The Justice Department on Wednesday announced indictments against two Iranian nationals for allegedly targeting and stealing sensitive data from groups in the United States, Europe and the Middle East, in some cases with Iranian government support.
Hooman Heidarian and Mehdi Farhadin are accused of stealing hundreds of terabytes of data, in some cases at the direction of Tehran, beginning in 2013 from groups including American and foreign universities, a Washington, D.C.-based think tank, a defense contractor, an aerospace organization and other groups seen as adversarial to Iran.
Heidarian and Farhadi are alleged to have stolen data including communications on national security, foreign policy intelligence, nuclear information, human rights activism and financial information.
According to the Department of Justice, the targeting affiliated with the Iranian government included hacking computer systems connected to Iranian dissidents, human rights groups and opposition leaders.
The two are also accused of vandalizing websites through defacing them with pro-Iranian government messages and are alleged to have used multiple methods to gain access to networks, including developing a botnet to spread malware viruses and spam their targets.
They were indicted on ten counts to commit fraud, access to unauthorized computers and identity theft, among others. The charges carry potential prison sentences of several decades added together. The defendants are currently at large.
“We will not bring the rule of law to cyberspace until governments refuse to provide safe harbor for criminal hacking within their borders,” Assistant Attorney General for National Security John Demers said in a statement on Wednesday. “Unfortunately, our cases demonstrate that at least four nations — Iran, China, Russia and North Korea — will allow criminal hackers to victimize individuals and companies from around the world, as long as these hackers will also work for that country’s government — gathering information on human rights activists, dissidents and others of intelligence interest.”
“Today’s defendants will now learn that such service to the Iranian regime is not an asset, but a criminal yoke that they will now carry until the day they are brought to justice,” Demers added.
Many of the computer networks targeted were based in New Jersey. U.S. Attorney for the District of New Jersey Craig Carpenito said Wednesday in a separate statement that the “brazen” infiltration of computer systems “threatens our national security, and as a result, these defendants are wanted by the FBI and are considered fugitives from justice.”
Iran is considered one of the most dangerous nations in cyberspace alongside Russia, China and North Korea, with federal agencies warning of an increase in cybersecurity threats from Iran earlier this year following the death of Iranian Gen. Qasem Soleimani in a U.S. military strike.
The new indictments came a day after the DOJ announced charges against an Iranian national and a Palestinian national for allegedly targeting and defacing over 50 U.S. websites in retaliation for the death of Soleimani in January.