Iranian firm hacked computers nationwide, including in Hawaii, FBI says

WASHINGTON >> An Iranian consulting firm worked for years to steal secrets from universities and companies in the U.S. and around the globe, even hacking into the U.S. Department of Labor and the United Nations, according to an indictment unveiled today. The company is also accused of breaching the computers of the Federal Energy Regulatory Commission and the states of Hawaii and Indiana.

The Mabna Institute, based in Tehran, worked for Iran’s Islamic Revolutionary Guard Corps and other clients in the Iranian government to steal academic research, proprietary secrets and government data, the indictment claims. The hacking went on since at least 2013, the Justice Department said.

A grand jury meeting in the southern district of New York charged nine people, all of them living in Iran. The Treasury Department also announced sanctions against the company and the employees.

(Hawaii’s Office of Enterprise Technology Services posted a statement on its website saying the hack of state computers involved 37 email accounts in the executive branch.

(“As part of ETS’s ongoing monitoring of the executive branch departments’ email system, we noticed unusual activity involving 37 email accounts. We reacted quickly and resolved the situation,” said the statement, which was attributed to state Chief Information Officer Todd Nacapuy and Chief Information Security Officer Vincent Hoang. “Law enforcement officials were contacted to assist in the investigation. According to the departments, the emails involved did not contain confidential information. Furthermore, the state’s computer systems where confidential information is stored was not breached.”

(The “unusual activity” involving 37 state email accounts has no connection to the loss of data for 66,500 driver’s license and state ID cardholders that was announced Thursday, Caroline Julian-Freitas, senior communications manager for the Office of Enterprise Technology Services, told the Honolulu Star-Advertiser.

(She said Nacapuy and Hoang were not available for further comment. “However, I can confirm that Governor (David) Ige was not part of the 37 emails,” she said in an email in response to Star-Advertiser questions.)

According to federal officials, the Iranian hackers used stolen account credentials to access university professors’ accounts and allegedly stole journals, dissertations and electronic books in science and technology, engineering, medical and other fields. The leaders of the company sold the material through two affiliated websites, according to the indictment. One firm sold a professor’s log-in information that allowed access to online library systems.

Deputy Attorney General Rod Rosenstein said the hackers penetrated 320 universities around the world, including 144 in the United States. He said universities are “prime targets” for cybercriminals.

By tricking professors into clicking on false links, the hackers got into 8,000 accounts, said Geoffrey Berman, interim U.S. attorney in Manhattan, saying the hackers stole “innovations and intellectual property of some of our country’s greatest minds.”

While it does not yet have the sophistication of hackers in Russia or China, Iranian government-sponsored hacking poses a growing threat. One recent study from the Carnegie Endowment for International Peace found that “offensive cyber operations have become a core tool of Iranian statecraft,” sponsored by the government intelligence apparatus.

The hacking is “just the latest example of the Iranian regime’s willingness to use techniques to enrich itself and attack companies and countries around the globe,” said Sigal Mandelker, a Treasury Department undersecretary.

Justice officials would not discuss how the FBI discovered the operation, or how it determined its alleged links to the Iranian government. In some cases, victims reported the hacking and reported it, Rosenstein said.

“Today, not only are we publicly identifying the foreign hackers who committed these malicious cyber intrusions, but we are also sending a powerful message to their backers, the government of the Islamic Republic of Iran: Your acts do not go unnoticed,” FBI Director Christopher Wray said in a statement.

The nine defendants, including company founders Gholamreza Rafatnejad and Ehsan Mohammadi, were charged with conspiracy, wire fraud and identity theft. But since Iran does not have an extradition treaty with the United States, it’s unlikely they will face trial, unless they leave the country.