U.S. Charges Iranians In 'Massive' Hacking And Data Theft Case

U.S. Deputy Attorney General Rod Rosenstein (file photo)

U.S. authorities have charged nine Iranians* and an Iranian company in what they say was a hacking scheme that stole "massive amounts" of data from hundreds of universities, dozens of companies, the United Nations, and parts of the U.S. government on behalf of the Iranian government.

Deputy Attorney General Rod Rosenstein and other law enforcement officials announced the charges on March 23.

"For many of these intrusions, the defendants acted at the behest of the Iranian government and, specifically, the Islamic Revolutionary Guards Corps (IRGC)," Rosenstein said.

U.S. officials said the defendants were affiliated with the Mabna Institute, an Iranian company they said has conducted hacking on behalf of the Iranian government for several years.

U.S. prosecutors say the firm was designed to help Iranian research organizations steal information.

"These defendants are now fugitives of justice," Rosenstein said, warning that they could face extradition in more than 100 countries if they travel outside of Iran.

The U.S. Treasury department said on its website that it was imposing sanctions against the Mabna Institute, all nine Iranians charged in the case, and a suspect from Iran in another hacking case -- Behzad Mesri, who also is known as Skote Vahshat.

Mesri was charged in 2017 with hacking into computers of the cable TV network HBO, stealing episodes and plot summaries for unaired programs -- including Games of Thrones -- and threatening to release the information unless he was paid $6 million.

The U.S Justice Department said in a March 23 statement that the hackers in the Mabna Institute case had pilfered more than 31 terabytes of academic data and intellectual property from 144 U.S. universities and 176 universities in 21 other countries.

It said the campaign targeted the e-mail accounts of more than 100,000 professors around the world and managed to break into the accounts of about 8,000 of them.

Prosecutors said the hackers also targeted the U.S. Labor Department, the U.S. Federal Energy Regulatory Commission, and the United Nations.

The Justice Department described the case as one of the largest state-sponsored hacking sprees to be prosecuted.

Rosenstein told a news conference that the defendants hacked into government computers and other networks in an "attempt to steal as much as possible."

He said the indictment publicly identifies alleged hackers in an attempt to deter further intellectual-property theft.

The case is part of the U.S. government's strategy of "naming and shaming" -- or publicly identifying alleged foreign hackers and letting them and their governments know that U.S. authorities are onto them.

However, the defendants are unlikely to be prosecuted in the United States, which has no extradition with Iran and deeply tense relations with the government in Tehran.

The case marks the fourth time in recent months that U.S. President Donald Trump’s administration has blamed a foreign government for major cyberattacks.

With reporting by Reuters, AP, and AFP

*CORRECTION: This article has been amended to indicate that U.S. authorities have charged nine Iranians, not 10 as originally reported.