screens, but stripped of their greatest asset – anonymity,” the prosecutor said.

Dozens of other countries may have grievances against the men, as laid out in the indictment.

On top of targeting 144 U.S.-based academic institutions, the hackers allegedly breached the systems of at least 176 universities across 21 countries, in Australia, Canada, China, Denmark, Finland, Germany, Ireland, Israel, Italy, Japan, Malaysia, Netherlands, Norway, Poland, Singapore, South Korea, Spain, Sweden, Switzerland, Turkey and the United Kingdom.

“Since at least approximately 2013, the members of the conspiracy compromised thousands of accounts belonging to professors at victim universities and targeted academic data and intellectual property for theft, which, during the course of the conspiracy, cost the affected United States-based universities at least approximately $3.4 billion dollars to procure and access,” the indictment states.

“The stolen data, as well as access to compromised university accounts, was used to benefit the [Islamic Revolutionary Guard Corps] and other Iranian customers, including Iran-based universities,” it continues.

Prosecutors add that at least five U.S. government agencies, 36 private sector companies and two nongovernmental organizations were also targeted.

These academic materials allegedly benefited the Mabna Institute, an Iranian organization designed to assist scientific and research groups.

Karima, one of the nine defendants, also worked as a businessman for Falinoos, a seller of academic materials that operated various websites, including one called Megapaper.

“Sadeghi was also involved in the operation of, and maintained a financial interest in, the Megapaper website,” prosecutors say.

While the indictment is undated, the file’s metadata suggests that it was created on Feb. 7, 2018, drawing questions from national-security reporter Marcy Wheeler.

“Perhaps there was more sensitive data stolen here,” she wrote on her website EmptyWheel. “Perhaps the professors who got hacked were more selectively targeted than the sheer number of academics targeted — 100,000 got phished, with almost 8,000 responding — suggests.

“But absent far more details, this indictment seems to make an international incident out of people in a very closed society trying to access academic information that is readily available here,” she added.

Prosecutors unsealed today’s charges at a press conference in Washington today, the morning after Trump tapped as his national security adviser John Bolton, a foreign-policy radical who previously called for war against Iran.

Categories / Criminal, Government, International, Technology

Read the Top 8

Sign up for the Top 8, a roundup of the day's top stories delivered directly to your inbox Monday through Friday.