Financial Crime World

FBI Uncovers Massive University Hacking Scheme Linked to Iranian Government

Federal authorities have revealed a massive hacking campaign that targeted over 100,000 academic accounts worldwide, with the majority located in the United States. The scheme, carried out by the Mabna Institute, is believed to be linked to the Iranian government and has compromised thousands of email accounts at universities across the globe.

The Scheme

The Mabna Institute, founded in approximately 2013, allegedly employed hackers-for-hire and contract personnel to conduct cyber intrusions on behalf of Iranian governmental and private entities. The group’s mission was to steal access to non-Iranian scientific resources, intellectual property, and academic data.

Scope of the Breach

According to the indictment:

  • Over 8,000 professor email accounts at 144 U.S.-based universities were compromised.
  • An additional 176 foreign institutions in countries such as Australia, Canada, China, and the United Kingdom were also targeted.
  • The campaign began in 2013 and continued through at least December 2017.

Consequences of the Breach

The hackers used stolen account credentials to obtain unauthorized access to victim professor accounts, stealing:

  • Research data
  • Academic journals
  • Theses
  • Dissertations
  • Electronic books
  • Worth an estimated $3.4 billion

The stolen data was then exfiltrated to servers outside the United States controlled by members of the conspiracy.

Additional Activities

In addition to selling the stolen data on two websites, Megapaper.ir (Megapaper) and Gigapaper.ir (Gigapaper), the defendants also used compromised university professor accounts to access online library systems of particular universities.

International Cooperation

The FBI has provided foreign law enforcement partners with detailed information regarding victims within their jurisdictions, allowing for notification and remediation efforts. Additionally, the agency has shared information with private sector partners to assist in network defense and mitigation efforts.

Charges and Sentences

Rafatnejad, Mohammadi, Karima, Sadeghi, Mirkarimi, Sabahi, Moqadam, and Tahmasebi have each been charged with various computer intrusion, wire fraud, and identity theft offenses. The maximum potential sentences for the defendants are up to 20 years in prison.

Acknowledgments

The Department of Justice and the FBI praised the outstanding investigative work of the FBI, as well as assistance from the United Kingdom’s National Crime Agency (NCA) and the support of the Office of Foreign Assets Control (OFAC).

Presumption of Innocence

The charges contained in the indictment are mere accusations, and the defendants are presumed innocent until proven guilty.