Inside the Breach

(dramatic music) – [Mike] In March 2018, the U.S. Department of Justice released a grand jury indictment of nine Iranians, charging them with a massive cyber attack against targets in the United States. The indictment charged that these nine individuals were affiliated with an Iranian organization called the Mabna Institute.

The Mabna Institute existed for the purpose of assisting Iranian academics with obtaining access to scientific resources located outside of Iran. Well that might sound like a noble pursuit, the reality was that Mabna’s specialty was obtaining access to those resources by stealing them in cyber attacks. These attacks weren’t isolated incidents. Evidence revealed by the grand jury demonstrated that the attacks began as early as 2013 and continued for four years until they were stopped in December of 2017.

This was a large scale coordinated effort designed to infiltrate accounts belonging to, of all people, university professors. Now you might think that professors will be the last people to trigger the interest of a foreign government’s hacking efforts. But the reality was that those professors possess something incredibly valuable to Iran. Passwords that granted access to a wealth of library resources. The mission of university libraries has changed dramatically over the past decade.

While they do still stockpile books and reference materials for use by faculty and students, much of their important work occurs online. Libraries serve as digital information clearing houses, purchasing expensive digital subscriptions to journals, databases, and other research resources, and then providing faculty and students with electronic access to those resources from the comfort of their homes and offices. In most cases the only barrier between a user and library resources is the password used to protect the user’s account.

Once the user enters his or her password, they have full and unrestricted access to a wide variety of expensive library resources. In the next video, we’ll talk about how the Iranian obtained professors’ passwords. The techniques they used were quite successful. The grand jury indictment charges that the Mabna Institute hackers stole passwords belonging to almost 8,000 professors at over 140 schools in the United States, and even more in other countries.

They used those credentials to conduct what is probably one the largest theft of intellectual property in history. The attackers stole 31 1/2 terabytes of academic data. If the typical scientific paper with images and figures runs about three megabytes, that means that the hackers stole about 10 million scientific papers. Once they captured all this knowledge, they then resold it to Iranian academics through two websites, megapaper.ir and gigapaper.ir.

Those sites worked in different ways. Megapaper served as a search engine for all of those stolen contents. Iranian academics could search through the millions of stolen files and find information that would assist with their research. When they found papers that interest them, they could then purchased them directly on the site. Gigapaper also hosted some papers, but they also allow customers to purchase direct access to the stolen accounts of American academics, allowing Iranian users to access resources at American universities directly, without involving an intermediary.

An attack of this nature has many victims. The accounts of professors were accessed by unauthorized individuals who may have read personal emails, stolen other data from the account, or perform other actions without the professors’ consent. Universities found themselves answering questions from publishers about heavy use of expensive resources. And publishers found their information stolen and for sale on Iranian websites. This was an attack with broad impact.

Leave a Reply