Nine Iranians are charged with stealing $3.4bn of data from hundreds of US universities, governments and private companies as part of global cyber attack

  • Nine men were charged along with the Mabna Institute which they worked for 
  • Starting in 2013, they stole 31 terabytes of data from the US and abroad
  • 144 universities were targeted along with the Department of Labor and Hawaii and Indiana's state government in America
  • They also targeted the UN and the UN's Children's Fund in the United States 
  • 176 foreign universities and 11 foreign private companies were also victimized 
  • The total value they stole from US universities alone was $3.4billion
  • Some was sold to universities across Iran and other private companies  
  • Prosecutors say the hack was ordered by the Iranian Revolutionary Guard Corps 
  • It is the latest indicator of worsening relations between the US and Iran 
  • Trump has previously labeled the country a 'champion' and 'sponsor' of terror 

The US Department of Justice has charged nine Iranians with hacking hundreds of American university, government and corporate email accounts and computer systems as part of a cyber attack they say was ordered by the Iranian government.

The nine men all worked for a company called the MaBna Institute which, according to prosecutors, launched a 'coordinated campaign of cyber intrusions' which began in 2013 and harvested 31 terabytes of data. 

Together they got into systems which belong to 144 U.S. universities, 176 foreign universities, 47 domestic and foreign private sector companies, the U.S. Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the United Nations, and the United Nations Children’s Fund.

Australia, Canada, China, Denmark, Finland, Germany, Ireland, Israel, Italy, Japan, Malaysia, Netherlands, Norway, Poland, Singapore, South Korea, Spain, Sweden, Switzerland, Turkey and the United Kingdom were also targeted. 

Among the companies which were targeted were entertainment and news corporations, technology companies and banking firms. 

None are named in the indictment but all have been notified by the FBI.  

According to the Justice Department, the value of the information they stole from US universities alone was $3.4billion. 

Officials say the hack was ordered by the Iranian Revolutionary Guard Corps, a branch of the country's military. The information was also sold privately throughout Iran to state universities. 

Scroll down for full indictment 

These are the nine Iranians who have been charged with hacking into US and foreign government systems to steal 31 terabytes of information valued at at least $3.4billion from 2013, allegedly at the behest of the Iranian government 

These are the nine Iranians who have been charged with hacking into US and foreign government systems to steal 31 terabytes of information valued at at least $3.4billion from 2013, allegedly at the behest of the Iranian government 

US Deputy Attorney General Rod Rosenstein announced the charges at a press conference in Washington DC on Friday 

US Deputy Attorney General Rod Rosenstein announced the charges at a press conference in Washington DC on Friday 

In response to the indictment, the Treasury has imposed a list of sanctions against the men and the company. 

The men were all named at a press conference held by US Deputy Attorney General Rod J. Rosenstein on Friday. 

U.S. Attorney Geoffrey S. Berman for the Southern District of New York described the effort as 'one of the largest state-sponsored hacking sprees in history' in a statement on Friday. 

WHO WAS TARGETED? 

U.S. VICTIMS

144 universities

US Department of Labor

Federal Energy Regulatory Commission

State of Hawaii

State of Indiana

State of Indiana Department of Education

United Nations

United Nations Children's Fund

Three academic publishers

Two media and entertainment companies 

One law firm 

11 tech firms

Five consulting firms

Two banking and investment firms

Two online car sales companies

One healthcare company

One employee benefit company

One industrial machinery company

One biotech company 

One stock images company 

FOREIGN VICTIMS

176 universities and 11 private companies were targeted abroad. Those victims are spread across:

Australia

Canada

China

Denmark

Finland

Germany

Ireland

Israel

Italy

Japan

Malaysia

Netherlands

Norway

Poland

Singapore

South Korea

Spain

Sweden

Switzerland

Turkey 

United Kingdom  

Advertisement

The individuals charged are Gholamreza Rafatnejad, 38; Ehsan Mohammadi, 37; Abdollah Karima, aka Vahid Karima, 39; Mostafa Sadeghi, 28; Seyed Ali Mirkarimi, 34; Mohammed Reza Sabahi, 26; Roozbeh Sabahi, 24; Abuzar Gohari Moqadam, 37; and Sajjad Tahmasebi, 30. 

'These nine Iranian nationals allegedly stole more than 31 terabytes of documents and data from more than 140 American universities, 30 American companies, five American government agencies, and also more than 176 universities in 21 foreign countries,' Rosenstein said. 

'For many of these intrusions, the defendants acted at the behest of the Iranian government and, specifically, the Iranian Revolutionary Guard Corps.

'The Department of Justice will aggressively investigate and prosecute hostile actors who attempt to profit from America’s ideas by infiltrating our computer systems and stealing intellectual property. 

'This case is important because it will disrupt the defendants’ hacking operations and deter similar crimes,' he added. 

They men were all hit with sanctions as was the Mabna Institute which operates out of the Iranian city of Shiraz. 

The company acted at the behest of the Iranian Revolutionary Guard Corps, a branch of the country's armed forces. 

The company was founded in 2013 with the intention of 'stealing access to non-Iranian scientific resources. access to non-Iranian scientific resources,' according to the Department of Justice.

Some of the men accused were 'hackers-for-hire' who were brought on specifically to target America's 'greatest minds', they said. 

Among their techniques was to pose as professors from other universities to send spear phishing emails to other professionals.

The hackers sent links to other articles they said they would find interesting, and if the victim clicked on it, they would be sent to a fake internet page made to look like the homepage of the university they worked for.

It made the victim think they had been logged out of their account and prompted them to reenter their details. Once they re-entered the credentials, the hackers obtained them. 

100,000 professors around the world were targeted and around half worked at US universities. 

Around 8,000, including 3,700 in the US, fell for the scam and had their data compromised. 

Not only was the information given to the military, but prosecutors say it was privately sold throughout Iran. 

According to the indictment, the hack was ordered by the Iranian Revolutionary Guard Corps, a branch of the Iranian military whose soldiers are pictured above 

According to the indictment, the hack was ordered by the Iranian Revolutionary Guard Corps, a branch of the Iranian military whose soldiers are pictured above 

All nine of the men are now considered fugitives, Rosenstein said at a press conference on Friday

All nine of the men are now considered fugitives, Rosenstein said at a press conference on Friday

The indictment is the latest show of poor relations between Trump and Iran.
Iranian president Hassan Rouhani

The indictment is the latest show of poor relations between Trump and Iran. Iranian president Hassan Rouhani is pictured right 

Thirty-six private companies around the world were also targeted. 

They are based in the US, Germany, Sweden, Switzerland, Italy and the UK. 

HOW THEY DID IT

The Iranian hackers employed two techniques to steal the information; spear phishing emails and password spraying

Spear phishing 

To target the univerisites, hackers posed as other professors from different institutions and emailed links which appeared to be for academic articles to their victims. 

Once the victims clicked on the link, they were taken to a fake page which appeared to be the homepage of their own university. It asked them for their log-in details and suggested they had been logged out of their account. 

If the professors re-entered their credentials, the hackers were able to see them and kept a record. 

Of the 100,000 professors targeted around the world, 3,700 in the US and another 4,000 abroad fell for it. 

Password spraying

To gain access to the email accounts of people in private corporations, government agencies and NGOs, the hackers simply guessed their passwords based on commonly-used words. 

Once they were in, they were able to extract entire mailboxes and set up automatic forwarding systems so that they would see any future outgoing or incoming emails.  

Advertisement

Those companies include; Three academic publishers, two media and entertainment companies, one law firm, 11 technology firms, five consulting firms, four marketing firms, two banking and investment firms, two online car sales companies, one healthcare company, one employee benefit company, one industrial machinery company, one biotechnology company and one stock images company.

Those companies were targeted using a technique known as 'password spraying' when hackers guessed their passwords to gain access to accounts.  

They pillaged their email accounts, sometimes emptying entire mailboxes and setting up a forwarding system so the hackers would see any outgoing and incoming mail after the initial breach.   

The charges are the latest indicator of Trump's crusade against Iran which he previously described as one of 'the world’s leading state sponsor of terror.' 

The action is the fourth time in the past few months that the administration of U.S. President Donald Trump has blamed a foreign government for major cyber attacks, a practice that was relatively rare under the Obama administration. 

Last week, the administration accused the Russian government of cyber attacks stretching back at least two years that targeted the U.S. power grid. Washington imposed new sanctions on 19 Russians and five groups, including Moscow´s intelligence services, for meddling in the 2016 U.S. presidential election and other cyber attacks.

The Obama administration in 2016 indicted seven Iranians for distributed-denial-of-service attacks on dozens of U.S. banks and for trying to shut down a New York dam. 

Those hackers were also accused of working on behalf of Iran's government.

The comments below have been moderated in advance.

The views expressed in the contents above are those of our users and do not necessarily reflect the views of MailOnline.

We are no longer accepting comments on this article.