Lawsuits Against Facebook Growing

Posted on by

Lauren Price has been on Facebook (FB) for eight years and claims she frequently saw political ads on the social network during the 2016 election. She is suing the companies on behalf of other US Facebook members whose information was also collected by Cambridge Analytica, a data firm that worked with the Trump campaign.

The proposed class-action lawsuit was filed Tuesday at the US District Court in San Jose, California. Price is seeking unspecified damages.

This is the first lawsuit brought by a Facebook user over the Cambridge Analytica news, but others are likely to follow. The lawsuit is part of a growing backlash against both companies.

On Tuesday, Facebook (FB) investor Fan Yuan filed a lawsuit against the company in federal court on behalf of other investors. The suit claims Facebook made “misleading statements” and neglected to disclose details about third-party access to data, which caused the company’s stock price to fall significantly.

Price’s complaint adds that the companies have violated the privacy of million of people in the U.S. alone, and that users now have a higher risk of identity theft as a result.

“There’s going to be a lot of litigation flowing from this,” said attorney Jay Edelson of Edelson PC in Chicago. He is not involved with either case, but his firm does plan on filing related lawsuits in the near future.

“The most direct liability is against Cambridge Analytica. We believe they have violated a host of city, state, and federal laws,” said Edelson. “The case against Facebook is less direct. On the surface, many believe that Facebook acted, perhaps, negligently. We believe we will be able to provide more context to how Cambridge Analytica fits Facebook’s overall business model.” More here from CNN.

*** Facebook Hit with Lawsuit Alleging Privacy Wrongs | PCWorld photo

SAN FRANCISCO

Civil rights groups filed a federal lawsuit Tuesday against Facebook for enabling housing discrimination.

The housing rights activists, led by the National Fair Housing Alliance (NFHA), alleged that Facebook’s ad practices allow landlords and real estate agents to avoid serving housing ads to certain groups of people. The NFHA said landlords are able to avoid showing housing ads to women and families, for example.

“Amid growing public concern in the past weeks that Facebook has mishandled users’ data, our investigation shows that Facebook also allows and even encourages its paid advertisers to discriminate using its vast trove of personal data,” Lisa Rice, NFHA’s president and CEO, said in a statement.

“Facebook’s use and abuse of user data for discriminatory purposes needs to stop. It is already a challenge for women, families with children, people with disabilities and other under-served groups to find housing.”

Earlier this month, it was revealed that a political consultancy group was able to exploit Facebook user data on behalf of the 2016 presidential campaign for Donald Trump. Facebook chief executive Mark Zuckerberg personally apologized, but the social media giant has remained mired in controversy regarding how third parties can access user data.

Shares of Facebook dropped another 4.9 percent Tuesday to close at $152.22. Since the data breach was widely publicized on March 17, the stock has plummeted 18 percent.

The federal lawsuit filed by NFHA alleged that the way Facebook’s ad service is built allows for discrimination when it comes to housing. Landlords can choose not to show ads to certain groups of people based on gender, family status and a series of other qualities.

“Facebook’s platform that excludes these consumers from ever seeing certain ads to rent or buy housing must be changed immediately,” Rice continued.

“Facebook ought to be opening doors to housing opportunities instead of closing them.”

Facebook has not released any comments on the NFHA lawsuit.

Judiciary Cmte Subpoenas FBI for all Clinton Investigation Records

Posted on by

Politico: Facing a legal threat from House Republicans, the FBI announced Tuesday that it is doubling to 54 the number of staffers combing through documents to comply with GOP requests for records of the investigation into Hillary Clinton’s email server.

“Up until today, we have dedicated 27 FBI staff to review the records,” FBI director Christopher Wray said in a statement. “The actual number of documents responsive to this request is likely in the thousands. Regardless, I agree that the current pace of production is too slow.”

Wray’s statement comes just days after a top House Republican, Judiciary Committee Chairman Bob Goodlatte (R-Va.), subpoenaed the Justice Department for Clinton investigation records, citing “ongoing delays” in obtaining the documents. Goodlatte added that the subpoena covers documents related to the recent firing of former FBI Deputy Director Andrew McCabe.

Wray’s statement describes an intensifying demand on resources required by the bureau to fulfill the GOP subpoenas. It comes as some House Republicans have mounted an increasingly hostile campaign against the bureau leadership, accusing top DOJ and FBI officials of mishandling the Clinton investigation while assigning anti-Trump agents to oversee the Trump-Russia probe that the FBI launched in July 2016.

Democrats have derided those criticisms as baseless and politically motivated.

In a separate letter issued Tuesday, a top Justice Department official accused Goodlatte of breaking from longstanding norms in the relationship between DOJ and Congress. His subpoena for records surrounding McCabe’s firing, the department noted, came less than a week after his ouster and without any negotiations that typically precede a subpoena.

In a letter to Goodlatte, Assistant Attorney General Stephen Boyd called it a “significant deviation” from past practices.

Boyd also indicated that Goodlatte’s request included demands for documents that include “highly sensitive law enforcement and national security” information. Another request, Boyd said, covered information protected by attorney-client privilege and other aspects of the GOP requests were already provided, he said.

Boyd indicated that the FBI had provided the committee in August 2016 — during a previous session of Congress — with a 32-page set of investigative documents about the Clinton probe.

He said the department continues to provide new documents ever 10 to 14 days, based on Goodlatte’s requests, and that the work to produce them includes scrubbing for grand jury information, privileged materials or other sensitive material related to ongoing investigations.

“We are expeditiously reviewing the remaining documents to determine whether they are responsive,” Boyd said.

 

Congress Calls for Hearing with Facebook, Twitter and Google

Posted on by

While Cambridge Analytica has a proven shady history as noted below, Facebook has already admitted guilt and offered apologies when it comes to safeguarding private user information and interactions. So, when it comes to social media Facebook, Google and Twitter hold the power. Instagram and SnapChat are quite popular but do not hold the volume of data in comparison.

Now the FTC comes knocking at the door of Facebook.

FTC is investigating Facebook over privacy practices ... photo

***

The stuff you share and the inferences Facebook makes about you are packaged together with similar people’s data, stripped of names and sold to companies. That allows businesses to put ads in front of people they’re certain they can influence.

On Facebook, you are the product. Advertisers are the customer.

Facebook’s not alone. Most advertiser-supported networks sell some of your information to third parties. Google, Microsoft, Yahoo, AOL, Amazon, Twitter and Yelp do the same.

Giving up our privacy is the price we pay for getting to use Facebook for free. Most of the time, that tradeoff works: People take advantage of free services by posting, searching and sharing. Most companies that collect our data use it for legitimate purposes and within the bounds that companies like Facebook permit.

That arrangement has turned Facebook (FB) and Google (GOOGL) into online advertising juggernauts. They have built massive audiences of billions of customers, and advertisers flock to them. Facebook and Google control three-quarters of the $83 billion digital advertising market in the United States, according to eMarketer.

But the customer-is-the-product deal doesn’t always work to the user’s advantage. This weekend, the public learned data company Cambridge Analytica improperly accessed 50 million Facebook users’ personal information to influence the 2016 election.

Internet companies have a financial disincentive to give users more control over their data. If people share less, social networks will earn less money. More here.

In part from Bloomberg:

Fake News

Bell Pottinger’s tactics included producing phony television news reports as well as fake terrorist propaganda videos containing computer code that allowed Western intelligence agencies to track anyone who watched, according to a 2016 report from the London-based Bureau of Investigative Journalism, a not-for-profit reporting organization.

The man who awarded Turnbull’s Bell Pottinger unit its first Iraq contract was Ian Tunnicliffe, then a British colonel who was running strategic communications for the U.K. defense ministry. Tunnicliffe, now retired, has been a member of SCL’s advisory board. He didn’t respond to emails seeking comment.

SCL also stoked ethnic tensions in Eastern Europe and sprayed fake graffiti in the Caribbean, according to the firm’s own sales documents. Its defense business claims in pitch documents to have worked for clients as wide-ranging as the Libyan National Transitional Council, NATO and the U.K. Foreign Office. It says it worked in Pakistan for the U.S. Department of Defense and the U.S. Pacific Command in India on countering radicalization.

SCL recently signed a contract with the U.S. State Department for market research and public-opinion polling, according to a federal procurement database. The one-year contract, signed last week, is worth $496,232, according to the database.

Deep Ties

The firm also has deep ties to the British defense establishment and Conservative Party. Its first chairman was Geoffrey Pattie, a defense minister under Margaret Thatcher. In addition to Tunnicliffe, the advisory board has included retired Rear Admiral John Tolhurst and Ivar Mountbatten, the great-nephew of Louis Mountbatten, the military hero and Queen Elizabeth’s cousin. Jonathan Marland, a former Conservative Party treasurer who served as a minister for business under former Prime Minister David Cameron, is a shareholder.

Marland told the Guardian newspaper he hadn’t had a role in running SCL following his initial investment and had refused requests to introduce the firm to Conservative Party officials.

Roger Gabb, a former British Army officer who later made his fortune as a wine distributor and wholesaler, is also a major SCL shareholder. A founding director who, with his family, still controls about 25 percent of the firm’s shares, Gabb has also been active in the Conservative Party and the campaign for the U.K. to leave the European Union. He donated 500,000 pounds ($705,300) to the party in 2006. In 2016, he was fined 1,000 pounds by the U.K.’s Electoral Commission for failing to disclose that he had helped purchase local newspaper advertisements supporting the leave side in the Brexit referendum. More here.

Trump and Allies Expel Russian Diplomats/Operatives

Posted on by

President Donald Trump ordered 60 Russian diplomats the U.S. considers spies to leave the country and closed Russia’s consulate in Seattle. The closure of the Russian consulate in Seattle due to its proximity to one of our submarine bases and Boeing.” The U.S. officials said more than 100 Russian intelligence agents work under cover as diplomats in the U.S. and described the number as unacceptable. They said the U.S. could take further action in the future. The 60 people expelled from the U.S. include 48 attached to the Russian embassy and 12 at the country’s mission to the United Nations. They have seven days to leave the country, the officials said. More here.

US expels 60 Russian diplomats, shutters Seattle consulate | Ap | tulsaworld.com Russian consulate, Seattle

London (CNN)It’s the biggest collective expulsion of alleged Russian intelligence officers in history, according to British Prime Minister Theresa May.

Diplomats are being kicked out of at least 21 countries16 European Union states, the United States, Canada, Ukraine, Norway and Albania in a coordinated effort that represents a significant diplomatic victory for the UK, which blames Russia for poisoning Sergei Skripal and his daughter, Yulia.
The UK has already expelled 23 Russian diplomats. Moscow retaliated by sending the same number of UK diplomats back, and by shuttering British cultural institutions in the country.
Here’s what each country is doing: 

European Union nations

Croatia: Prime Minister Andrej Plenkovic said Croatia will expel one diplomat.
Czech Republic: The Czech Republic will expel three diplomats, Prime Minister Andrej Babis and Foreign Minister Martin Stropnicky announced a press conference. The Czech Foreign Ministry tweeted that it declared the diplomats “personae non gratae.”
The UK had already expelled 23 Russian diplomats. People were seen hugging at the Russian Embassy in London on March 20.
Denmark: The Foreign Ministry announced two diplomats would be expelled. “We stand shoulder to shoulder with Britain and clearly say no to Russia at a time when Russia is also in threatening and seeking to undermine Western values and the rule-based international order in other areas,” Foreign Minister Anders Samuelsen said.
Estonia: Estonia Foreign Ministry told CNN one Russian diplomat, a Russian defense attaché, will be expelled.
Finland: Finland will expel one diplomat, the Foreign Ministry said.
France: French Foreign Minister Jean-Yves Le Drian announced the expulsion of four diplomats, who must leave the country within a week. He said that the decision followed the European Council’s conclusions that the attack “posed a serious threat to our collective security” and that France was acting “in solidarity with our British partners.”
Germany: The German Foreign Ministry said Monday it would expel four diplomats. “In close coordination within the European Union and with NATO allies, the Federal Government has decided to ask four Russian diplomats to leave Germany within seven days. The request was sent to the Russian Embassy today,” the ministry said in a statement.
Hungary: The Foreign Ministry said Hungary would expel one diplomat over “what has been discussed at the European Council meeting,” adding that the diplomat was “also conducting intelligence activities.”
Italy: The Italian Foreign Ministry says it will expel two Russian diplomats from the embassy in Rome “as a sign of solidarity with the United Kingdom and in coordination with the European partners and NATO.”
Latvia: The Foreign Ministry told CNN it would expel one diplomat and one private citizen who runs the office of a Russian company in the capital, Riga.
Lithuania: Foreign Affairs Minister Linas Linkevicius said on Twitter the country would expel three diplomats “in solidarity with the UK over #SalisburyAttack.” Lithuania would also sanction an additional 21 individuals and ban 23 more from entering the country.
Netherlands: Prime Minister Mark Rutte announced the expulsion of two diplomats, saying the use of chemical weapons was unacceptable.
Poland: Poland’s Ministry of Foreign Affairs said it would expel four diplomats and said the attack showed how “a similar immediate threat to the territory and citizens of EU and NATO member states can happen anywhere.”
Romania: Romania’s Foreign Ministry said on Twitter that one diplomat would be expelled.
Spain: The Foreign Ministry said Spain will expel two diplomats. “From the outset, we have considered the nerve agent attack in Salisbury to be an extremely serious development that represents a significant threat to our collective security and to international law,” the ministry said on Twitter.
Sweden: The Foreign Ministry told CNN it will expel one diplomat.

Non-EU countries

Albania: The Ministry of Foreign Affairs told CNN it will expel two Russian diplomats. In a statement, the ministry said called each diplomat a “persona non grata” and said the pair’s activities were “not compliant to their diplomatic status.”
Canada: Ottawa said it was expelling four Russian diplomats alleged to be intelligence officers “or individuals who have used their diplomatic status to undermine Canada’s security or interfere in our democracy.” Additionally it was refusing three applications by Moscow for additional diplomatic staff. “The nerve agent attack represents a clear threat to the rules-based international order and to the rules that were established by the international community to ensure chemical weapons would never again destroy human lives,” Foreign Minister Chrystia Freeland said.
Norway: The Ministry of Foreign Affairs told CNN it would expel one Russian diplomat in response to the attack. “The use of a nerve agent in Salisbury is a very serious matter,” Norwegian Foreign Minister Ine Eriksen Soreide said in a statement. “Such an incident must have consequences.”
Ukraine: President Petro Poroshenko said Ukraine, which has experienced years of hostility from Russia, including the annexation of Crimea, would expel 13 diplomats. “Russia has again reconfirmed its disdainful attitude to the sovereignty of independent states and the value of human life.”
United States: The White House said it was expelling 60 Russian diplomats identified as intelligence agents and also announced the closure of the Russian consulate in Seattle. It represents the most forceful action Trump has taken against Russia to date. Of those being expelled, 48 of the alleged intelligence agents work at the Russian embassy in Washington and 12 are posted at the United Nations in New York, senior administration officials said.

9 Iranians Charged in Hacking 176 Universities, Intellectual Property

Posted on by

Nine Iranians Charged With Conducting Massive Cyber Theft Campaign On Behalf Of The Islamic Revolutionary Guard Corps

Mabna Institute Hackers Penetrated Systems Belonging to Hundreds of Universities, Companies, and Other Victims to Steal Research, Academic Data, Proprietary Data, and Intellectual Property

Rod J. Rosenstein, the Deputy Attorney General of the United States, Geoffrey S. Berman, the United States Attorney for the Southern District of New York, William F. Sweeney Jr., the Assistant Director-in-Charge of the New York Field Division of the Federal Bureau of Investigation (“FBI”), and John C. Demers, Assistant Attorney General for National Security, announced today the unsealing of an indictment charging GHOLAMREZA RAFATNEJAD, EHSAN MOHAMMADI, ABDOLLAH KARIMA, a/k/a “Vahid Karima,” MOSTAFA SADEGHI, SEYED ALI MIRKARIMI, MOHAMMED REZA SABAHI, ROOZBEH SABAHI, ABUZAR GOHARI MOQADAM, and SAJJAD TAHMASEBI.  The defendants were each leaders, contractors, associates, hackers-for-hire, and affiliates of the Mabna Institute, an Iran-based company that was responsible for a coordinated campaign of cyber intrusions that began in at least 2013 into computer systems belonging to 144 U.S.-based universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies, the United States Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the United Nations, and the United Nations Children’s Fund.  Through the activities of the defendants, the Mabna Institute conducted these intrusions to steal over 30 terabytes of academic data and intellectual property from universities, and email inboxes from employees of victim private sector companies, government victims, and non-governmental organizations.  The defendants conducted many of these intrusions on behalf of the Islamic Republic of Iran’s (“Iran”) Islamic Revolutionary Guard Corps (“IRGC”), one of several entities within the government of Iran responsible for gathering intelligence, as well as other Iranian government clients.  In addition to these criminal charges, today the Department of Treasury’s Office of Foreign Assets Control (OFAC) designated the Mabna Institute and the nine defendants for sanctions for the malicious cyber-enabled activity outlined in the Indictment.

Deputy Attorney General Rod J. Rosenstein said:  “These nine Iranian nationals allegedly stole more than 31 terabytes of documents and data from more than 140 American universities, 30 American companies, five American government agencies, and also more than 176 universities in 21 foreign countries.  For many of these intrusions, the defendants acted at the behest of the Iranian government and, specifically, the Iranian Revolutionary Guard Corps.  The Department of Justice will aggressively investigate and prosecute hostile actors who attempt to profit from America’s ideas by infiltrating our computer systems and stealing intellectual property.  This case is important because it will disrupt the defendants’ hacking operations and deter similar crimes.”

Manhattan U.S. Attorney Geoffrey S. Berman said:  “Today, in one of the largest state-sponsored hacking campaigns ever prosecuted by the Department of Justice, we have unmasked criminals who normally hide behind the ones and zeros of computer code.  As alleged, this massive and brazen cyber-assault on the computer systems of hundreds of universities in 22 countries, including the United States, and dozens of private sector companies and governmental organizations was conducted on behalf of Iran’s Islamic Revolutionary Guard.  The hackers targeted innovations and intellectual property from our country’s greatest minds.  These defendants are now fugitives from American justice, no longer free to travel outside Iran without risk of arrest.  The only way they will see the outside world is through their computer screens, but stripped of their greatest asset – anonymity.”

FBI Assistant Director William F. Sweeney Jr. said:  “The numbers alone in this case are staggering, over 300 universities and 47 private sector companies both here in the United States and abroad were targeted to gain unauthorized access to online accounts and steal data.  An estimated 30 terabytes was removed from universities’ accounts since this attack began, which is roughly equivalent of 8 billion double-sided pages of text.  It is hard to quantify the value on the research and information that was taken from victims but it is estimated to be in the billions of dollars. The nine Iranians indicted today now find themselves wanted by the FBI and our partner law enforcement agencies around the globe – and like other cyber criminals they will soon learn their ability to freely move was just limited to the virtual world only.”

According to the allegations contained in the Indictment[1] unsealed today in Manhattan federal court:

Background on the Mabna Institute

GHOLAMREZA RAFATNEJAD and EHSAN MOHAMMADI, the defendants, founded the Mabna Institute in approximately 2013 to assist Iranian universities and scientific and research organizations in stealing access to non-Iranian scientific resources.  In furtherance of its mission, the Mabna Institute employed, contracted, and affiliated itself with hackers-for-hire and other contract personnel to conduct cyber intrusions to steal academic data, intellectual property, email inboxes and other proprietary data, including ABDOLLAH KARIMA, a/k/a “Vahid Karima,” MOSTAFA SADEGHI, SEYED ALI MIRKARIMI, MOHAMMED REZA SABAHI, ROOZBEH SABAHI, ABUZAR GOHARI MOQADAM, and SAJJAD TAHMASEBI.  The Mabna Institute contracted with both Iranian governmental and private entities to conduct hacking activities on their behalf, and specifically conducted the university spearphishing campaign on behalf of the IRGC.  The Mabna Institute is located at Tehran, Sheikh Bahaii Shomali, Koucheh Dawazdeh Metri Sevom, Plak 14, Vahed 2, Code Posti 1995873351.

University Hacking Campaign

The Mabna Institute, through the activities of the defendants, targeted over 100,000 accounts of professors around the world.  They successfully compromised approximately 8,000 professor email accounts across 144 U.S.-based universities, and 176 universities located in foreign countries, including Australia, Canada, China, Denmark, Finland, Germany, Ireland, Israel, Italy, Japan, Malaysia, Netherlands, Norway, Poland, Singapore, South Korea, Spain, Sweden, Switzerland, Turkey, and the United Kingdom.  The campaign started in approximately 2013, and has continued through at least December 2017, and broadly targeted all types of academic data and intellectual property from the systems of compromised universities, including, among other things, academic journals, theses, dissertations, and electronic books.  Through the course of the conspiracy, U.S.-based universities spent over approximately $3.4 billion to procure and access such data and intellectual property.

The hacking campaign against universities was conducted across multiple stages.  First, the defendants conducted online reconnaissance of university professors, including to determine these professors’ research interests and the academic articles they had published.  Second, using the information collected during the reconnaissance phase, the defendants created and sent spearphishing emails to targeted professors, which were personalized and created so as to appear to be sent from a professor at another university.  In general, those spearphishing emails indicated that the purported sender had read an article the victim professor had recently published, and expressed an interest in several other articles, with links to those additional articles included in the spearphishing email.  If the targeted professor clicked on certain links in the email, the professor would be directed to a malicious Internet domain named to appear confusingly similar to the authentic domain of the recipient professor’s university.  The malicious domain contained a webpage designed to appear to be the login webpage for the victim professor’s university.  It was the defendants’ intent that the victim professor would be led to believe that he or she had inadvertently been logged out of his or her university’s computer system, prompting the victim professor for his or her login credentials.  If a professor then entered his or her login credentials, those credentials were then logged and captured by the hackers.

Finally, the members of the conspiracy used stolen account credentials to obtain unauthorized access to victim professor accounts, through which they then exfiltrated intellectual property, research, and other academic data and documents from the systems of compromised universities, including, among other things, academic journals, theses, dissertations, and electronic books.  The defendants targeted data across all fields of research and academic disciplines, including science and technology, engineering, social sciences, medical, and other professional fields.  At least approximately 31.5 terabytes of academic data and intellectual property from compromised universities were stolen and exfiltrated to servers under the control of members of the conspiracy located in countries outside the United States.

In addition to stealing academic data and login credentials for university professors for the benefit of the Government of Iran, the defendants also sold the stolen data through two websites, Megapaper.ir (“Megapaper”) and Gigapaper.ir (“Gigapaper”).  Megapaper was operated by Falinoos Company (“Falinoos”), a company controlled by ABDOLLAH KARIMA, a/k/a “Vahid Karima,” the defendant, and Gigapaper was affiliated with KARIMA.  Megapaper sold stolen academic resources to customers within Iran, including Iran-based public universities and institutions, and Gigapaper sold a service to customers within Iran whereby purchasing customers could use compromised university professor accounts to directly access the online library systems of particular United States-based and foreign universities.

Prior to the unsealing of the Indictment, the FBI provided foreign law enforcement partners with detailed information regarding victims within their jurisdictions, so that victims in foreign countries could be notified and so that foreign partners could assist in remediation efforts.

Private Sector Hacking Victims

In addition to targeting and compromising universities, the Mabna Institute defendants targeted and compromised employee email accounts for at least approximately 36 United States-based private companies, and at least approximately 11 private companies based in Germany, Italy, Switzerland, Sweden, and the United Kingdom, and exfiltrated entire email mailboxes from compromised employees’ accounts.  Among the United States-based private sector victims were three academic publishers, two media and entertainment companies, one law firm, 11 technology companies, five consulting firms, four marketing firms, two banking and/or investment firms, two online car sales companies, one healthcare company, one employee benefits company, one industrial machinery company, one biotechnology company, one food and beverage company, and one stock images company.

In order to compromise accounts of private sector victims, members of the conspiracy used a technique known as “password spraying,” whereby they first collected lists of names and email accounts associated with the intended victim company through open source Internet searches.  Then, they attempted to gain access to those accounts with commonly-used passwords, such as frequently used default passwords, in order to attempt to obtain unauthorized access to as many accounts as possible.  Once they obtained access to the victim accounts, members of the conspiracy, among other things, exfiltrated entire email mailboxes from the victims.  In addition, in many cases, the defendants established automated forwarding rules for compromised accounts that would prospectively forward new outgoing and incoming email messages from the compromised accounts to email accounts controlled by the conspiracy.

In connection with the unsealing of the Indictment, today the FBI issued a FBI Liaison Alert System (FLASH) message, providing detailed information regarding the vulnerabilities targeted and the intrusion vectors used by the Mabna Institute in their campaign against private sector companies, to provide the public with information to assist in detecting and remediating the threat.

U.S. Government and NGO Hacking Victims

In the same time period as the university and private sector hacking campaigns described above, the Mabna Institute also conducted a computer hacking campaign against various governmental and non-governmental organizations within the United States.  During the course of that campaign, employee login credentials were stolen by members of the conspiracy through password spraying.  Among the victims were the following, all based in the United States:  the United States Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the State of Indiana Department of Education, the United Nations, and the United Nations Children’s Fund.  As with private sector victims, the defendants targeted for theft email inboxes of employees of these organizations.

*                *                *

GHOLAMREZA RAFATNEJAD, EHSAN MOHAMMADI, ABDOLLAH KARIMA, a/k/a “Vahid Karima,” MOSTAFA SADEGHI, SEYED ALI MIRKARIMI, MOHAMMED REZA SABAHI, ROOZBEH SABAHI, ABUZAR GOHARI MOQADAM, and SAJJAD TAHMASEBI, the defendants, are citizens and residents of Iran.  Each is charged with one count of conspiracy to commit computer intrusions, which carries a maximum sentence of five years in prison; one count of conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison; two counts of unauthorized access of a computer, each of which carries a maximum sentence of five years in prison; two counts of wire fraud, each of which carries a maximum sentence of 20 years in prison; and one count of aggravated identity theft, which carries a mandatory sentence of two years in prison.  The maximum potential sentences in this case are prescribed by Congress and are provided here for informational purposes only, as any sentencings of the defendants will be determined by the assigned judge.

Mr. Berman praised the outstanding investigative work of the FBI, the assistance of the United Kingdom’s National Crime Agency (NCA), and the support of the OFAC.  The case is being handled by the Office’s Complex Frauds and Cybercrime Unit.  Assistant United States Attorneys Timothy T. Howard, Jonathan Cohen, and Richard Cooper are in charge of the prosecution, with assistance provided by Heather Alpino and Jason McCullough of the National Security Division’s Counterintelligence and Export Control Section.

The charges contained in the Indictment are merely accusations and the defendants are presumed innocent unless and until proven guilty.

[1] As the introductory phrase signifies, the entirety of the text of the Indictment, and the description of the Indictment set forth herein, constitute only allegations, and every fact described should be treated as an allegation.

Attachment(s):
Download U.S. v. Rafatnejad et al Indictment
Topic(s):
Cyber Crime
Component(s):
USAO – New York, Southern
Press Release Number:
18-089