In one of the largest state-sponsored cyberattacks uncovered by the Justice Department, nine Iranian hackers spent four years penetrating the computer systems of hundreds of American and foreign universities and other institutions to steal valuable research and other proprietary data on behalf of Iran's government, prosecutors charged on Friday.
The hackers worked for a Tehran-based company called the Mabna Institute and carried out many of the computer intrusions, including a spearphishing campaign targeting professors, on behalf of Iran's Islamic Revolutionary Guard Corps (IRGC). Prosecutors described IRGC as one of several entities in Iran tasked with intelligence gathering.
The computer intruders also sold the pilfered data to Iranian universities and customers through two websites, one of which allowed paying subscribers to use stolen credentials of university professors to access online library systems of American and foreign universities, law enforcement officials said.
The campaign, which started in 2013 and continued at least through December 2017, compromised the computer systems of 320 universities in 22 countries, including 144 American universities, and resulted in the theft of massive quantities of research that cost the schools about $3.4 billion, the officials said.
Among other institutions targeted by the hackers were 47 U.S. and foreign private companies, the U.S. Department of Labor, the Federal Energy Regulatory Commission, the states of Hawaii and Indiana, the United Nations, and the United Nations Children's Fund, officials said.
The charges, contained in a federal grand jury indictment unsealed on Friday, were announced by senior law enforcement officials in Washington.
Geoffrey Berman, the U.S. attorney for the Southern District of New York, where at least two of the targeted universities are based, called the cyber conspiracy a "massive and brazen cyberassault" and "one of the largest state-sponsored hacking campaigns ever prosecuted" by U.S. officials.
"At the crux of this case is the fact that the government of Iran systematically and methodically hacked into our country's computer networks with the intent to steal as much information as possible," Berman said at a press conference in Washington.
The U.S. Treasury Department said it was imposing sanctions on the Mabna Institute and 10 Iranian nationals for the “malicious cyber-enabled activity.” The 10th hacker, Behzad Mesri, had been charged with stealing unreleased scripts of the HBO hit show Game of Thrones in a separate scheme. The department already has sanctioned the Revolutionary Guards for supporting terrorism.
"Iran is engaged in an ongoing campaign of malicious cyberactivity against the United States and our allies," said Sigal Mandelker, Undersecretary of Treasury for Terrorism and Financial Intelligence.
The indictment does not name the targeted universities but says two are based in New York. The foreign universities are located in Australia, Canada, China, Denmark, Finland, Germany, Ireland, Israel, Italy, Japan, Malaysia, the Netherlands, Norway, Poland, Singapore, South Korea, Spain, Sweden, Switzerland, Turkey and the United Kingdom.
"Academic institutions are prime targets for foreign cyber criminals," Deputy Attorney General Rod Rosenstein said at the press conference. "Universities can thrive as marketplaces of ideas and engines of research and development only if their work is protected from theft."
According to the 25-page indictment, the Mabna Institute was founded in 2013 by hackers Gholamreza Rafatnejad and Ehsan Mohammadi with the aim of helping Iranian universities and other research organizations in stealing access to non-Iranian scientific research. The company contracted with the Iranian government and private entities to conduct hacking on their behalf, the indictment alleges.
To pilfer the data, the hackers used stolen account credentials to target the email accounts of about 100,000 professors around the world, ultimately gaining access to the accounts of about 8,000 professors. Once they had gained control over their accounts, the hackers then stole research and other academic data and documents, including academic journals, theses, dissertations and electronic books.
In total, the hackers stole about 31.5 terabytes — 15 billion pages — of academic data and intellectual property in a range of professional fields — science, technology, engineering, social sciences, media and others, and transferred them to servers in Iran, officials said.
"The Department of Justice will aggressively investigate and prosecute hostile actors who attempt to profit from America's ideas by infiltrating our computer systems and stealing intellectual property," Rosenstein said. "This case is important because it will disrupt the defendants' hacking operations and deter similar crimes."
The alleged hackers, who remain at large, face multiple criminal charges, including conspiracy to commit computer intrusions, unauthorized access of a computer, and aggravated identity theft.
In 2016, the Justice Department charged seven Iranian hackers with carrying out a coordinated cyberattack on dozens of U.S. banks and trying to shut down a New York dam. The group was also accused of working on behalf of the Islamic Revolutionary Guard.