Feds: Iranian hacker attacked VT firm

A university student from Iran hacked into the computer system of a Vermont aerodynamics company to steal millions of dollars worth of software, according to federal authorities.

Nima Golestaneh, who will celebrate his 30th birthday Thursday behind bars, has pleaded not guilty to a six-count indictment. The case is being prosecuted at federal court in Burlington by the National Security Division of the U.S. Department of Justice in Washington, D.C., and by the local U.S. Attorney’s Office.

The name of the hacked Vermont company is absent from public records in the case. But some filings in the case are being kept secret.

Turkey deported Golestaneh to the United States in February to face the federal indictment, which alleges four felony counts of wire fraud and single counts of computer fraud and of conspiracy to defraud a Vermont company.

The indictment accuses Golestaneh of remotely accessing company computers in Vermont without authorization in order to steal a complete copy of the firm’s propriety software between April 2012 and May 2013.

Defense lawyers failed to respond to messages seeking comment Wednesday.

The company sells its units at a cost of $40,000 to $800,000 each, according to the Daily Sabah, a newspaper in Turkey that reported Golestaneh’s removal in February.

The indictment states Golestaneh worked with others — known and unknown to the federal grand jury — to target the Vermont company and others through false pretenses.

A search of federal court records in Vermont shows no other defendant charged, but dozens of cases have been ordered under seal by judges.

At least one court document in the public file remains under seal, and 14 more numbered items are unlisted in the file.

Vermont’s new U.S. attorney, Eric Miller, told the Burlington Free Press there is little he can say about the case he inherited when taking office four weeks ago.

“Although we are unable to provide more detail regarding this pending case, our office has built significant cyber expertise, and we will continue to use that expertise to protect Vermont businesses from computer crimes and to hold accountable those who commit them,” Miller said.

When Assistant U.S. Attorney Eugenia A.P. Cowles requested in December an arrest warrant for Golestaneh and the sealing of all records, she noted “these documents discuss an ongoing criminal investigation that is neither public nor known to all the targets of the investigation.”

She added: “Information contained in criminal indictments, affidavits and arrest warrants may be easily circulated among on-line criminals.”

U.S. Magistrate Judge John M. Conroy agreed to seal the paperwork Dec. 4 until the arrest.

The FBI asked Interpol, the international police organization based in Lyon, France, to label Golestaneh with a “red notice,” which seeks the location and arrest of wanted persons with a view to extradition or similar action. It was unclear when he was taken into custody.

During Golestaneh’s February arraignment in Burlington, Conroy ordered him detained pending trial. Conroy ruled there were no conditions that could reasonably ensure Golestaneh’s appearance at court hearings.

Cowles had noted in court papers that Golestaneh was a foreign national who was extradited to Vermont and has no known local ties here.

“He has no known local contacts who could provide supervision for him in the event of release, and he faces significant federal charges in this court, providing incentive to flee,” she wrote.

Golestaneh’s defense team had been expected to file pretrial motions by July 13, but lawyers asked for an extra 30 days due to the complex nature of the charges.

Golestaneh is being held at the Essex County Jail in Lewis, N.Y., and that takes extra time in visiting with him, his lawyers Steven L. Barth and Elizabeth K. Quinn of the Federal Public Defender’s Office wrote in court papers.

Barth and Quinn said the 30-day continuance was needed in part “to finalize a potential resolution to the case.”

The lawyers did not elaborate. Neither responded to phone messages at their office Wednesday.

Barth and Quinn had obtained a 60-day continuance from Senior U.S. District Judge William K. Sessions III on May 18.

Facing charges

The indictment notes the unnamed Vermont company’s “primary product is propriety software that assists users in, among other things, aerodynamics analysis and design.”

In order for customers to obtain the software, they must download a locked version and receive a special hardware key or “dongle” with a code to allow access, the indictment indicates.

Part of the scheme was for Golestaneh to gain access to at least two servers, according to court documents. Golestaneh also allowed others to gain access to the servers in an effort to make the intrusions more difficult to trace, the indictment stated.

Golestaneh and friends used various names and emails to mask their identities, the charges maintain.

The Daily Sabah, the newspaper in Turkey, citing the U.S. cybersecurity firm Cylance, reported that Iranian hackers are believed to be behind many major infiltrations of aerospace firms, airports and airlines around the world during the past two years.

This story was first posted online July 29, 2015. Contact Mike Donoghue at 660-1845 or mdonoghue@freepressmedia.com Follow Mike on Twitter at www.twitter.com/FreepsMikeD.