A cyber-attack on ideas: Mabna behind latest frightening global phising campaign that targets intellectual property, with allegations of state-sponsorship.

An indictment for nine Iranians was unsealed on March 23 2018. They each stand accused of a variety of crimes relating to cyber-attacks conducted on universities, government agencies, and private organisations around the globe. 31 terabytes of data was stolen - that is a lot of data! The nine suspects are all affiliated with Mabna, the group responsible for the HBO hacking (in which Game of Thrones episodes were leaked), which led to the indictment of Mesri for his involvement in the hacking and attempts to extort US$6 million. It has been revealed that the cyber-assault used customized phishing emails that were sent under the disguise of academics at other institutions. The emails contained links to academic papers that directed the victim to a malicious domain masquerading as a university web page, prompting the victim to give away his log-in details.

Among the victims were government agencies and private companies, but the primary target was universities, with around 8000 professors falling victims. So, unlike the targets identified in previous indictments, we now appear to be seeing a diversification of the type and location of the target. Furthermore, the attack was indiscriminate with regards to academic discipline. Whilst the economic value of the data should not be given disregarded (the indictment makes the cost of the stolen research to USE institutions as US$3.4 billion), the financial loss is only one implication. The concept of targeting innovation, ideas and information, acquired through years of research effort, is new and frightening. The attacks demonstrate the need for academic institutions, to improve their cyber-security, both in terms of the awareness and implementation. It is worrying that the attacks reached beyond the usual suspects of the US and Israel; universities in 22 different counties, including many in Europe, and also China, were victims. Among the non-academic targets was the Unite Nations Children's Fund, demonstrating the callous and indiscriminate way in which the Iranian cyber machine selects victims.

Whilst considered innocent until proven guilty in a court of law, presumably investigators must be pretty convinced of guilt to name these individuals in the indictment. These men will join those previously indicted by the FBI for cyber-criminals, in not being able to leave Iran without fear of arrest. This limitation of freedom will surely deter some of those considering a 'career' in hacking, and slow recruitment to the Iranian cyber-army.

Who is backing Mabna? The indictment reveals that spear-phising email attacks were then conducted on behalf of the Islamic Revolutionary Guard Corps (IRGC) of Iran. But were there other governmental bodies involved? This is a persistent question which resurfaces with each attack. Given their close association, it seems likely that there is some level of co-ordination between the IRGC and other government offices, like those within the Iranian Ministry of Foreign Affairs, when planning the cyber-attacks. Will this public condemnation deter Iran form undertaking further attacks on university, or will the stat simply distance themselves form cyber criminals?