U.S. authorities charged two Iranian nationals on Monday with hacking into computer systems in the United States, Europe, and the Middle East, and stealing hundreds of terabytes of data, sometimes at the behest of the Iranian regime.
Hooman Heidarian, 30, and Mehdi Farhadi, 34—both of Hamedan, Iran—were charged with 10 counts over hacking and cybertheft.
Heidarian and Farhadi carried out some of the hacks on behalf of the Iranian regime, including by targeting information on dissidents, human rights activists, and opposition leaders, according to the indictment. The pair conducted other hacks to steal data, which they would sell for profit on the black market, the prosecutors allege.
“These Iranian nationals allegedly conducted a wide-ranging campaign on computers here in New Jersey and around the world,” U.S. Attorney for the District of New Jersey Craig Carpenito said in a statement. “They brazenly infiltrated computer systems and targeted intellectual property and often sought to intimidate perceived enemies of Iran, including dissidents fighting for human rights in Iran and around the world.
“This conduct threatens our national security, and as a result, these defendants are wanted by the FBI and are considered fugitives from justice.”
In the United States, the alleged hackers targeted computers in New Jersey, a Washington, D.C.-based think tank, a defense contractor, and an aerospace company, among others.
Heidarian and Farhadi also allegedly vandalized a number of website using the pseudonym “Sejeal.” They posted messages about the demise of Iran’s adversaries, including Israel and Saudi Arabia. The pair used a variety of tools to gain access to computer systems.
The Department of Justice announced the indictment of Heidarian and Farhadi on the same day as unveiling charges against a group of Chinese hackers.
“We will not bring the rule of law to cyberspace until governments refuse to provide safe harbor for criminal hacking within their borders,” Assistant Attorney General John Demers said in a statement.
“Unfortunately, our cases demonstrate that at least four nations—Iran, China, Russia, and North Korea—will allow criminal hackers to victimize individuals and companies from around the world, as long as these hackers will also work for that country’s government—gathering information on human rights activists, dissidents and others of intelligence interest.”