According to Attorney General Rod Rosenstein, Iranians connected to the Islamic Revolutionary Guard Corps (IRGC) were recently charged with conducting a massive cyber theft campaign on American and foreign universities, businesses and government agencies.
AG Rosenstein states:
The stolen information was used by the IRGC or sold for profit in Iran. They hacked the computer systems of approximately 320 universities in 22 countries. 144 of the victims are American universities. The defendants stole research that cost the universities approximately $3.4 billion to procure and maintain.
They also attacked computer systems of the U.S. Labor Department, Federal Energy Regulatory Commission, United Nations, and the states of Hawaii and Indiana.
When hackers gain unlawful access to computers, it can take only a few minutes to steal discoveries produced by many years of work and many millions of dollars of investment.
For many decades, the United States has lead the world in science, technology, research, and development.
Academic institutions are prime targets for foreign cybercriminals. Universities can thrive as marketplaces of ideas and engines of research and development only if their work is protected from theft.
The events described in this indictment highlight the need for universities and other organizations to emphasize cybersecurity, increase threat awareness, and harden their computer networks.
Every sector of our economy is a target of malicious cyber activity. Everyone who owns a computer needs to be vigilant to prevent attacks.
This type of criminal activity does not just cause economic harm. It also threatens our national security. Identifying and prosecuting computer hackers is a priority for the Department of Justice.
Hostile individuals, organizations, and nation-states have taken note of our success. They increasingly attempt to profit from American’s ingenuity by infiltrating our computer systems, stealing our intellectual property, and evading our controls on technology exports.
FBI Deputy Director David Bowdich reports:
“During a more than four-year campaign, these state-sponsored hackers compromised approximately 144 U.S.-based universities and 176 foreign universities in 21 countries… When the FBI learned of the attacks we notified the victims, so they could take action to minimize the impact. And then we took action to find and stop these hackers.”
The special agent from the FBI’s New York Division who investigated the case tells us:
“Their primary goal was to obtain usernames and passwords for the accounts of professors, so they could gain unauthorized access and steal whatever kind of proprietary academic information they could get their hands on. That information included access to library databases, white papers, journals, research, and electronic books. All that information and intellectual property was provided to the Iranian government.”
The Small Business Administration believes it is. Here’s what they recommend you do:
Protect information, computers, and networks from cyberattacks. Keep clean machines: having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Set antivirus software to run a scan after each update. Install other key software updates as soon as they are available.
Provide firewall security for your Internet connection. A firewall is a set of related programs that prevent outsiders from accessing data on a private network. Make sure the operating system’s firewall is enabled or install free firewall software available online. If employees work from home, ensure that their home system(s) are protected by a firewall.
Create a mobile device action plan. Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment.
Control physical access to your computers and create user accounts for each employee. Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.
Limit employee access to data and information, and limit authority to install software. Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs and should not be able to install any software without permission.
The increased frequency of cybercrime of cybercrime incidents has raised concerns and stakes for both small and large businesses. Your IT Managed Services Provider will help you fight and prevent cybercrime of all kinds. They will be your best friend in this regard. Don’t wait to contact them.