U.S. charges 3 Iranian nationals in global hacking campaign

The Justice Department has charged three Iranian nationals for a global computer hacking campaign that allegedly targeted hundreds of victims for extortion, including local U.S. governments, power companies and a domestic violence shelter.

According to an indictment unsealed in New Jersey, Mansour Ahmadi, Ahmad Khatibi and Amir Hossein Nickaein began their hacking conspiracy in October of 2020, and took aim at companies and institutions in the United States, Britain, Israel, Russia and Iran.

FBI Director Christopher Wray said the three defendants "engaged in a pattern of hacking, cyber-theft, and extortion largely for personal gain."

"They were looking to steal information, encrypt networks, and sell private data, all in the hopes of persuading victims to pay sizeable ransoms," Wray said in a video statement.

Keep up with LAist.

If you're enjoying this article, you'll love our daily newsletter, The LA Report. Each weekday, catch up on the 5 most pressing stories to start your morning in 3 minutes or less.

Subscribe

The indictment says the defendants exploited known vulnerabilities in network devices and software to steal data from their victims' computer systems. In some instances, they allegedly encrypted data on a victim's system and demanded ransom to decrypt it, while in others they threatened to release the stolen data unless a victim paid them not to do so.

The ransom demands, prosecutors say, were either sent to a victim's printer or via email. Payment was to be made in cryptocurrency.

One note, for example, that was sent to an accounting firm in Illinois read: "Hi! If you are reading this, it means your data is encrypted and your private sensitive information is stolen! Read carefully the whole instructions to avoid any problems. You have to contact us immediately to resolve this issue and make a deal!"

The targets of the ransom and extortion campaign varied.

There was a municipality in Union County, N.J., and a county government in Wyoming; a public housing corporation in Washington state; a domestic violence shelter in Pennsylvania; accounting firms in New Jersey and Illinois; and regional power companies in Mississippi and Indiana.

While officials say the victims appeared to be targets of opportunity, the U.S. attorney for New Jersey, Philip Sellinger, noted a through line among many of them.

"A common feature of the victims was that they provided essential services—local government, housing power, a domestic violence shelter," Sellinger said. "Services people depend upon every day. Services that, if taken away, hurt the public."

The indictment does not allege that the defendants were working at the behest of the Iranian government.

None of the defendants is in U.S. custody. Justice Department officials say all three of them are believed to be in Iran.

Still, American officials say that bringing this case can have a deterrent effect.

"By charging them in this indictment, by publicly naming them, we are stripping their anonymity away," Sellinger said. "They cannot operate anonymously from the shadows anymore. We have put a spotlight on them as wanted criminals."

In his statement, Wray also announced a joint cybersecurity advisory from the FBI and its partners in the U.S. and some close allies.

The advisory highlights the broader threat that posed by cyber actors linked to the Iranian government, he said.

Copyright 2022 NPR. To see more, visit https://www.npr.org.