Iran’s Cyber Capabilities Expanded throughout Nuclear Talks

The U.S. Treasury and Justice Departments took combined action Friday to designate and indict the Iranian firm Mabna Institute, as well as nine of its contractors responsible for “a coordinated campaign of cyber intrusions.” Between 2013 and 2017, these entities hacked hundreds of universities, private companies, and government agencies in the U.S. and around the world. The four-year campaign to steal billions of dollars’ worth of intellectual property attests to Iran’s evolving cyber capabilities.

In a press conference announcing the indictment, Sigal Mandelker, Treasury undersecretary for terrorism and financial intelligence, traced the hacking to Iran’s Islamic Revolutionary Guard Corps (IRGC), noting that “The IRGC plays a central role in Iran’s malign activities across the world.”

U.S. Attorney for the Southern District of New York Geoffrey Berman noted that the hackers stole 31.5 terabytes of academic data and intellectual property. He added that U.S. universities spent $3.4 billion to maintain subscriptions to databases to allow them to access the data in question. “The defendants got it for free,” he stated. The $3.4 billion figure is only a fraction of the value of the intellectual property, resulting from thousands of hours of academic research.

This does not include the information stolen from 11 technology companies, an industrial machinery company, and a biotechnology company, among other private sector victims. This data may have provided Iran with a way around increasingly strict U.S. export controls as a means to improve its military capabilities.

From a political perspective, the indictment punctures the fallacy that Iran had reduced its cyber attacks during the 2013-2015 nuclear deal negotiations. Indeed, since Hassan Rouhani became president in 2013, the regime has invested heavily in its cyber capabilities. Rather than pursuing relatively simple, but public, denial-of-service attacks, Iranian hackers have used their improving capabilities to quietly infiltrate networks, conduct reconnaissance, and exfiltrate data. Thus, as the regime sought to portray itself as a responsible international actor at the negotiating table, its agents were simultaneously engaged in a massive, malicious cyber campaign.

While the one-two punch of sanctions and indictment constitute an important step, the accompanying announcements omitted an important point: Iran is engaged in cyber-enabled economic warfare. Stealing intellectual property causes economic damage, undermines the institutions that feed innovation into America’s national security industrial base, and advances the military capabilities of our adversaries. A new cyber strategy is needed to defend from this pernicious threat.

Annie Fixler is a policy analyst at the Foundation for Defense of Democracies’ Center on Sanctions and Illicit Finance. Follow her on Twitter @afixler. Behnam Ben Taleblu is a research fellow focusing on Iran at the Foundation for Defense of Democracies.

Follow the Foundation for Defense of Democracies on Twitter @FDD and its Center on Sanctions and Illicit Finance @FDD_CSIF. FDD is a Washington-based, nonpartisan research institute focusing on national security and foreign policy.