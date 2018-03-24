The hacking scheme targeted college professors and stole intellectual property and research worth billions of dollars. The targets were located in the U.S. and other Western countries.

The U.S. Department of Justice announced it had indicted nine Iranians who were working for the Revolutionary Guards, as well as an Iranian government front company, for hacking hundreds of college and university professors, as well as other private and government entities.

CNN:

"(W)e have unmasked criminals who normally work in total anonymity, hiding behind the ones and zeros of computer code," said Manhattan US Attorney Geoffrey Berman, who called it a "massive and brazen cyberassault." The move from the Justice Department and Treasury follows other US efforts to indict foreign government-linked cyberattackers, including special counsel Robert Mueller's indictment of Russian operatives for meddling in the 2016 US election, and the Obama administration's indictment of Chinese military members for the government-sponsored hacking of US companies. It also comes at a time of tension with Iran, long an adversary of the US. As President Donald Trump reshuffles his national security and diplomacy team, including firing Secretary of State Rex Tillerson and national security adviser H.R. McMaster, experts speculate Trump may be laying the groundwork to pull out of the Iran nuclear deal that the Obama administration negotiated, though Iran's cyber efforts were not part of that deal. Officials also stressed that the hacking was conducted at the behest of the Iranian government, and Mabna Institute functioned as a contractor for the Revolutionary Guard. Sigal Mandelker, Treasury's undersecretary for terrorism and financial intelligence, stressed that the elite military wing has been a primary actor behind Iran's sponsorship and encouragement of terrorism. "The IRGC plays a central role in Iran's maligned activities across the world, including fomenting terrorism," Mandelker said.

Lest there be any doubt in the matter, the Iranian Revolutionary Guards are under the direct control of Supreme Leader Ayatollah Khamenei. The hacking scheme originated at the highest levels of the Iranian government.

What's curious is that the professors, who are supposed to be above average in intelligence, fell for one of the oldest tricks in the hacker playbook:

To break into the accounts, the sophisticated campaign started by studying each target in a reconnaissance phase, then using that information to send specialized emails to the targets that appeared to come from other university professors expressing interest in a recently published work, with links to other research that were actually links to malicious websites that would mimic the professor's login page and steal his or her login information and use it to access their accounts.

Our systems are more vulnerable than they should be because the cost of having really good security is high. Banks, most retail outlets, and the government take the threat of hacking and penetration very seriously. They feature state-of-the-art security that, at least, slows the hackers down.

But what about the rest of us? And the fact that penetrating our personal computers and devices makes it easier for a hacker to get into other commercial systems?

We are used to thinking of the internet as open and transparent, where information and knowledge are shared broadly around the world. But that very openness is a trap. Bad actors are constantly probing, looking for an opening to exploit. The answer is better security and, just as importantly, security awareness. But until we can find a way to deter the cyber-warriors, this kind of crime will continue to happen.