Hackers Stealing High Grade Academic Research

Uploaded on 2018-09-28 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Iranian hackers have reportedly breached top British universities, including Oxford and Cambridge, to steal what are “millions” of papers and academic research documents that they then put up for sale via WhatsApp and websites. 

Much of the subject matter is understood to be bland, but some of the papers covered topics including nuclear development and computer encryption.

Whoever stole the papers is reportedly selling them on Farsi language websites in addition to the end-to-end encrypted WhatsApp messaging app, where they’re going for as little as £2 (USD $2.63).

The intellectual property theft was initially reported last month by Secureworks researchers who discovered a URL spoofing a login page for a university: the tip of what turned out to be a credential-stealing iceberg. A deeper dive uncovered 16 domains containing over 300 spoofed websites and login pages for a global campaign targeting 76 universities located in 14 countries, including Australia, Canada, China, Israel, Japan, Switzerland, Turkey, the UK, and the US.
Secureworks tied the campaign to the Iranian government.

In February, the US indicted nine Iranian nationals for alleged computer intrusion, wire fraud, and aggravated identity theft. The indictment alleged that the men were involved in a scheme to obtain unauthorised access to computer systems, steal proprietary data from those systems, and sell the stolen data to Iranian customers, including the Iranian government and Iranian universities.

According to the FBI, each of the nine was affiliated with the Mabna Institute: a private government contractor based in Iran that worked for the Islamic Revolutionary Guard Corps. The FBI says that plundered organisations included about 144 US universities, 176 foreign universities in 21 countries, 5 federal and state government agencies in the US, 36 private companies in the US, 11 foreign private companies, and 2 international non-governmental organizations.

The hackers allegedly obtained access to university systems and research databases by phishing university staff and students, prompting them to reset their passwords at the spoofed domains that Secureworks uncovered last month.
Universities are, of course, a plum target for cyber-attackers, given the extremely valuable intellectual property that comes from research projects – particularly those concerned with national infrastructure, technology, and defense, be it cyber or on the battlefield.

After first discovering the spoofed sites, Secureworks’ Counter Threat Unit Research Team said that the threat underscored the importance of incorporating multi-factor authentication using secure protocols, plus implementation of complex password requirements on publicly accessible systems.

We don’t have much detail on how much of the stolen material was due to be published anyway, phishing campaign or no phishing campaign. How much cryptography research done at universities is top-secret, for example? Neither do we know how much of the material was stolen from behind some sort of paywall that has nothing to do with secrecy or national security, as was the case with the “thefts” allegedly pulled off by Aaron Swartz.

Schwartz allegedly used MIT’s network to download a mass of academic articles from non-for-profit academic journal archive JSTOR in contravention of his entitlement, with the aim of republishing them without restriction. Were some of the documents stolen from behind what were genuinely supposed to be closed doors with restricted access? Or classed as “stolen” because they weren’t officially released yet?

In short, we don’t know how much of the material being offered “for sale” was actually stolen. We do know, however, that thieves don’t necessarily discriminate: they just grab whatever they can get, then they, or their paying clientele, figure out what they got away with.

Better to keep them out to begin with, rather than assume that we shouldn’t break a sweat about any of the stolen documents, no matter how bland they might appear at first blush.

Naked Security

You Migh Also Read:

Iranian Malware Delivered Via Fake Oxford University Sites:

Iranian Hackers Target Universities For Secret Research:

 

« Hackers Are Fighting A Surrogate Cold War
Fancy Bear Have A Nasty New Weapon »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

High-Tech Bridge

High-Tech Bridge

High-Tech Bridge SA is a Swiss MSSP provider offering security auditing, source code review and computer forensics.

CybergymIEC

CybergymIEC

CybergymIEC is a global leader in cyber defense solutions and training services.

Inter-American Cooperation Portal on Cyber-Crime

Inter-American Cooperation Portal on Cyber-Crime

The Inter-American Cooperation Portal on Cyber-Crime was created to facilitate and streamline cooperation and information exchange among government experts from OAS member states.

Sanderson Recruitment

Sanderson Recruitment

Sanderson is a recruitment company providing expert recruitment services in areas including Cyber & Information Security.

First Point Group (FPG)

First Point Group (FPG)

First Point Group provide a global technological recruitment service worldwide. Within that we have a specialist team of Cyber Security recruiters.

Xperien

Xperien

Xperien is a leading South African Information Technology Asset Disposition (ITAD) company.

Eco Recycling (Ecoreco)

Eco Recycling (Ecoreco)

Eco Recycling is India's first and leading professional E-waste Management Company that has set industry benchmarks with its innovative & environment friendly disposal practices.

NJVC

NJVC

NJVC delivers IT automation, optimization and security to empower mission-enabling IT for customers with secure requirements.

Hyperion Gray

Hyperion Gray

Hyperion Gray are a small research and development team focused on innovative work in a variety of areas including Software & Security Research, Penetration Testing, Incident Response, and Red Teaming

Analygence

Analygence

ANALYGENCE is your trusted partner for mission support, cyber solutions, and management services.

Psybersafe

Psybersafe

Psybersafe is a hands-on, behaviour-changing training system that keeps your people and your business cyber safe.

Lupovis

Lupovis

Lupovis is an AI-based deception solution that deploys active decoys turning your network from a flock of sheep to a pack of wolves where the hunter becomes the hunted.

Ministry of Electronics & Information Technology (MeitY)

Ministry of Electronics & Information Technology (MeitY)

The Ministry of Electronics & Information Technology is an executive agency responsible for IT policy, strategy and development of the electronics industry.

CyberSanctus

CyberSanctus

CyberSanctus provide clients with a variety of pentest plans from the entry level starter plan, which is tailored for personal websites, to enterprise level pentests, tailored for large scale business

Emircom

Emircom

Emircom is one of the Middle East's leading independent providers of IT infrastructure services, helping clients to drive growth and deliver measurable outcomes.

360 Advanced

360 Advanced

360 Advanced is a relationship-focused cybersecurity and compliance firm offering integrated compliance solutions customized to meet your business’ needs.