Hackers Stealing High Grade Academic Research

Uploaded on 2018-09-28 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Iranian hackers have reportedly breached top British universities, including Oxford and Cambridge, to steal what are “millions” of papers and academic research documents that they then put up for sale via WhatsApp and websites. 

Much of the subject matter is understood to be bland, but some of the papers covered topics including nuclear development and computer encryption.

Whoever stole the papers is reportedly selling them on Farsi language websites in addition to the end-to-end encrypted WhatsApp messaging app, where they’re going for as little as £2 (USD $2.63).

The intellectual property theft was initially reported last month by Secureworks researchers who discovered a URL spoofing a login page for a university: the tip of what turned out to be a credential-stealing iceberg. A deeper dive uncovered 16 domains containing over 300 spoofed websites and login pages for a global campaign targeting 76 universities located in 14 countries, including Australia, Canada, China, Israel, Japan, Switzerland, Turkey, the UK, and the US.
Secureworks tied the campaign to the Iranian government.

In February, the US indicted nine Iranian nationals for alleged computer intrusion, wire fraud, and aggravated identity theft. The indictment alleged that the men were involved in a scheme to obtain unauthorised access to computer systems, steal proprietary data from those systems, and sell the stolen data to Iranian customers, including the Iranian government and Iranian universities.

According to the FBI, each of the nine was affiliated with the Mabna Institute: a private government contractor based in Iran that worked for the Islamic Revolutionary Guard Corps. The FBI says that plundered organisations included about 144 US universities, 176 foreign universities in 21 countries, 5 federal and state government agencies in the US, 36 private companies in the US, 11 foreign private companies, and 2 international non-governmental organizations.

The hackers allegedly obtained access to university systems and research databases by phishing university staff and students, prompting them to reset their passwords at the spoofed domains that Secureworks uncovered last month.
Universities are, of course, a plum target for cyber-attackers, given the extremely valuable intellectual property that comes from research projects – particularly those concerned with national infrastructure, technology, and defense, be it cyber or on the battlefield.

After first discovering the spoofed sites, Secureworks’ Counter Threat Unit Research Team said that the threat underscored the importance of incorporating multi-factor authentication using secure protocols, plus implementation of complex password requirements on publicly accessible systems.

We don’t have much detail on how much of the stolen material was due to be published anyway, phishing campaign or no phishing campaign. How much cryptography research done at universities is top-secret, for example? Neither do we know how much of the material was stolen from behind some sort of paywall that has nothing to do with secrecy or national security, as was the case with the “thefts” allegedly pulled off by Aaron Swartz.

Schwartz allegedly used MIT’s network to download a mass of academic articles from non-for-profit academic journal archive JSTOR in contravention of his entitlement, with the aim of republishing them without restriction. Were some of the documents stolen from behind what were genuinely supposed to be closed doors with restricted access? Or classed as “stolen” because they weren’t officially released yet?

In short, we don’t know how much of the material being offered “for sale” was actually stolen. We do know, however, that thieves don’t necessarily discriminate: they just grab whatever they can get, then they, or their paying clientele, figure out what they got away with.

Better to keep them out to begin with, rather than assume that we shouldn’t break a sweat about any of the stolen documents, no matter how bland they might appear at first blush.

Naked Security

You Migh Also Read:

Iranian Malware Delivered Via Fake Oxford University Sites:

Iranian Hackers Target Universities For Secret Research:

 

« Hackers Are Fighting A Surrogate Cold War
Fancy Bear Have A Nasty New Weapon »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Cyber Defense Media Group (CDMG)

Cyber Defense Media Group (CDMG)

CDMG is the leading global media group for all things cyber defense.

Team8

Team8

Team8 is Israel’s most prestigious cybersecurity think tank and venture creation foundry.

Coro Cybersecurity

Coro Cybersecurity

Coro (formerly Coronet) empowers organizations to protect against malware, ransomware, phishing, and botnets - across devices, users, and cloud applications.

GE Digital

GE Digital

GE Digital is a leading software company for the Industrial Internet. Products include Industrial Cyber Security for Operational Technology (OT).

Proteus

Proteus

Proteus is an Information Security consulting firm specialized in Risk Analysis and Executive Control.

CSC Cyber Games

CSC Cyber Games

CSC Cyber Games is an innovative platform dedicated to empowering individuals with the tools and knowledge to excel in the ever-evolving world of cybersecurity.

SecureAppbox

SecureAppbox

SecureAppbox provide solutions that protects the communication of sensitive data as well as advice on data security and compliance with GDPR.

iosiro

iosiro

iosiro was created to guide companies through securely using blockchain technologies. We help teams launch and manage ICOs, deploy secure dApps, and integrate private networks into business practices.

CyFIR

CyFIR

CyFIR is a network investigation and Incident Response tool for performing live computer investigations across any size enterprise.

Consistec Engineering & Consulting

Consistec Engineering & Consulting

Consistec Engineering & Consulting GmbH is an information technology and services company offering solutions for monitoring the security of IT and OT infrastructure.

Input Output (IOHK)

Input Output (IOHK)

IOHK is one of the world's pre-eminent blockchain infrastructure research and engineering companies.

PKI Solutions

PKI Solutions

PKI Solutions offers Public Key Infrastructure (PKI) products, services, and training to help ensure the security of organizations now and in the future.

Prescient Solutions

Prescient Solutions

Prescient Solutions is a managed services provider, using a cloud-based model to provide IT solutions to small, mid-sized, global organizations and government entities.

Tsaaro Academy

Tsaaro Academy

Tsaaro Academy is a unique privacy certification training platform and here you earn a privacy certification CEH, CISM and DPO from India’s No.1 Privacy training platform.

Lasso Security

Lasso Security

Lasso Security is a pioneer cybersecurity company ensuring comprehensive protection for businesses leveraging generative AI and other large language model technologies.

Hydden

Hydden

Hydden gives security teams the ability to create a solid foundation to build a truly next-gen identity security practice by bridging the gaps between siloed teams and technologies.