Hackers Stealing High Grade Academic Research

Uploaded on 2018-09-28 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Iranian hackers have reportedly breached top British universities, including Oxford and Cambridge, to steal what are “millions” of papers and academic research documents that they then put up for sale via WhatsApp and websites. 

Much of the subject matter is understood to be bland, but some of the papers covered topics including nuclear development and computer encryption.

Whoever stole the papers is reportedly selling them on Farsi language websites in addition to the end-to-end encrypted WhatsApp messaging app, where they’re going for as little as £2 (USD $2.63).

The intellectual property theft was initially reported last month by Secureworks researchers who discovered a URL spoofing a login page for a university: the tip of what turned out to be a credential-stealing iceberg. A deeper dive uncovered 16 domains containing over 300 spoofed websites and login pages for a global campaign targeting 76 universities located in 14 countries, including Australia, Canada, China, Israel, Japan, Switzerland, Turkey, the UK, and the US.
Secureworks tied the campaign to the Iranian government.

In February, the US indicted nine Iranian nationals for alleged computer intrusion, wire fraud, and aggravated identity theft. The indictment alleged that the men were involved in a scheme to obtain unauthorised access to computer systems, steal proprietary data from those systems, and sell the stolen data to Iranian customers, including the Iranian government and Iranian universities.

According to the FBI, each of the nine was affiliated with the Mabna Institute: a private government contractor based in Iran that worked for the Islamic Revolutionary Guard Corps. The FBI says that plundered organisations included about 144 US universities, 176 foreign universities in 21 countries, 5 federal and state government agencies in the US, 36 private companies in the US, 11 foreign private companies, and 2 international non-governmental organizations.

The hackers allegedly obtained access to university systems and research databases by phishing university staff and students, prompting them to reset their passwords at the spoofed domains that Secureworks uncovered last month.
Universities are, of course, a plum target for cyber-attackers, given the extremely valuable intellectual property that comes from research projects – particularly those concerned with national infrastructure, technology, and defense, be it cyber or on the battlefield.

After first discovering the spoofed sites, Secureworks’ Counter Threat Unit Research Team said that the threat underscored the importance of incorporating multi-factor authentication using secure protocols, plus implementation of complex password requirements on publicly accessible systems.

We don’t have much detail on how much of the stolen material was due to be published anyway, phishing campaign or no phishing campaign. How much cryptography research done at universities is top-secret, for example? Neither do we know how much of the material was stolen from behind some sort of paywall that has nothing to do with secrecy or national security, as was the case with the “thefts” allegedly pulled off by Aaron Swartz.

Schwartz allegedly used MIT’s network to download a mass of academic articles from non-for-profit academic journal archive JSTOR in contravention of his entitlement, with the aim of republishing them without restriction. Were some of the documents stolen from behind what were genuinely supposed to be closed doors with restricted access? Or classed as “stolen” because they weren’t officially released yet?

In short, we don’t know how much of the material being offered “for sale” was actually stolen. We do know, however, that thieves don’t necessarily discriminate: they just grab whatever they can get, then they, or their paying clientele, figure out what they got away with.

Better to keep them out to begin with, rather than assume that we shouldn’t break a sweat about any of the stolen documents, no matter how bland they might appear at first blush.

Naked Security

You Migh Also Read:

Iranian Malware Delivered Via Fake Oxford University Sites:

Iranian Hackers Target Universities For Secret Research:

 

« Hackers Are Fighting A Surrogate Cold War
Fancy Bear Have A Nasty New Weapon »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Arista Networks

Arista Networks

Arista Networks is an industry leader in data-driven, client to cloud networking for large data center, campus and routing environments.

Resilient Information Systems Security (RISS)

Resilient Information Systems Security (RISS)

RISS is a research group is in the Department of Computing at Imperial College London.

Averon

Averon

Averon's technology is the new gold standard for digital identity - the easiest, fastest and most secure verification solution for users on both WiFi and LTE.

OneWelcome

OneWelcome

Onegini and iWelcome have merged to become OneWelcome, the largest European Identity Access Management Saas Vendor.

GreenWorld Technologies

GreenWorld Technologies

GreenWorld has a proven track record in industry leading IT asset management, secure data destruction and remarketing.

Labs/02

Labs/02

Labs/02 is a seed-stage incubator with a mission to advance cutting-edge technology in innovative areas including AI, deep learning, autonomous transportation, and smart cities.

Cyber Security Cloud (CSC)

Cyber Security Cloud (CSC)

Cyber Security Cloud provides web application security services worldwide using world's leading cyber threat intelligence and AI technology.

Inflection Point Ventures (IPV)

Inflection Point Ventures (IPV)

Inflection Point Ventures (IPV) is a 6000+ members angel investing firm which supports new-age entrepreneurs by connecting them with a diverse group of investors.

NetWitness

NetWitness

NetWitness empowers security teams to rapidly detect today’s targeted and sophisticated attacks with unparalleled visibility.

VectorRock

VectorRock

Save Your Business From Cyber Criminals. We specialize in uncovering cyber risks which threaten your organization and fixing them.

Punk Security

Punk Security

Punk Security are specialists in integrating security into DevOps pipelines, enabling rapid and secure development.

Oligo Security

Oligo Security

Oligo aims to streamline the usage of open source by making it secure and easy to protect. Through focusing developers on the relevant vulnerabilities we make the fixing process significantly shorter.

Digital Catapult

Digital Catapult

Digital Catapult is the UK authority on advanced digital technology. We bring out the best in business by accelerating new possibilities with advanced digital technologies.

Dapple Security

Dapple Security

Dapple Security is creating cutting edge technology utilizing responsible biometrics that protects people and privacy through a first-of-its-kind passwordless platform.

Skillfield

Skillfield

Skillfield is a Melbourne based Cyber Security and Data Services consultancy and professional services company.

Heritage Cyber World

Heritage Cyber World

Heritage Cyber World is a one stop solution for all your security needs that brings together a team of security experts and analysts to deliver high-class security services.