Iranian cyber attackers target state of Indiana, 144 universities

An ABC7 I-Team Investigation

ByChuck Goudie and Christine Tressel WLS logo
Saturday, March 24, 2018
Iranian cyber attackers target state of Indiana, 144 universities
EMBED <>More Videos

Iranian cyber attackers target state of Indiana, 144 universities

Nine Iranians were accused Friday of orchestrating years of cyberattacks on U.S. government agencies, the state of Indiana and hundreds of universities and businesses here and abroad in one of the largest state-sponsored hacking cases ever charged by the Justice Department.

A series of federal indictments and financial sanctions against Iranian individuals were announced by Deputy US Attorney General Rod Rosenstein, charging cyber activity against the United States. Federal prosecutors say the Iranians and an Iranian hacker network called the Mabna Institute illegally accessed Indiana state government computers and the computer systems of 144 U.S. universities.

Rosenstein and Justice Dept. officials would not name the 144 universities targeted by hackers in Iran, but numerous Midwestern universities are popular U.S. college destinations for Iranian students, including University of Illinois. At U of I, Iranian enrollment has jumped in recent years.

Federal agents said the hackers gained access to university databases and college library systems by using stolen login credentials belonging to university professors.

A spokesperson for U of I told the I-Team that as far as she knows, Illinois' flagship university was not among those hacked.

American government officials said they've determined that the nine Iranians, in cooperation with the Islamic Revolutionary Guard Corps, were behind the hacking effort.

Investigators found 320 universities around the world were attacked along with several U.S. government entities, including the Department of Labor, United Nations, and the Federal Energy Regulatory Commission, they said. The Iranians allegedly targeted more than 100,000 email accounts of professors around the world. About half of the 8000 compromised accounts belonged to professors at U.S. universities.

According to prosecutors, the hackers stole data and intellectual property across all fields of research, including engineering, medicine, science and technology.

"The events described in this indictment highlight the need for universities and other organizations to emphasize cyber security, increase threat awareness, and harden their computer networks," Rosenstein said. "The second important point is that our work on this case is critically important because it will disrupt the criminal operations of the Mabna Institute and deter similar crimes by others."

According to Rosenstein, the grand jury indictments list computer fraud, wire fraud, conspiracy and identity theft charges. The hacking campaign was underway from 2013 through at least late 2017, according to prosecutors.

The Treasury Department on Friday simultaneously blocked U.S. financial and property transactions by those charged-Gholamreza Rafatnejad, Ehsan Mohammadi, Abdollah Karima, Mostafa Sadeghi, Seyed Ali

Mirkarimi, Mohammed Reza Sabahi, Roozbeh Sabahi, Abuzar Gohari Moqadam and Sajjad Tahmasebi. They are thought to be in Iran, a nation that does not have extradition agreements with the U.S.

"At the crux of this case is the fact that the government of Iran systematically and methodically hacked into our country's computer networks with the intent to steal as much information as possible," said Geoffrey Berman, interim U.S. attorney in Manhattan where the case is being charged.

The indictment alleges that Iranian group members exploited common mistakes among computer users. They pretended to be professors at other schools expressing interest in their academic articles, the indictment stated. The emails would include purported links to other articles, which led to a site designed to look like a login page for the victim professor's university. When a professor would click on the replica links and then enter login information, hackers would capture the credentials and use them to access the university computer systems.

Indiana wasn't the only state attacked by Iranian hackers. Government computers in the state of Hawaii were also illicitly accessed.