Britain Backs US Hacking Allegations Against IraniansUK's National Cyber Security Center Also Ties Hacks to Group
The British government says it concurs with charges contained in an indictment announced Friday by the U.S. Department of Justice against multiple Iranians.
See Also: The Global State of Online Digital Trust
The indictment, unsealed Friday, charges nine Iranian nationals with stealing more than 31 terabytes of data from 320 universities in 22 countries - including 144 U.S. institutions - as well as multiple businesses and government agencies. The individuals face computer intrusion, wire fraud and identity theft charges (see 9 Iranians Indicted for Massive Hacking Scheme).
Two of the defendants allegedly founded an Iranian organization called the Mabna Institute for the purpose of "acquiring" scientific research from other countries and funneling it to the branch of Iran's armed forces called the Islamic Revolutionary Guard Corp., prosecutors allege. The IRGC allegedly made use of the information and also profited by selling it to others inside Iran.
"What is alleged in the indictment is that the Mabna Institute was working essentially as a contractor for the Iranian government," Deputy Attorney General Rod Rosenstein said in a Friday press conference in Washington. "The allegation in the indictment is that the evidence will demonstrate that the Mabna Institute was working on behalf of the IRGC and that the IRGC benefited from the information that was stolen in the cyber hacking."
The U.K.'s National Cyber Security Center, part of intelligence agency GCHQ, says it assesses with "high confidence" that Iran's Mabna Institute ran a hacking campaign that targeted U.K., U.S. and other Western nations' universities and businesses "primarily for the purposes of intellectual property theft."
NCSC assesses with high confidence that the Mabna Institute were almost certainly responsible for cyber attacks targeting universities around the world, including in the UK https://t.co/I9qvz6GLeg— NCSC UK (@ncsc) March 23, 2018
"The U.K. government judges that the Mabna Institute based in Iran was responsible for a hacking campaign targeting universities around the world. By stealing intellectual property from universities, these hackers attempted to make money and gain technological advantage at our expense," says Tariq Ahmad, Britain's Foreign Office minister for cybersecurity.
"We welcome the U.S. indictments. It demonstrates our willingness and ability to respond collectively to cyberattacks using all levers at our disposal," he adds. "The focus on universities is a timely reminder that all organizations are potential targets and need to constantly strive for the best possible cybersecurity."
Targeted: More Than 100,000 Professors
The Justice Department says the alleged hackers targeted more than 100,000 professors worldwide and succeeded in compromising an estimated 7,998 accounts - an 8 percent success rate. Universities known to be hacked outside the U.S. are in Australia, Canada, China, Denmark, Finland, Germany, Ireland, Israel, Italy, Japan, Malaysia, Netherlands, Norway, Poland, Singapore, South Korea, Spain, Sweden, Switzerland, Turkey and the United Kingdom, prosecutors say.
Officials said the FBI initially launched an investigation into the alleged hacking, working with victims, some of whom were first notified that they had been breached by the bureau.
The U.S. previously indicted Behzad Mesri, another Mabna Institute employee, in November 2017 for hacking and leaking material stolen from the U.S. premium cable and satellite television network HBO. The defendant allegedly also attempted to ransom stolen materials back to HBO for $6 million in bitcoin (see Feds Indict Iranian Over 'Game of Thrones' Hacks).
Defendants Hit With Sanctions
The U.S. Treasury Department on Friday announced sanctions against 10 Iranian individuals - including the alleged HBO hacker, Behzad Mesri - as well as the Mabna Institute.
"Iran is engaged in an ongoing campaign of malicious cyber activity against the United States and our allies. The IRGC outsourced cyber intrusions to The Mabna Institute, a hacker network that infiltrated hundreds of universities to steal sensitive data," said Treasury Under Secretary Sigal Mandelker.
"We will not tolerate the theft of U.S. intellectual property, or intrusions into our research institutions and universities," Mandelker said. "Treasury will continue to systematically use our sanctions authorities to shine a light on the Iranian regime's malicious cyber practices, and hold it accountable for criminal cyberattacks."
Rob Joyce, special assistant to the president and cybersecurity coordinator for the National Security Council, accused Iran of "behaving irresponsibly" online and said the charges are meant to hold offenders to account.
Iran is a nation behaving irresponsibly in cyberspace. Their malicious activities can't be tolerated and we call on all responsible nations affected by these unacceptable cyber thefts to follow suit and impose costs. https://t.co/Qr994X1fgN— Rob Joyce (@RobJoyce45) March 23, 2018
"Nation-states should not steal intellectual property for the purpose of giving domestic industries a competitive advantage," Deputy Attorney General Rosenstein said at the Friday press conference. "As a result of the indictment, these defendants are now fugitives from justice. There are more than 100 countries where they may face arrest and extradition to the United States. And thanks to the Treasury Department, the defendants will find it difficult to engage in business - or financial transactions - outside of Iran."
U.S. lawmakers have also condemned the alleged Iranian hacking campaign.
"This sends a strong message that the U.S. will respond when attacked," says Rep. Mike McCaul, R-Texas, chairman of the Committee on Homeland Security and co-chair of the Congressional Cyber Security Caucus.
"It is vitally important that we back the emerging consensus regarding norms of state behavior with action, which is exactly what the [U.S.] government has done," says Rep. Jim Langevin, D-R.I., who co-chairs the Congressional Cybersecurity Caucus and is a senior member of the House Committees on Armed Services and Homeland Security.
"The world of these hackers has just gotten much smaller thanks to the justice that awaits them in an American courtroom," he adds.
But it's unclear how likely that turn of events might be, especially if the individuals named in the indictment steer clear of visiting or traveling via countries that have an extradition treaty with the United States (see Accused Russian Botnet Mastermind Extradited to US).
"This case is important because it will disrupt the defendants' hacking operations and deter similar crimes," Rosenstein said.
Many legal experts, however, suggest that the deterrence so often trumpeted by prosecutors is a myth, especially because the need to deter future attacks seems to be most often cited by prosecutors pursuing alleged crimes that their previous efforts so obviously failed to deter (see Is US Computer Crime Justice Draconian?).
Faced with the question of whether deterrence works at the Friday press conference, Rosenstein responded: "You don't see the attacks that have been deterred; you only see the ones that haven't been deterred."
The charges and sanctions could also have a personal cost for the defendants. "Mabna Institute employees can no longer travel freely, curtailing their career prospects outside of Iran," according to the British Foreign Office's Ahmad.
Feds Pursue Nation State Hacking
The Justice Department has recently been indicting numerous individuals and organizations for alleging waging state-backed hacking campaigns.
In February, an indictment unsealed by Special Counsel Robert Mueller accused 13 Russian nationals and three Russian companies for allegedly interfering with the U.S. political system, including the 2016 presidential election (see Anatomy of a Russian Information Warfare Campaign).
Last November, the Justice Department charged three Chinese men who work for Chinese cybersecurity firm Boyusec with hacking into the networks of Siemens, Moody's Analytics and Trimble and stealing valuable business secrets.