Skip to main content

Rod Rosenstein
  Iranian Hackers Indicted  CSPAN  March 23, 2018 4:32pm-5:05pm EDT

4:32 pm
30 minutes podcast at or from your podcast subscriber. justice and treasury department officials announced indictments against nine iranian hackers who have been accused from stealing data from universities on behalf of tehran. this briefing is half an hour. >> good morning. for may decades the united states has led the world in science, technology, research and development. hostile in organizations and nationstates have taken the about success. they increasingly attempt to profit from american ingenuity
4:33 pm
by infiltrating our computer systems, stealing our elect -- intellectual property. when hackers gain unlawful access to computers, it can take only a few minutes to steal discoveries that were produced by many years of work and many millions of dollars of activityt that type of is not just cause economic harm but it also threatens america's identifyingurity hackers is the top priority of the department of justice. we are here today to announce that the federal grand jury of the southern district of new york has indicted nine iranians love defrauded universities, businesses, and government agencies. i would like to caution you that an indictment is not the finding of guilt in the american
4:34 pm
judicial system. defendants are presumed innocent unless and until proven guilty in the court. this indictment alleges that the defendants worked on behalf of the iranian government, specifically islamic revolutionary guard corps. they hacked computer systems of approximately 120 universities -- approximately 320 universities in 22 countries. 144 of the victims are american universities. -- stoledant's cost research the cost of universities approximately $3.4 billion to procure and maintain. that stolen information was used by the revolutionary guard or sold for profit in a run. the defendants worked for an -- andation known institute which two of the defendants founded with the stated purpose of helping iranian universities access
4:35 pm
scientific research. their work consisted of stealing research through illegal work. intrusion. -- includesnt fraud, conspiracy, and identity theft. i'd like to make a point before i turn over the microphone to jeffrey berman. first, every sector of our economy is the target of malicious cyberattacks. anyone who owns a computer needs to be village -- vigilant to prevent attacks. targets.ons are prime universities can thrive as marketplaces of ideas and engines of research and development on if their work is protected from theft. events highlight the need
4:36 pm
for university and all organizations to emphasize a cyber security, increase threat awareness, and heart and computer networks. the second important point is that our work on this case is critically important because it will disrupt the activities of the institute and will deserve similar crimes by other perpetrators. this kind of public identification helps to deter state sponsored computer intrusions by stripping hackers of anonymity and by imposing .eal consequences revealing the institutes nefarious actions make it harder for them to do business. additionally we are going to help neutralize their hacking infrastructure. by bringing in these criminal charges we reinforce the norm
4:37 pm
that most of the civilized world accepts. nationstates should not steal eligible property for the purpose of giving domestic industries a competitive advantage. as a result of the indictment, these defendants are now fugitives from justice. there are more than 100 countries where they may face arrest and extradition to the united states. thanks to the treasury department, the defendants will fight it difficult to engage in business -- find it difficult to engage in business or financial transactions outside of iran. by making it clear that criminal action's have consequence, we deter schemes to victimize the united states and its companies and its citizens. and we help to protect our foreign allies. issummary, the united states taking several coordinate actions to coincide with on stealing -- unsealing this indictment. we are releasing information
4:38 pm
about cyber vulnerabilities which will help private organizations protect themselves, clearly listing the existence of international law .nforcement i'm grateful for steve mnuchin for using the treasury's resources. directorey berman, fbi christopher a -- chris for a and the other personnel who worked to secure this important indictment. i bike to reduce the united states attorney from southern new york, jeff berman. jeff: thank you, rod. good morning. my name is jeffrey berman and i am a united states attorney for the southern district of new york. today in one of the largest state sponsored hacking
4:39 pm
campaigns ever prosecuted, we have unmasked criminals who normally work in total anonymity hiding behind the ones and zeros of computer code. this massive and brazen cyber assault on the computer systems of 144 u.s. universities, 176 for universities, in 21 and dozens of government organizations and private companies, this assault was conducted on behalf of the uranium government's islamic revolutionary guard or irgc. at the indictment alleges, they were members of the institute which conducted the assault at the behest of the ih -- the irgc. the company was set up in 2013
4:40 pm
by two defendants. and while the company's name may sound legitimate, this institute was set up for one reason only. to steal scientific resources mother countries around the world. the campaign operated in three parts. a university campaign, private company packs and -- hacks and nongovernmental hacks. 2017 the defendants hacked over hundreds of accounts around the world. by tricking professors to click on false links, compromised 8000
4:41 pm
accounts. once they gained access to these accounts the defendant still massive amounts of academic data and intellectual property. the universities combined had to pay $3.4 billion to access this information. the defendants got it for free. they targeted data and research includingields science, technology, engineering, social science, medical, and other professional yields. fields. in total, they stole over 31.5 terabytes of data. over 15 billion pages. and sent that back to computers they control outside of the united states. to be clear this is not just raw data, this is the innovation and intellectual property of some of our country's greatest minds.
4:42 pm
the second part of the campaign targeted at least 36 of the private sector companies in the united states and at least 11 copies based in foreign countries the hackers target firms and companies across sectors. law firms, technology companies, biotechng companies, companies and others. the they gained access, defendants stole entire emailed mailboxes from the victims. forwarded all new emails to the defendants. the third campaign targeted u.s. government and nongovernmental organizations. among the victims, the department of labor. the united nations. and even the federal energy regulatory commission. that is the agency that regulates the interstate
4:43 pm
transmission of electricity, natural gas, and oil. that agency has the details of some of this country's most sensitive infrastructure. we believe that online defendants are currently in iran. i have a message for them and for others who attempt to harm our country through cyber assault. we have worked tirelessly to -- identify you and you cannot hide behind a keyboard halfway around the world and expect not to be held to account. together with our law enforcement partners, we will work with -- relentlessly and creative lee -- creatively to apply legal tools to find and charging. will do -- to find and charge you. these men are now fugitives from the american judicial system.
4:44 pm
these defendants are no longer free to travel outside of iran without the fear of being arrested in accidents in the united dates. they cannot leave iran to conduct business. the only way they can see the rest of the world is through their computer screen. but now stripped of their greatest asset, anonymity. , the crux of this case is the fact that the government of around systematically and roughly -- the government of iran systematically and hacked into our computer system in an attempt to gain as much information as possible. as clever as these criminals thought they were, they were ultimately detected and identified by the most sophisticated, capable, and it -- capable law enforcement in the world. i'd like to thank my deputy director and our good friend
4:45 pm
bill sweeney, assistant director in charge for the field office in your area of the -- the new york fbi field office. we are lucky to have them as partners. i would like to think prosecutors of my office investigated and prosecuted this case. i want to thank the criminal division chief. for leadership and excellence in britain's case. -- for her leadership and excellence supervision in this case. expertise andat knowledge in this area of cybercrime and spearheaded the investigation. mr. howard was assisted by two aids, richardnt cooper and jonathan cohen. privilege and quite
4:46 pm
alongsideo be working such talented and dedicated public servants. i would now like to introduce .he next speaker david: and you, good morning. -- thank you, good morning. i'm david about us, the deputy director and i'm representing david bowdich from the new york fbi field office. those members who assisted with his investigation here, to show them appreciation for their work and a tireless man-hours they have put into this investigation. as well as the prosecutors. the fbi is charged with defending the united states
4:47 pm
against the full range of cyber crimes. we face cyber threats from hackers from higher -- hackers for hire. stealsponsored hackers our government secrets, our trade secrets, our technology, and ideas for military and competitive advantage. in the end's -- the men we are indicting today were contractors, hackers for hire, were part of a private contractor based in iran. the institute acted in the hest of the revolutionary guard corps. these state-sponsored hackers approximately 144 u.s. universities and 176 foreign universities in 21 countries. they targeted more than 100,000 gmail accounts of professors around the world.
4:48 pm
they were able to compromise more than 8000 of those accounts. scholarly research, innovative private-sector ideas, and personal email accounts belonging to the targeted victims was accessed and exploited. in the end, the information retrieved from the academic databases during the course of -- as you have already heard, it cost them approximately $3.4 billion to procure and access. the substitution of these databases are funded in part by taxpayer dollars and student tuition. this means people in our country were paying for services when nationstate actors were concerning for free -- consuming for free. they are not admiring our work they are stealing it, taking credit for, and selling it to others.
4:49 pm
compromisedd and female accounts for 36 u.s. taste private companies -- u.s. based private companies. a low and slow style of brute force attack that flies under the radar of protocols used by many companies. they compromised email accounts for various government and nongovernment organizations including the department of labor the federal energy regulatory commission, the state of hawaii and indiana, and even the united nations. when we learned of these attacks, we notified the victims so that they can take action to minimize the impact. we took action to find and stop these hackers. some may ask, why would you pursue people you will never get your hands on? it is true, after hades and that -- apprehending these individuals is a challenge but it is not impossible.
4:50 pm
we've done it before and we will do it again. vacations,el, make make plans and families, and having your name face and description on the wanted poster makes moving around much more difficult. well we cannot apprehend individuals easily, we will resort to other methods such as naming and shaming, sanctions, and publicity. we keep at it because the fbi and our departments -- our friends at the department of justice have a long memory and are long arm of the law reaches worldwide. we understand that companies and institutions may be reluctant to report breaches that many believe notifying authorities will hurt their competitive advantage or damage the reputation. we do not want companies are universities, or individuals, to companies do not want or universities or individuals
4:51 pm
to feel victimized by an investigation. we will minimize to keep their routine and protect their safety. we will protect their trade secrets and business confidentiality. maintaining a code of silence will not serve anyone in the country in the long run. we want to thank our partners in the united kingdom national crime agency and the foreign assets control. we will continue to work together and use every tool at our disposal to fight cyber espionage, to protect our innovation, ideas, and innovation. we all need to do our part to make sure that our systems are strong and secure and protected as possible. we cannot stress enough the american public, to our business owners, to our academic institutions across the board, the importance of good, cyber hygiene. and the use of strong passwords as well as multifactor
4:52 pm
authentication's. can to to do whatever we lay hands on these people, the guitar others from joining for -- to deter other people from joining the fray and keep our nation safe. thank you. >> good morning i am the under secretary of treasury for terrorism and financial intelligence. today along with the justice department's indictment, the department of foreign assets control is dedicating one iranian entity and 10 iranian individuals under executive four significant malicious cyber activities. specifically today we are whichoning the institute -- hacking activities on their behalf. -- institute one ducted
4:53 pm
conducted massive coordinated cyber intrusions into the computer systems of 300 unit -- universities worldwide. including 144 institutions right here in the u.s. this was done at the behest of revolutionary guard corps, irgc, which outsourced this data to the institute and their hackers for hire. the irgc plays a central role and iran's malign activities across the world including enacting terrorism. in october of last year we had terrorism authorities providing key support to irgc. syrian president's
4:54 pm
relentless campaign of brutal ,iolence against his own people as well as the legal activities of hezbollah, hamas, and other terrorist groups. the irgc has been designated for times over here in the united states and they have been designated in the european union and by the u.n.. scheme allowed the irgc to obtain valuable from universities and united states and 21 other countries including the united canada, germany, australia, israel, japan, south korea, china, and other countries. opec is also designating nine individuals who are leaders, contractors, associates, hackers for hire and other affiliates of the institute.
4:55 pm
addiction -- in addition to andactions we are taking, iranian national who compromised belongingser accounts to a u.s. media and entertainment company, and then engaged in attempts to extort the victim company for $6 million. as a result, all property and interests in property of the decimated person, subject to the u.s. jurisdiction, are blocked, and u.s. persons are in general prohibited from engaging in transactions from them -- with them. people who knowingly conduct in transactions with these individuals are also subject to our sanctions. the cyber breach we are taking action against today are just the latest extraordinary examples of the iranian regime's
4:56 pm
willingness to use cyber and -- tomeans to elicit self -- to elicit attacks against other countries. this send a message around the world about iran's continued deceptive practices but it should come as no surprise. the iranian regime continually attempts to flout our laws and those of our allies and partners. ago we tookonths concerted action against an irgc counterfeit scheme that aims to corrupt the international financial system, including by circumventing european exports control. which again, irgc, outsourced these hacks, continues to have an extensive presence in iran's economy.
4:57 pm
lackt benefits from iran's of transparency in its financial sector. as the task force had highlighted, just last month, there continues to be massive deficiencies in iran's the-money laundering, financing of terrorism regimes, for over a decade. decade, iran has failed to fulfill their applications -- obligations. ourre committed to using authority to combat the regime's deception. under this administration, opec has issued 11 tranches of designating 108 targets in the middle east, asia, and europe in connection , iran's support
4:58 pm
for terrorism, its ballistic missile programs, its human rights abuses, it's censorship, its transnational collectivity, and it's cyberattacks. we will continue to hold the irgc and iranian cyber actors accountable. including these ongoing, costly malicious cyber attack. i would like to thank the justice department and the fbi for their close ordination and terrific work on this action. -- thankt to change the career officials who worked tirelessly with us on this coordinated action. you say this has been going on for four or five years. how did you get onto it? >> it was the excellent work of the fbi. that is how it started and we proceeded from there. bowditch -- bowdich maybe
4:59 pm
even tell me more about that? >> i have to refer to our friend from new york. >> people who know me know that i cannot talk about tactics. i cannot get into specifics. >> i understand that. was the victim the one that alerted you to this? they came to you and said help us fineness? -- help us find this? >> in some cases victims came -- asd and we encouraged the director said, we encourage them to come forward. we encourage victims to come forward because we can help you. we can help resolve the current attack and prevent future attacks. and that is why we rely on patent cooperation. in many cases -- on victim cooperation. in many cases we notify the
5:00 pm
victims because the fbi has secure cyber experts. tremendous capability to the tech cyber intrusions and combat them. finds evidence and presents it to the victims of making take appropriate remedial action. any other questions? are there specific examples where the fruits of the death manifest themselves in some way? we are not going to talk about anything beyond what is in the public indictment. if we get to the citizens -- the sentencing stage, with regard to any defendant, we would have specific evidence concerning the loss. free to makere their own independent decisions about whether to come forward, for regulatory or other reasons,
5:01 pm
and take appropriate actions to protect their customers, but we are not going to be talking about any details beyond what is in the indictment. >> can you talk about the linkage to the contracts? it seems hard to believe that anyone would write a contract to have somebody else hack something. mr. rosenstein: alleged in the is that they were working as a contractor for the iranian government. we don't have details about the indictments, but the allegation in the indictment is the evidence will demonstrate that the madden institute was working and that of the irgc, the irgc benefited from the information stolen in the cyber hacking. >> the city of atlanta is being hit by a ransomware attack. there are concerns the federal government is not doing enough.
5:02 pm
force,you have a task but i have not seen in this administration or the previous one where this kind of stuff has deterred the iranians or russians. what is the federal government doing to deterred these kind of attacks and protect american citizens in infrastructure? mr. rosenstein: this in its second is year, and we are doing quite a lot. i am not going to speak to what has or has not been done historically. you only see the ones that have been deterred. we are working together to pursue every lead, and we are encouraging private sector victims to come forward. we will keep returning indictments will make can. some of the indictments are unsealed. are notother cases that public, but in which we are
5:03 pm
working actively in pursuing charges. we will continue to pursue this strategy, this whole of government approach that you see here i the virtue of the treasury's involvement, and it will have an impact. going to have a specific deterrent impact on the people who are blocked as a result of this case, and we are going to have a general deterrent impact because we are spreading the word that anybody who attacks america is going to face an appropriate coordinated response by the united states government. >> is it true that the attorney general [inaudible] announcer: this afternoon, richard blumenthal talks about gun violence prevention ahead of tomorrow's march for our lives rally here in washington. they will join the discussion hosted by reuters.
5:04 pm
it is live at 6:00 p.m. eastern. tomorrow we will have live coverage of the rally with marchers, activists, and politicians speaking out about gun violence in recent mass shootings. you can see that saturday starting at noon eastern on c-span. 2016, two students from marjorie stoneman douglas high school in parkland, florida won honorable mention in c-span's studentcam video contest. their documentary focused on gun violence in schools. the competition encourages students to think critically about issues that affect our communities and nation. here is the documentary. a quiet school library can quickly descend into chaos.