9 Iranians indicted for hacking computers of law firm, universities, government agencies

Criminal Justice

- 9 Iranians indicted for hacking computers of law firm, universities, government agencies

Deputy Attorney General Rod Rosenstein. Screenshot from Friday press conference.

Indictments announced Friday allege nine Iranians working on behalf of the Iranian government hacked university computers to access scientific research, while also targeting one law firm, private companies and government agencies.

Entities hacked included the U.S. Department of Labor, the Federal Energy Regulatory Commission, the United Nations, the United Nations Children’s Fund and the states of Hawaii and Indiana, prosecutors said.

The indictments were announced by Deputy Attorney General Rod Rosenstein, U.S. Attorney Geoffrey Berman of the Southern District of New York and other officials. The hacked law firm was not named. Rosenstein’s remarks are here and a press release is here.

The hackers were working for the Mabna Institute, a group founded to help Iranian universities access scientific research, Rosenstein said. The group gave the information to the Islamic Revolutionary Guard Corps, one of several Iranian entities that gather intelligence, which used the information or sold it, according to Rosenstein.

The defendants face several charges, including wire fraud, computer fraud, conspiracy and identity theft.

The hackers are accused of obtaining information from about 320 universities in 22 countries, including 144 American universities. The defendants stole research that cost the universities about $3.4 billion to procure and maintain, Rosenstein said.

The hackers accessed university information by getting college professors to click on links in phishing emails that appeared to be sent by a professor from another university. When professors clicked on the links, they were taken to a login page of an internet domain that resembled the that of the professor’s university. Believing they had been logged out of their university computer system, the professors would enter login information. The hackers used the login information to access university research.

READ  All The Things Happened Today — See Also

The law firm was among 36 U.S. companies that were hacked. The other victims were three academic publishers, two media and entertainment companies, 11 technology companies, five consulting firms, four marketing firms, two banking and/or investment firms, two online car sales companies, one healthcare company, one employee benefits company, one industrial machinery company, one biotechnology company, one food and beverage company, and one stock images company. Hackers also targeted 11 companies in other countries.

Hackers used a “password spraying” technique to access the private entities. It worked this way: Hackers would collect names and email accounts associated with the targeted company, then it would try commonly used passwords to access the accounts. After hacking into an email, the hackers “exfiltrated entire email mailboxes from the victims,” the press release says. In many cases, the hackers set up automatic forwarding rules for compromised email accounts that allowed the hackers to receive all incoming and outgoing email messages from the accounts.

Password spraying was also used to access the government and nongovernmental organizations.

All the defendants are citizens and residents of Iran.

Be Sociable, Share!

Follow Us!

Author: Edward Lott

Edward Lott, Ph.D., M.B.A. is president and managing partner of Allentown-based ForLawFirmsOnly Marketing, Inc., a local search and digital marketing agency that offers clients lead generation, local seo and Google Maps Domination. Ed has been a digital entrepreneur since 1994, having discovered very early the opportunities the Internet offered. After having spent over two decades helping attorneys grow their practice, Ed joined the staff of ForLawFirmsOnly Marketing as President and Managing Partner, where he is expanding the agency’s cutting-edge services to the legal market. A true marketing futurist, Ed's vast experience working directly with attorneys has given him a unique perspective on law firm marketing not found in many other digital marketing agencies. Ed has reshaped the offerings of ForLawFirmsOnly to focus on growing law firms through a holistic approach to digital marketing evident in the reformulated lead generation processes now in place. Want to learn more about ForLawFirmsOnly Marketing, their lead generation programs, or just talk to Ed about his visions for helping law firms grow? Call him at 855-943-8736.

Scroll Up