Here’s what Geoffrey Berman, U.S. attorney for the Southern District of New York, said when announcing charges against a group of Iranian “cyber attackers”:
“We have worked tirelessly to identify you,” Berman said. “You cannot hide behind a keyboard halfway around the world and expect not to be held to account. Together, along with our law enforcement partners, we will work relentlessly and creatively to apply the legal tools at our disposal to unmask and charge you. We will do all we can to bring you to justice. While the defendants remain at large, they are now fugitives from the American judicial system.
So what are these horrendous people being charged with? Stealing unreleased scripts of Game of Thrones and a bunch of academic articles. I am not making this up.
…members of the conspiracy used stolen account credentials to obtain unauthorized access to victim professor accounts, through which they then exfiltrated intellectual property, research, and other academic data and documents from the systems of compromised universities, including, among other things, academic journals, theses, dissertations, and electronic books.
In other words, the Iranians were running something like Sci-Hub, the website that some of you have probably used to bypass publisher paywalls to read articles linked to on MR that you haven’t paid for. I don’t defend such actions but neither do I want the federal attorney working tirelessly to identify you. As crimes go this is a yawner.
Indeed, since Sci-Hub is already used in Iran, one wonders how useful the additional Iranian hacking was. A few companies are also listed as targets, although they turn out to be publishers, a stock image company, two online car companies etc. A few government agencies are thrown in for good measure although that appears to be window dressing.
The federal attorney claims the hacking (hacking not attacking) cost billions which they estimate because:
Through the course of the conspiracy, U.S.-based universities spent over approximately $3.4 billion to procure and access such data and intellectual property.
That’s just DoJ making up some number to make them look good. The direct losses in this scheme almost certainly amount to zero, bupkiss, nada. Universities certainly haven’t lost anything – the data was copied, not taken. The publishers might have lost a bit, but even then it would only be the revenue they would have got from papers that would have been bought if they hadn’t been copied. A useful estimate of the size of that loss still being zero, bupkiss, nada.
Frankly, this is a joke of an indictment. But headlines like “US Charges 9 Iranians With Massive Cyberattack” are certainly fortuitously timed for new national security designate John Bolton and others who want to take a hardline on Iran.