29 Mar 2018

Vulnerabilities Exposed in Massive Cyber Attack

Nine Iranian have been charged with conducting a cyber theft campaign on behalf of the Islamic Revolutionary Guard Corps. They penetrated systems belonging to hundreds of universities and companies, in an attack that demonstrates the weaknesses in many organisations’ cyber defences.

shutterstock
jijomathaidesigners / Shutterstock.com

 

The indictment was unsealed on Friday 23rd March, charging nine individuals associated with the Iran-based Mabna Institute of orchestrating a coordinated campaign of cyber intrusions dating back as far as 2013. They are alleged to have made their way into computer systems belonging to 144 US universities, 176 universities across 21 other countries, 47 US companies, and several US governmental departments, as well as the United Nations. 

Over 30 terabytes of data were stolen, both academic data and intellectual property from the universities, and email inboxes from the company and government employees. The indictment claims that the nine people charged with the attack did so on behalf of the Islamic Revolutionary Guard Corps, an entity within Iran responsible for intelligence gathering.

This is one of the largest state-sponsored hacking campaigns seen, and it has brutally exposed the vulnerabilities of the cyber defences of many organisations. With high-value data at stake, one of the lessons that needs to be learned from this episode is the importance of good cyber security.

One of the techniques used in the attacks was “password spraying” – collecting employees’ names and email addresses from open internet searches, then combining them with default passwords, or those most commonly used (it’s a sorry fact that password  and 12345 are still far too commonplace). Instituting a stronger policy of cyber security and educating employees over basic steps they can take to better prepare themselves against a future attack is of paramount importance.

Because all the defendants of the charges are in Iran, no arrests have been made, but Deputy US Attorney General Rod Rosenstein said the indictment was important for disrupting their hacking operations and for deterring anyone from committing similar crimes. The US Treasury Department’s Office of Foreign Assets Control has also imposed sanctions on the Mabna Institute.


 

References:     US Department of Justice      The American Lawyer International 

 


This content is available to subscribers only. To continue reading...

Sign in to your account

Take a one-month free trial

If you aren't a subscriber, please sign up for a one-month free trial to access all Robotics Law Journal content, including:

  • All premium online content
  • Daily newsletters
  • Breaking news alerts


If you require further information, please email subscriptions@roboticslawjournal.com or contact call us on +44 (0) 20 7193 5801.