J. David Ake/AP U.S. busts 'massive' Iranian hacking scheme

The Justice Department on Friday revealed charges against an Iranian hacking ring that prosecutors say spent years pilfering research and documents from over 100 American universities and government agencies.

Geoffrey Berman, the U.S. attorney for the Southern District of New York, in a statement called it a "massive and brazen cyber-assault" and "one of the largest state-sponsored hacking campaigns ever prosecuted” by U.S. officials.


The case is the second time federal prosecutors have charged hackers for intrusions on behalf of the Iranian government, coming almost exactly two years after DOJ indicted seven Iranians for a series of coordinated cyberattacks against the U.S. financial sector and for infiltrating a New York dam in 2013.

But Friday's charges represent the takedown of a broader — and more purposeful — digital theft campaign. It's also the first time DOJ has indicted government-linked hackers for infiltrating American government offices.

“The government of Iran systematically and methodically hacked into our country’s computer networks with the intent to steal as much information as possible," Berman told reporters at a Friday press conference.

DOJ specifically targeted the Iran-based Mabna Institute, which it says was founded in 2013 "to assist Iranian universities and scientific and research organizations in stealing access to non-Iranian scientific resources."

Over the course of four years, prosecutors say, hackers working for the Mabna Institute stole at least 31 terabytes of data from 144 American universities, totaling $3.4 billion in intellectual property. The group also cracked into 176 foreign universities, DOJ said.

According to court documents, the hackers compromised these systems by sending emails to professors, posing as other professors, that tricked targets into giving up their login credentials.

POLITICO Playbook newsletter Sign up today to receive the #1-rated newsletter in politics Email Sign Up By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Additionally, the indictment says the Iranian hackers hit 36 American companies, ranging from two media and entertainment organizations, to five consulting firms, to one healthcare company, a food and beverage company and an online car sales firm.

Beyond universities and private companies, prosecutors accused the Iranians of cracking into five U.S. government agencies, including the state governments in Hawaii and Indiana, as well as the Federal Energy Regulatory Commission, which oversees the energy industry, and the Department of Labor.

Previously, U.S. officials have shied away from attributing government hacks to a foreign nation, let alone bringing charges for the intrusion, fearing that it might spark adversaries to retaliate by exposing America's own digital snooping.

In total, prosecutors indicted nine Iranians for participating in the scheme, which continued until at least December 2017, according to a release.

Over those years, the indicted Mabna hackers breached the email accounts of roughly 8,000 professors around the world, including nearly 4,000 in the U.S., officials said. They also infiltrated the United Nations and the United Nations Children's Fund, according to court documents.

The hackers conducted “many” of the intrusions “on behalf of” Iran’s Islamic Revolutionary Guard Corps, “as well as other Iranian government and university clients,” according to DOJ.

"The hackers targeted innovations and intellectual property from our country’s greatest minds," Berman said.

The Treasury Department also slapped sanctions on the Mabna Institute and the nine charged individuals.

At Friday's press conference, Sigal Mandelker, Treasury's undersecretary for terrorism and financial intelligence, called the efforts an "extraordinary example of the Iranian regime’s willingness to use cyber-enabled and other illicit means to enrich itself."

While none of the charged hackers have been detained, Berman said the indictments would restrict their lives.

"The only way they will see the outside world is through their computer screens, but stripped of their greatest asset — anonymity," he said in a statement.

And FBI Deputy Director David Bowdich vowed that they would continue to hunt down the alleged hackers.

"People travel. They take vacations," he told reporters. "They make plans with their families. And having your name, face and description on a wanted poster makes moving freely much more difficult.”

Friday's move is the latest in a growing trend for U.S. prosecutors — indicting hackers linked to foreign governments.

For years, the government was hesitant to take such a step. Definitively attributing cyberattacks was difficult, and there was little — if any — chance the indicted hackers would ever see the inside of a courtroom. And some officials also pointed to the fear of having America's online espionage efforts revealed.

But investigators became better at concretely identifying digital culprits. And more policy experts started touting the "name and shame" theory — the idea that shedding light on other governments‘ digital malfeasance could encourage international condemnation and deter such behavior.

The Obama administration slapped the first charges on foreign government hackers in 2013, when it indicted five members of the Chinese military for infiltrating American corporations.

DOJ prosecutors then put Iran in their crosshairs in 2016 with the indictments of seven Tehran-linked individuals for launching a spate of digital assaults on the financial sector that knocked online banking sites offline for hundreds of thousands of people. One of the hackers was also charged with illegally accessing the control system of a dam in New York.

And just last year, DOJ indicted two Russian spies for hacking into tech giant Yahoo and stealing data on 500 million users. The landmark case represented the first time the U.S. had ever filed criminal cyber charges against Moscow officials.

"This type of public identification helps to deter state-sponsored computer intrusions by stripping hackers of their anonymity and by imposing real consequences," said Deputy Attorney General Rod Rosenstein at Friday's press conference.

The Obama and Trump administrations have also publicly accused North Korea and Russia for various other cyberattacks since 2014, often imposing economic sanctions afterward.

“We’re going to continue to pursue this strategy," Rosenstein added. "I think that it will have an impact."



CLARIFICATION: The case is the second time the Justice Department has indicted hackers who conducted intrusions of behalf of the Iranian government. DOJ has indicted other hackers with past links to the Iranian government.