Nine Iranians charged in $3.4 billion cyber theft campaign targeting universities, Justice says

Kevin Johnson | USA TODAY

Show Caption Hide Caption DOJ charges 9 Iranians in massive hacking scheme The Justice Department has charged 9 Iranians in government-sponsored hacking that pilfered sensitive information from hundreds of American universities, private companies and government agencies.

WASHINGTON — Nine Iranians have been charged as part of massive state-sponsored cyber theft campaign that targeted hundreds of universities, companies and government entities in the U.S. and abroad, federal authorities announced Friday.

The suspects, all affiliates of an Iranian-based company known as the Mabna Institute, allegedly breached the computer systems of the U.S. Department Labor, the Federal Energy Regulatory Commission, the United Nations and the states of Hawaii and Indiana, federal officials said.

Deputy Attorney General Rod Rosenstein said Friday that the suspects allegedly stole more than 31 terabytes of data--about 15 billion pages--from 140 American universities, 30 U.S. companies and five government agencies, while targeting 176 universities abroad.

The stolen information, including academic research in technology, medicine and other sciences, is valued at $3.4 billion, authorities said.

At least 100,000 email accounts held by university professors and researchers were targeted, and about 8,000 of the accounts were compromised.

"For many of these intrusions, the defendants acted at the behest of the Iranian government and, specifically, the Iranian Revolutionary Guard Corps," Rosenstein said.

While the nine suspects remain in Iranian, beyond the immediate reach of U.S. authorities, Rosenstein said their public identification "helps deter state-sponsored computer intrusions by stripping them of anonymity and imposing consequences."



"Revealing the Mabna Institute's nefarious activities makes it harder for them to do business," he said.

Manhattan U.S. Attorney Geoffrey Berman characterized the coordinated cyber attacks as "one of the largest state-sponsored hacking campaigns ever prosecuted."

"The hackers targeted innovations and intellectual property from our country's greatest minds," Berman said. "These defendants are now fugitives from American justice, no longer free to travel outside Iran without risk of arrest."

Prosecutors assert that the Mabna Institute, founded in 2013, served as a contractor for the Iranian government with the specific mission to steal valuable research and other proprietary information, some of which was sold inside Iran.

The institute employed cyber mercenaries--hackers-for-hire--and others to conduct the intrusions, officials said.

During the course of four years, academic data and intellectual property was lifted from university systems across the globe.

The suspects are alleged to have used stolen credentials to gain access professors' accounts to steal academic journals, theses, dissertations and electronic books.

"The defendants targeted data across all fields of research and academic disciplines, including science and technology, engineering, social sciences, medical and other professional fields," prosecutors alleged, adding that the data was later moved to servers controlled by the suspects.

The government action, which also included Treasury Department sanctions against the Iranian institute and the nine suspects, comes at delicate diplomatic juncture between the U.S. and Iran, as the Trump administration has indicated its intention to abandon the far-reaching nuclear agreement with Iran negotiated by the Obama administration.

President Trump's Thursday selection of John Bolton, a strong opponent of the nuclear agreement, signaled a more aggressive posture against Iran.

The nine suspects, whose ages ranged from 24 to 39, were charged with conspiracy, unauthorized computer intrusion, wire fraud and identity theft.