Iranian hackers stealing and "taking credit" for our work, FBI deputy director says
WASHINGTON -- Federal prosecutors slapped criminal charges on nine Iranians Friday. The men are accused of hacking to steal scientific research and other information from more than 300 universities and private companies.
The men, now wanted by the FBI, are allegedly the hackers-for-hire behind a massive cyber theft campaign backed by Iran's most powerful security force, the Islamic Revolutionary Guard. They are charged with stealing proprietary data, academic research and a broad range of intellectual property estimated to be worth more than $3 billion.
"Just in case you were wondering, they are not admiring our work," said FBI Deputy Director David Bowdich. "They're stealing it and they're taking credit for it and they're selling it to others."
The volume of targets is staggering: the email accounts of some 8,000 professors at 320 universities in the United States and abroad, as well as the Department of Labor and the state of Hawaii.
The hackers sent "spear phishing emails," prompting recipients to click on a link that caused their login page to reappear, tricking them into re-entering their credentials, which were then captured by the hackers.
"Academia is notoriously open," said Adam Meyers, vice president of intelligence for cybersecurity firm CrowdStrike. "It becomes a very attractive environment for somebody that's trying to collect information."
Investigators don't want their targets to know how they got the information, so they've left a lot of questions about who was targeted and what specific information was stolen. But it's expected to be highly sensitive because of the specific reference to the involvement of the elite Revolutionary Guard in the scheme.