Hackers Stealing High Grade Academic Research

Iranian hackers have reportedly breached top British universities, including Oxford and Cambridge, to steal what are “millions” of papers and academic research documents that they then put up for sale via WhatsApp and websites. 

Much of the subject matter is understood to be bland, but some of the papers covered topics including nuclear development and computer encryption.

Whoever stole the papers is reportedly selling them on Farsi language websites in addition to the end-to-end encrypted WhatsApp messaging app, where they’re going for as little as £2 (USD $2.63).

The intellectual property theft was initially reported last month by Secureworks researchers who discovered a URL spoofing a login page for a university: the tip of what turned out to be a credential-stealing iceberg. A deeper dive uncovered 16 domains containing over 300 spoofed websites and login pages for a global campaign targeting 76 universities located in 14 countries, including Australia, Canada, China, Israel, Japan, Switzerland, Turkey, the UK, and the US.
Secureworks tied the campaign to the Iranian government.

In February, the US indicted nine Iranian nationals for alleged computer intrusion, wire fraud, and aggravated identity theft. The indictment alleged that the men were involved in a scheme to obtain unauthorised access to computer systems, steal proprietary data from those systems, and sell the stolen data to Iranian customers, including the Iranian government and Iranian universities.

According to the FBI, each of the nine was affiliated with the Mabna Institute: a private government contractor based in Iran that worked for the Islamic Revolutionary Guard Corps. The FBI says that plundered organisations included about 144 US universities, 176 foreign universities in 21 countries, 5 federal and state government agencies in the US, 36 private companies in the US, 11 foreign private companies, and 2 international non-governmental organizations.

The hackers allegedly obtained access to university systems and research databases by phishing university staff and students, prompting them to reset their passwords at the spoofed domains that Secureworks uncovered last month.
Universities are, of course, a plum target for cyber-attackers, given the extremely valuable intellectual property that comes from research projects – particularly those concerned with national infrastructure, technology, and defense, be it cyber or on the battlefield.

After first discovering the spoofed sites, Secureworks’ Counter Threat Unit Research Team said that the threat underscored the importance of incorporating multi-factor authentication using secure protocols, plus implementation of complex password requirements on publicly accessible systems.

We don’t have much detail on how much of the stolen material was due to be published anyway, phishing campaign or no phishing campaign. How much cryptography research done at universities is top-secret, for example? Neither do we know how much of the material was stolen from behind some sort of paywall that has nothing to do with secrecy or national security, as was the case with the “thefts” allegedly pulled off by Aaron Swartz.

Schwartz allegedly used MIT’s network to download a mass of academic articles from non-for-profit academic journal archive JSTOR in contravention of his entitlement, with the aim of republishing them without restriction. Were some of the documents stolen from behind what were genuinely supposed to be closed doors with restricted access? Or classed as “stolen” because they weren’t officially released yet?

In short, we don’t know how much of the material being offered “for sale” was actually stolen. We do know, however, that thieves don’t necessarily discriminate: they just grab whatever they can get, then they, or their paying clientele, figure out what they got away with.

Better to keep them out to begin with, rather than assume that we shouldn’t break a sweat about any of the stolen documents, no matter how bland they might appear at first blush.

Naked Security

You Migh Also Read:

Iranian Malware Delivered Via Fake Oxford University Sites:

Iranian Hackers Target Universities For Secret Research:

 

« Hackers Are Fighting A Surrogate Cold War
Fancy Bear Have A Nasty New Weapon »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Applicure Technologies

Applicure Technologies

Applicure Technologies develops the leading multi-platform web application security software products to protect web sites and web applications from external and internal attacks.

sic[!]sec

sic[!]sec

sic[!]sec provide products and services for web application security.

BitRaser

BitRaser

BitRaser serves your needs for a managed & certified data erasure solution that can support internal & external corporate audit requirements with traceable reporting.

Phirelight Security Solutions

Phirelight Security Solutions

Phirelight empowers an enterprise to easily understand how their networks behave, while at the same time assessing and managing cyber threats in real time.

Digital Transformation EXPO (DTX)

Digital Transformation EXPO (DTX)

Digital Transformation EXPO showcases the latest technology and insight from the world’s leading brands and experts in DX.

AAROH

AAROH

AAROH helps customers in Government, Law Enforcement, and Enterprises to identify, prevent, detect, resolve and protect from threats, crimes, breaches & fraud.

AUTOCRYPT

AUTOCRYPT

AUTOCRYPT is a mobility security provider dedicated to the safety of future transportation

Blackfoot Cybersecurity

Blackfoot Cybersecurity

At Blackfoot, we work in partnership with you to deliver on-demand cyber security expertise and assurance, keeping you one step ahead of threats & compliant with regulations.

Crosspoint Capital Partners

Crosspoint Capital Partners

Crosspoint Capital Partners is a private equity investment firm focused on the cybersecurity and privacy sectors.

ZARIOT

ZARIOT

ZARIOT's mission is to restore order to what is becoming connected chaos in IoT by bringing unrivalled security, control and quality of service.

Nexon Asia Pacific

Nexon Asia Pacific

Nexon solutions include cloud infrastructure and services, unified communications, managed security services, business continuity, secured high-performance network and business applications.

Cardonet

Cardonet

Cardonet is an IT Support and IT Services business offering end-to-end IT services, 24x7 IT Support to IT Consultancy, Managed IT and Cyber Security.

Aiden Technologies

Aiden Technologies

Aiden simplifies your IT process, giving you peace of mind and security by ensuring your computers get exactly the software they need and nothing else.

Gilsbar

Gilsbar

For more than half a century, Gilsbar has offered insurance service solutions and support for businesses and their employees.

Ceeyu

Ceeyu

Ceeyu is an all-in-one cybersecurity ratings and third party risk management platform.

AuthenticID

AuthenticID

Our mission at AuthenticID is to combat fraud worldwide and help businesses protect their enterprise and valuable data assets.