U.S. Indicts Iranians in Data Theft From Colleges, Companies

(Bloomberg) -- The U.S. Justice Department on Friday charged nine Iranian citizens with hacking hundreds of companies and academic institutions to steal more than $3.4 billion in trade secrets and other data on behalf of the Islamic Revolutionary Guard Corps.

The individuals charged did the hacking since 2013 and were connected to an Iran-based company called the Mabna Institute, according to an indictment unsealed Friday.

"At the crux of this case is the fact that the government of Iran systematically and methodically hacked into our country’s computer networks with the intent to steal as much information as possible," Geoffrey Berman, U.S. attorney for the Southern District of New York, said during a press conference in Washington.

Berman said the case is one of the largest state-sponsored hacking campaigns ever prosecuted by the Justice Department. The individuals and the institute were also sanctioned by the Treasury Department.

According to the U.S., trade secrets and academic research was stolen from companies and institutions in countries across the world, including the U.S., Canada, Great Britain, Germany, Israel, China, South Korea, Japan and Australia.

Stolen Data

In total, 15 billion pages of data were stolen from at least 144 U.S. universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies, the U.S. Department of Labor, the Federal Energy Regulatory Commission, the states of Hawaii and Indiana, the United Nations and the United Nations Children’s Fund, the Justice Department alleged.

"Through the defendants’ activities, the Mabna Institute stole more than 31 terabytes of academic data and intellectual property from universities, and email accounts of employees at private sector companies, government agencies, and non-governmental organizations," according to the indictment.

Officials at Iran’s Mission to the United Nations didn’t immediately respond to an emailed request for comment on the accusations.

One of the Iranians included in Friday’s move had been been charged in November with stealing unreleased "Game of Thrones" scripts and other sensitive materials, taunting HBO employees with the email greeting "Hi All losers!" The man, Behzad Mesri, is alleged to have ties to the country’s military and was a member of an Iran-based group of hackers called the Turk Black Hat security team.

Mesri, who wasn’t in U.S. custody, was charged with breaking into HBO’s computer servers and trying to extort $6 million in bitcoin from the cable network.

“Iran is engaged in an ongoing campaign of malicious cyber activity against the United States and our allies," Sigal Mandelker, Treasury’s undersecretary for terrorism and financial intelligence, said in a statement. "The IRGC outsourced cyber intrusions to The Mabna Institute, a hacker network that infiltrated hundreds of universities to steal sensitive data."

--With assistance from Bob Van Voris

To contact the reporter on this story: Chris Strohm in Washington at cstrohm1@bloomberg.net.

To contact the editors responsible for this story: Bill Faries at wfaries@bloomberg.net, Kevin Whitelaw

©2018 Bloomberg L.P.