The Trump administration has announced indictments and sanctions against multiple hackers who acted as contractors for a secretive branch of Iran’s armed forces.
On Friday, the Justice Department unsealed charges against nine Iranian nationals for hacking into the networks of multiple U.S. universities, municipal and federal government agencies and other American businesses. The hackers allegedly sought to steal valuable academic research and leverage the high bandwidth networks for future operations.
A senior U.S. official who spoke on condition of anonymity explained the Trump administration believes the punishment will be more damaging than similar indictments against other nation-states that have attacked U.S. companies, like Russia or China. This is because many of those named Friday are private citizens that currently enjoy the ability to travel internationally and some may even own assets abroad. Government officials do not expect the same impact on those indicted in previous instances.
“These nine Iranian nationals allegedly stole more than 31 terabytes of documents and data from more than 140 American universities, 30 American companies, five American government agencies, and also more than 176 universities in 21 foreign countries,” Deputy Attorney General Rod Rosenstein said in a statement. “For many of these intrusions, the defendants acted at the behest of the Iranian government and, specifically, the Iranian Revolutionary Guard Corps.”
All of the individuals facing charges worked for the Mabna Institute, a quasi-government technology company based in Iran. In the past, this company has hacked both for profit and country.
“We’re focusing on people who support IRGC (Islamic Revolutionary Guard Corps) in some of their cyber operations,” the senior U.S. official told CyberScoop. “They have this dual personality where they’ve been hacking for profit as well as hacking information, which they sell to the Iranian government, as well as provide capabilities to the Iranian government.”
The Mabna Institute has helped the IRGC with their offensive cyber operations in the past by providing them with compromised computer networks to launch attacks from.
“The theme is that Iran is a nation state that doesn’t seem to clean up those quasi-government supported elements,” the official added. “So this is a place where sanctions or indictments could have real effect. Because unlike an intel officer, we’re going to hit a commercial entity … the people in that ecosystem worry about their ability to travel. We like that you can see this is going to squeeze them pretty hard.”
The Department of Justice, FBI and Department of the Treasury have each been involved in designing and delivering Friday’s dual action of indictments and sanctions.
“I would call it a change in strategy in that we’re enforcing norms,” the senior official said.
U.S. Attorney Geoffrey Berman of the Southern District of New York, whose division helped work the case, explained that the Iranian hackers “targeted innovations and intellectual property from our country’s greatest minds.”
“These defendants are now fugitives from American justice, no longer free to travel outside Iran without risk of arrest. The only way they will see the outside world is through their computer screens, but stripped of their greatest asset – anonymity,” Berman said in a statement.
Hours after the original announcement by the Justice Department, the British government followed suit in blaming Iran.
NCSC assesses with high confidence that the Mabna Institute were almost certainly responsible for cyber attacks targeting universities around the world, including in the UK https://t.co/I9qvz6GLeg
— NCSC UK (@NCSC) March 23, 2018
You can read the full indictment below.