The US has indicted two Iranians in connection with the theft of hundreds of terabytes of sensitive data from computers in America, Europe, and the Middle East.
Hooman Heidarian, aged 30, and Mehdi Farhadi, 34, were allegedly involved in a slew of coordinated hacks perpetrated to make money or for political reasons.
Data stolen in the attacks and later allegedly sold on the black market by the defendants included confidential communications pertaining to national security, foreign policy intelligence, non-military nuclear information, aerospace data, human rights activist information, victim financial information and personally identifiable information, and intellectual property, including unpublished scientific research.
The defendants are further accused of politically motivated hacking on behalf of Iran to steal information relating to dissidents, human rights activists, and opposition leaders.
Heidarian, otherwise known as Neo, and Farhadi, also known as Mehdi Mahdavi and Mohammad Mehdi Farhadi Ramin, are both from Hamedan, believed to be one of Iran’s oldest cities.
According to the ten-count indictment, since at least 2013, the defendants have been responsible for a coordinated campaign of cyber-intrusions into computer systems around the world.
Among the campaign’s victims are several American and foreign universities, a think tank in Washington, DC, a defense contractor, an aerospace company, a foreign policy organization, non-governmental organizations (NGOs), non-profits, and governments and other entities they identified as rivals or adversaries to Iran.
In addition to the alleged theft of highly sensitive data, the defendants are further accused of vandalizing websites. Using the pseudonym “Sejeal,” the defendants allegedly posted messages appearing to signal the demise of Iran’s internal opposition, foreign adversaries, and countries marked out as rivals to Iran, including Israel and Saudi Arabia.
Tools and tactics allegedly used by the defendants to gain and maintain unauthorized access to victim networks included vulnerability scanning tools, session hijacking, SQL injection, malicious programs installations, and keyloggers.
The pair are further accused of developing a botnet tool, which facilitated the spread of malware, denial of service attacks, and spamming to victim networks.
Each defendant is charged with conspiracy to commit fraud and related activity in connection with computers and access devices; unauthorized access to protected computers; unauthorized damage to protected computers; conspiracy to commit wire fraud; access device fraud; and aggravated identity theft.