Tuesday, July 18, 2017

FBI Indicts Iranian Hackers



The U.S. FBI -Federal Bureau of Investigation- has announced the indictments of two Iranian hackers.

The hackers are Mohammed Reza Rezakhah -aged 39- and Mohammed Saeed Ajily -aged 35-. They have both been charged with the following:

  • Criminal conspiracy relating to computer fraud and abuse
  • Unauthorized access to and theft of information from computers
  • Wire fraud
  • Exporting a defense article without a license, and
  • Violating sanctions against Iran 
Arrow Tech: Vermont Software Company

Rezakhah and Ajily have been charged for activity starting in around 2007, where they and a third hacker, Nima Golestaneh -who has already pleaded guilty-, hacked into computers in order to obtain software which they would then sell and redistribute in Iran and elsewhere outside the U.S. It appears that Golestaneh worked with Rezakhah, in supplying servers for Rezakhah to conduct illegal activities.

Ajily tasked Rezakhah and other hackers with stealing or unlawfully cracking particular pieces of software. Rezakhah then hacked into victim networks to steal the software they wanted & once they got the software, Ajily marketed and sold the software through various companies and associates to Iranian entities, including universities, military and government entities, specifically noting that such sales were in contravention of U.S. export controls and sanctions. The Universities and company included: Malek Ashtar Defense University, Tehran University, Sharif Technical University, Khvajeh Nasir University, and Shiraz Electro Optic Industry. Rezakhah worked with Golestaneh, selling their "cracked" solution to the Arrow Tech software -they formed a company called "Dongle Labs", which sold a crack to the software that normally requires a hardware "dongle" for the software to work-.

In addition to payment, Ajily received certificates of appreciation for his work from several of the Iranian government and military entities. This implies that Ajily and Rezakhah could be working for the Iranian state?

In October 2012, Rezakhah hacked a Vermont-based engineering consulting and software design company -Arrow Tech-. Arrow Tech's primary product was PRODAS -Projectile Rocket Ordnance Design and Analysis System-; software that provides aerodynamics analysis and design for projectiles -from bullets to GPS guided artillery shells-. This software is designated as a “defense article” on the U.S. Munitions List of the International Traffic in Arms Regulations -ITAR-, meaning it cannot be exported from the U.S. without a license from the U.S. Department of State. Ajily marketed the same software as one of the products he could offer to his Iranian clients.

What does this mean for the hackers?

The court issued arrest warrants for both defendants, which means that if either Rezakhah or Ajily wanted to travel outside of Iran, they would be arrested. This means they are now effectively prisoners inside Iran. No doubt, their activities have brought great shame upon Iran, themselves and their families. Such illegal activities may not help their career chances inside Iran either...

It would appear that the FBI is getting tough on Iranian hackers who may work for or have links to supporting the Iranian state in such illegal activities. The indictment can be read in full here.