Experts: Latest US Indictments May Discourage Hackers from J
The U.S. Department of Justice has announced criminal charges against three Iranian men for their alleged participation in state-sponsored identity theft and hacking by Iran’s Islamic Revolutionary Guard Corps (IRGC), a designated foreign terrorist organization.
The men are all residents and citizens of the Islamic Republic of Iran, U.S. authorities said Thursday in a press release. Officials also say the men conspired to infiltrate the networks of American companies in search of commercial data and intellectual property.
Some observers say the move could be an effective step by the U.S. in its unprecedented campaign against the Iranian government.
FILE - Members of Iran's Islamic Revolutionary Guard Corps (IRGC) march in the capital Tehran in this handout photo provided by the Iranian presidency on Sept. 22, 2019.
“Such U.S. charges against these hackers will make the risks very high even if they work on behalf of the Iranian government,” Mehdi Yahyanejad, a U.S.-based Iranian blogger and founder of the Balatarin news-sharing website, told VOA. “This would discourage other potential hackers who might consider working for the Iranian government.”
The Reuters news agency said attempts to locate contact information for the Iranian defendants were not immediately successful and that a message left with Iran’s mission to the United Nations was not returned.
Identity theft
The hacking campaign used malware to attempt to steal the identities of thousands of U.S. citizens to accomplish unlawful acts and steal information related to U.S. aerospace and satellite technology, U.S. officials said in the written statement announcing the indictment. It also said the hacking campaign was launched in July 2015 and continued until February 2019.
According to the U.S. government, at one point, the defendants possessed a target list of about 1,800 online accounts, including accounts belonging to various companies and organizations, in addition to international government organizations in Australia, Israel, Singapore, the United States and Britain.
Officials say the defendants are accused of engaging in an attempt to identify U.S. citizens working in the satellite and aerospace fields and whose identities could be stolen by the IRGC online. The impersonation of those individuals allowed the defendants to register email addresses and fraudulently purchase domains and hacking tools to be used in the coordinated campaign, the U.S. government said.
U.S. officials said phony online personas were created before the defendants sent customized spearphishing emails that purported to be from the individuals whose identities had been stolen. The messages, with malicious links embedded throughout, were then sent to members of the public. When clicked, malware would be downloaded onto the recipients’ computers and provide unauthorized access to their devices and networks.
Authorities allege that the defendants, via these methods, were able to compromise victims’ networks, resulting in theft of sensitive commercial information, intellectual property and personal data held by targeted companies. All data was then passed on to the IRGC.
Arrest warrants
The U.S. District Court for the Eastern District of Virginia has issued arrest warrants for Said Pourkarim Arabi, Mohammad Reza Espargham and Mohammad Bayati.
Charges include conspiracy to commit computer intrusions, obtaining information by unauthorized access to protected computers, intentional damage to protected computers, aggravated identity theft, and conspiracy to commit fraud.
Assistant U.S. Attorney General for National Security John Demers called the campaign “another effort by a rogue foreign nation to steal the fruits of this country’s hard work and expertise.”
Targeting dissent
News of the charges follow an indictment Wednesday of two other Iranians accused of participating in similar attacks.
The two men, Mehdi Farhadi and Hooman Heidarian, targeted computers in New Jersey and around the world for theft and defacement, the Justice Department said in its Wednesday statement. It said hacks included instances where the defendants obtained information regarding Iranian dissidents, human rights activists and opposition leaders.
The revelation of Iranian cyberattacks against opposition figures puts further spotlight on the regime’s efforts to silence the Iranian diaspora, according to Jason Brodsky, policy director for the Washington-based advocacy group United Against Nuclear Iran.
“The recent designations demonstrate the regime's pervasive fear of Iranian dissidents and of its own people,” Brodsky told VOA.
VOA’s Mehdi Jedinia contributed to this story from Washington.