US targets 10 Iranians over university cyberattacks, HBO hack
The Department of Justice announces charges against alleged hackers, as well as sanctions, over attempts to hack hundreds of universities.
The nine hackers allegedly responsible for hacking hundreds of universities around the world.
The Department of Justice on Friday announced charges against nine Iranians in connection with attempts to hit hundreds of US and international universities.
The group, identified as the Mabna Institute, allegedly attacked 320 universities in 22 countries, 144 of which were in the US. The hackers stole research from the universities and sold it for profit in Iran, Deputy Attorney General Rod Rosenstein said during a press conference.
"Academic institutions are prime targets for foreign cybercriminals. Universities can thrive as marketplaces of ideas and engines of research and development only if their work is protected from theft," Rosenstein said.
Also on Friday, the Treasury Department announced sanctions against the alleged Iranian hackers, adding in a 10th name: Behzad Mesri, the Iranian charged in connection with cyberattacks against HBO and with leaking "Game of Thrones" episodes last summer.
The indictments on Friday come as the Justice Department continues to clamp down on cyberattacks against the US. Prosecutors have also indicted Russian hackers and massive cybercrime rings in recent months. This is the second time the Justice Department has taken action against Iranian hackers, after prosecutors announced in 2016 that it was charging seven people for attempted cyberattacks against banks and a dam in New York.
The Mabna Institute hackers also targeted the US Federal Energy Commission, the Department of Labor and the United Nations, according to the Justice Department. The agency said many of these attacks, which also hit 47 private companies, were done on behalf of the Iranian government.
Altogether, the universities paid $3.4 billion for the research that the hackers allegedly stole and sold, Rosenstein said. The group is accused of stealing more than 31 terabytes of data from the universities, which they infiltrated by tricking professors with phishing links, officials said.
The nine people charged hacked more than 8,000 academic accounts in their campaign, prosecutors said. The campaign targeted more than 100,000 professors' inboxes.
"We have worked tirelessly to identify you. You cannot hide behind a keyboard halfway around the world and expect not to be held to account," said Geoffrey Berman, US attorney for the Southern District of New York. He called the case "one of the largest state-sponsored hacking campaigns ever prosecuted by the Department of Justice."
The nine hackers are now on the FBI's most wanted list, alongside Mesri, who'd been posted on the list since last November. The sanctions from the Treasury Department come a week after the agency announced sanctions against Russia tied to cyberattacks.
First published March 23 at 7:21 a.m. PT.
Update, 7:52 a.m. PT: Added details from the Justice Department's indictment. Update, 9:14 a.m. PT: Added details on previous indictments.
Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.
Blockchain Decoded: CNET looks at the tech powering bitcoin -- and soon, too, a myriad of services that will change your life.