US sanctions Iranian company, ‘Game of Thrones’ hacker

A federal grand jury in the Southern District of New York indicted the nine Iranians for conspiring to hack into computers and defraud U.S. and foreign universities at the behest of the Islamic Revolutionary Guard Corps.

Also targeted in the hacking scheme were 47 U.S.-based and foreign private-sector companies, and government institutions, including the Department of Labor, United Nations, and Federal Energy Regulatory Commission, said U.S. Attorney Geoffrey S. Berman for the Southern District of New York. Berman described the efforts as “one of the largest state-sponsored hacking campaigns ever prosecuted” by the Justice Department.

“Iran is engaged in an ongoing campaign of malicious cyber activity against the United States and our allies. The IRGC outsourced cyber intrusions to The Mabna Institute, a hacker network that infiltrated hundreds of universities to steal sensitive data,” Treasury Undersecretary Sigal Mandelker said in a statement. “We will not tolerate the theft of U.S. intellectual property, or intrusions into our research institutions and universities. Treasury will continue to systematically use our sanctions authorities to shine a light on the Iranian regime’s malicious cyber practices, and hold it accountable for criminal cyber-attacks.”

The sanctions were imposed on the Mabna Institute, an Iran-based company that hacked into the computer systems of more than 144 universities based in the United States. The company also breached the computer systems of at least 176 universities in 21 other counties, including Australia, Canada, China, Germany and the United Kingdom.

According to the Treasury Department, the Mabna Institute stole data and login credentials, which were used to benefit Iran’s Islamic Revolutionary Guard Corps. The information was also sold to at least two websites in Iran.

Login credentials belonging to university professors were used to access online university library systems.

The stolen data was worth roughly $3.4 billion and totaled more than 31.5 terabytes, the equivalent of 15 billion pages, Berman said. The hacking campaign began in 2013 and ran through December 2017. More than 100,000 accounts of university professors around the world were targeted, and professors were tricked into clicking on fake links.

Ultimately, more than 8,000 accounts were compromised. The stolen data and research spanned all fields, including science, technology, engineering, social sciences, and medicine, according to the Justice Department.

The Mabna Institute was founded around 2013 and aimed to help Iranian universities and research organizations with obtaining access to scientific resources outside of Iran. The company has contracted with Iranian governmental and private institutions to conducted cyber intrusions on their behalf.

In addition to the Mabna Institute, the U.S. government sanctioned nine people based in Iran described as “leaders, contractors, associates, hackers for hire, and affiliates” of the Mabna Institute.

They engaged “in malicious cyber-activities related to the significant misappropriation of economic resources or personal identifiers for private financial gain,” according to the Treasury Department.

A 10th Iranian sanctioned, Behzad Mesri, hacked into user accounts of HBO employees as part of a scheme that began last year. The U.S. government said Mesri used the accounts to access HBO’s computer servers and steal data, including confidential and proprietary information, financial records and employees’ personal information.

Among the stolen content was video files with unaired episodes of multiple HBO shows, scripts and plot summaries for unaired episodes of “Game of Thrones,” cast and crew contact lists, and login credentials for HBO social media accounts.

Mesri then leaked portions of the stolen content, including the information about “Game of Thrones,” online.

He also attempted to extort HBO for $6 million.

Mesri was indicted for his involvement in the hacking scheme in November.