Skip to main content

DOJ Charges Two Iranians in Cyber Intrusion Campaign

by Chris Brook on Thursday September 17, 2020

Contact Us
Free Demo

For years, the hackers infiltrated systems and targeted intellectual property and national security data.

The U.S. has charged two Iranian hackers who purportedly broke into companies, sometimes for the Iranian government, and stole data - much of it classified.

An indictment detailing the charges was unsealed on Wednesday.

The two men allegedly stole hundreds of terabytes of "highly protected and extremely sensitive" data pertaining to national security, foreign policy intelligence, non-military nuclear information, aerospace data, human rights activist information, victim financial information and personally identifiable information, and intellectual property, including unpublished scientific research, according to New Jersey's U.S. Attorney's Office, which announced the charges.

“They brazenly infiltrated computer systems and targeted intellectual property and often sought to intimidate perceived enemies of Iran, including dissidents fighting for human rights in Iran and around the world. This conduct threatens our national security, and as a result, these defendants are wanted by the FBI and are considered fugitives from justice," U.S. Attorney Craig Carpenito said this week.

None of the companies were publicly named in the indictment but descriptions of the firms were. The victims included a university in New Jersey, a telecom in Israel, a defense contractor in California, an aerospace firm in Saudi Arabia, in addition to various other government agencies and non-profits.

Judging by some of the dates in the indictment, the charges have been a long time coming.

The two men, Hooman Heidarian and Mehdi Farhadi, first carried out the hacks as early as January 2010. The two used session hijacking, SQL injection, and malware to secure access to systems, then key loggers and remote access trojans to maintain their access. To keep the operation going the two developed a botnet that helped perpetuate the spread of malware, DDoS attacks, and spam.

The two aggregated some of the stolen data - names of users of victim networks, access credentials, addresses, phone numbers, social security numbers - and shared, advertised, and priced their privileged access to customers.

The two didn't just steal intellectual property and other data, they caused trouble as well, vandalizing websites, posting things that "appeared to signal the purported demise of Iran's internal opposition."

The messages were largely pro-Iran, other defacements included images of burning Israeli flags and "threats forecasting the death or demise of citizens in the United States, Israel, and elsewhere."

In total the two are being charged with 10 counts - one count each of conspiracy to commit fraud and related activity in connection with computers and access devices; computer fraud - unauthorized access to protected computers: computer fraud, unauthorized damage to protected computers; conspiracy to commit wire fraud; and access device fraud; and five counts of aggravated identity theft.

The case was one of two involving Iranian hackers to come out this week. In the Eastern District of Virginia on Thursday, three hackerrs were indicted for targeting thousands of individuals in an attempt to steal critical information related to U.S. aerospace and satellite technology. While like the other indictment, no companies were named, the DOJ acknowledged that one company provided real time satellite tracking and another provided satellite voice and data communication services to customers.

Tags:  hacking

Recommended Resources

The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention

All the essential information you need about DLP in one eBook.

6 Cybersecurity Thought Leaders on Data Protection
6 Cybersecurity Thought Leaders on Data Protection

Expert views on the challenges of today & tomorrow.

Digital Guardian Technical Overview
Digital Guardian Technical Overview

The details on our platform architecture, how it works, and your deployment options.