Wednesday, April 4, 2018

DOES DOJ INDICTMENT OF IRANIAN HACKERS IMPACT THE U.S./ IRAN NUKE DEAL?






 Nine Iranian Revolutionary Guard Corps operatives have been charged with conducting a massive cyber theft campaign, after penetrating systems belonging to hundreds of universities, companies, and other victims to steal research, academic and propriety data and Intellectual property.

That's according to the Department of Justice, which issued a statement today, saying:
“These nine Iranian nationals allegedly stole more than 31 terabytes of documents and data from more than 140 American universities, 30 American companies, five American government agencies, and also more than 176 universities in 21 foreign countries ... For many of these intrusions, the defendants acted at the behest of the Iranian government and, specifically, the Iranian Revolutionary Guard Corps..."  
The nine operatives were indicted, but are not in custody, according to U.S. Attorney for the Southern District of New York, Geoffrey S. Berman.
"...Today, in one of the largest state-sponsored hacking campaigns ever prosecuted by the Department of Justice, we have unmasked criminals who normally hide behind the ones and zeros of computer code ... As alleged, this massive and brazen cyber-assault on the computer systems of hundreds of universities in 22 countries and dozens of private sector companies and governmental organizations was conducted on behalf of Iran’s Islamic Revolutionary Guard.  The hackers targeted innovations and intellectual property from our country’s greatest minds.  These defendants are now fugitives from American justice, no longer free to travel outside Iran without risk of arrest.  The only way they will see the outside world is through their computer screens, but stripped of their greatest asset – anonymity.”   
Allegedly the hackers stole more than 31 terabytes of documents and data from more than 140 American universities, 30 American companies, five American government agencies, and also more than 176 universities in 21 foreign countries.  Deputy Attorney General Rod Rosenstein said that:
"... For many of these intrusions, the defendants acted at the behest of the Iranian government and, specifically, the Iranian Revolutionary Guard Corps ... This case is important because it will disrupt the defendants’ hacking operations and deter similar crimes ..."
According to the DOJ statement all of the individuals indicted were citizens and residents of Iran, and each were leaders, contractors, associates, hackers-for-hire or affiliates of the Mabna Institute, an Iran-based company that, since at least 2013, conducted a coordinated campaign of cyber intrusions into computer systems belonging to 144 U.S. universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies, the U.S. Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the United Nations, and the United Nations Children’s Fund.
"... The defendants conducted many of these intrusions on behalf of the Islamic Republic of Iran’s (Iran) Islamic Revolutionary Guard Corps (IRGC), one of several entities within the government of Iran responsible for gathering intelligence, as well as other Iranian government and university clients.  In addition to these criminal charges, today the Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated the Mabna Institute and the nine defendants for sanctions for the malicious cyber-enabled activity outlined in the Indictment..."
The DOJ explained that defendants Gholamreza Rafatnejad and Ehsan Mohammadi founded the Mabna Institute in approximately 2013 to assist Iranian universities and scientific and research organizations in stealing access to non-Iranian scientific resources.
"...In furtherance of its mission, the Mabna Institute employed, contracted, and affiliated itself with hackers-for-hire and other contract personnel to conduct cyber intrusions to steal academic data, intellectual property, email inboxes and other proprietary data, including Abdollah Karima, aka Vahid Karima, Mostafa Sadeghi, Seyed Ali Mirkarimi, Mohammed Reza Sabahi, Roozbeh Sabahi, Abuzar Gohari Moqadam, and Sajjad Tahmasebi.  The Mabna Institute contracted with both Iranian governmental and private entities to conduct hacking activities on their behalf, and specifically conducted the university spearphishing campaign on behalf of the IRGC ..."
It was, according to the indictment, an extensive operation:
"...The Mabna Institute, through the activities of the defendants, targeted more than 100,000 accounts of professors around the world.  They successfully compromised approximately 8,000 professor email accounts across 144 U.S.-based universities, and 176 universities located in foreign countries, including Australia, Canada, China, Denmark, Finland, Germany, Ireland, Israel, Italy, Japan, Malaysia, Netherlands, Norway, Poland, Singapore, South Korea, Spain, Sweden, Switzerland, Turkey and the United Kingdom.  The campaign started in approximately 2013, continued through at least December 2017, and broadly targeted all types of academic data and intellectual property from the systems of compromised universities.  Through the course of the conspiracy, U.S.-based universities spent more than approximately $3.4 billion to procure and access such data and intellectual property..."
This is HOW they did it:
"...The members of the conspiracy used stolen account credentials to obtain unauthorized access to victim professor accounts, which they used to steal research, and other academic data and documents, including, among other things, academic journals, theses, dissertations, and electronic books.  The defendants targeted data across all fields of research and academic disciplines, including science and technology, engineering, social sciences, medical, and other professional fields ... In addition to stealing academic data and login credentials for the benefit of the Government of Iran, the defendants also sold the stolen data through two websites, Megapaper.ir (Megapaper) and Gigapaper.ir (Gigapaper).  Megapaper was operated by Falinoos Company, a company controlled by Abdollah Karima, aka Vahid Karima, the defendant, and Gigapaper was affiliated with Karima.  Megapaper sold stolen academic resources to customers within Iran, including Iran-based public universities and institutions, and Gigapaper sold a service to customers within Iran whereby purchasing customers could use compromised university professor accounts to directly access the online library systems of particular U.S.-based and foreign universities..."
Those charged in the indictments face strict penalties, if convicted, which the DOJ described:
"...Rafatnejad, Mohammadi, Karima, Sadeghi, Mirkarimi, Sabahi, Sabahi, Moqadam and Tahmasebi was each is charged with one count of conspiracy to commit computer intrusions, which carries a maximum sentence of five years in prison; one count of conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison; two counts of unauthorized access of a computer, each of which carries a maximum sentence of five years in prison; two counts of wire fraud, each of which carries a maximum sentence of 20 years in prison; and one count of aggravated identity theft, which carries a mandatory sentence of two years in prison.  The maximum potential sentences in this case are prescribed by Congress and are provided here for informational purposes only, as any sentencings of the defendants will be determined by the assigned judge..."

The charges do not bode well for the U.S. to continue to honor the Iranian Nuclear deal, which President Trump wants to end, or dramatically change to an accord that is more favorable to the U.S. and to Israel, one that will ensure the Iranians do not acquire nuclear arms and the capability to deliver them.

While critics have argued that opting out of that deal will likely guarantee that Iran obtains Nuclear weapons and delivery systems for them, Trump, according to Jeremy Diamond (CNN),  continues to issue warnings about opting out, but continues to honor it, and in January, said that:
"... Trump warned ... in a statement that the waiver -- which must be issued every 120 days to keep the sanctions from kicking back in -- will be the last he issues and he delivered a stark ultimatum to European allies ... 'Fix the deal's disastrous flaws, or the United States will withdraw... I am waiving the application of certain nuclear sanctions, but only in order to secure our European allies' agreement to fix the terrible flaws of the Iran nuclear deal. This is a last chance ... In the absence of such an agreement, the United States will not again waive sanctions in order to stay in the Iran nuclear deal. And if at any time I judge that such an agreement is not within reach, I will withdraw from the deal immediately..."
According to Diamond, "...Trump coupled his waiver announcement with new sanctions on 14 Iranian individuals and entities that have committed human rights abuses or supported the country's ballistic missile programs, which are outside the scope of the nuclear deal. Many of those sanctions -- including one targeted at the head of Iran's judiciary -- were in response to the Iranian government's crackdown of peaceful protests that have swept the country in recent weeks..."


Diamond's report also highlights new approved Sanctions on Iran.

"The new sanctions Trump approved ... target 14 individuals and entities who the US said have committed human rights abuses or supported the country's ballistic missile program ...The most prominent of the US targets in the latest sanctions ... is Sadeq Larijani, the head of Iran's judicial system, a high-level official whose targeting could have 'serious political impact inside Iran,' a senior Trump administration official predicted. Senior administration officials said Larijani has overseen the sentencing and execution of juveniles in Tehran ... The sanctions also targeted two other Iranian officials whom the administration said are responsible for ordering abuses against citizens, including the denial of medical care and access to legal representation for protesters in Iranian jails..."

Diamond curiously points out that:

"...The Islamic Revolutionary Guard Corps Electronic Warfare and Cyber Defense Organization were each labeled for acting in behalf of Iran's Islamic Revolutionary Guard. The Treasury Department also designated two Iranian defense industry firms that provide key maintenance and overhaul services for the military's helicopter and aircraft..."

That was the status quo back in January well BEFORE the DOJ indictments of the nine cyber warfare operatives acting on behalf of the Iranian Islamic Revolutionary Guard Corps .