DoJ indicts Iranian hackers for stealing data from 144 US universities

In all, 320 universities around the world were attacked and the 31.5 terabytes of stolen data was sold for profit in Iran.
Written by Natalie Gagliordi, Contributor

Deputy US Attorney General Rod Rosenstein on Friday announced a series of indictments and financial sanctions against Iranian individuals and one designated Iranian entity for cyber activity against the United States.

Officials with the US Department of Justice and the US Department of the Treasury's Office of Foreign Assets Control said they've determined that nine Iranians, in cooperation with the Islamic Revolutionary Guard Corps, the Iranian hacker network the Mabna Institute and the Iranian government, hacked computer systems of 144 US universities.

In all, 320 universities around the world were attacked along with several US government entities, including the Department of Labor, United Nations, and the Federal Energy Regulatory Commission.

The 31.5 terabytes of stolen data, which included academic data and intellectual property, was sold for profit in Iran in what the DoJ characterized as "one of the largest state-sponsored hacking campaigns ever prosecuted by the Department of Justice."

Read more: A massive cyberattack is hitting organizations around the world | 'Russian military behind NotPetya attacks': UK officially names and shames Kremlin | Petya ransomware: Cyberattack costs could hit $300m for shipping giant Maersk | Everything you need to know: Ransomware: An executive guide to one of the biggest menaces on the web

"The events described in this indictment highlight the need for universities and other organizations to emphasize cyber security, increase threat awareness, and harden their computer networks," Rosenstein said. "The second important point is that our work on this case is critically important because it will disrupt the criminal operations of the Mabna Institute and deter similar crimes by others."

Read more: Google: Russian groups did use our ads and YouTube to influence 2016 elections| How a digital Cold War with Russia threatens the IT industry | Four things we learned when Facebook, Google, Twitter testified in Russia inquiry | Twitter says 50,000 Russia-linked accounts tweeted during 2016 US presidential election

Officials have not yet disclosed the names of the universities that were attacked. Officials said the hackers gained access to university databases and library systems by using stolen login credentials belonging to university professors.

The FBI is working with partners in the private sector to share information regarding the vulnerabilities targeted and the intrusion vectors used by the Mabna Institute.

The indictments include computer fraud, wire fraud, conspiracy and identity theft. As for the financial sanctions, the Treasury Department says it has blocked transactions of any and all property belonging to those charged, subject to US jurisdiction.

Officials believe the alleged hackers are still in Iran and out of reach of US law enforcement.

The UK's National Cyber Security Centre issued a statement welcoming the US indictments and warned that the "UK and its allies will respond collectively to criminal cyber activity that undermines economic prosperity."

Editorial standards