Iranian “CyberAttack” Threatens Elsevier Not USA

Here’s what Geoffrey Berman, U.S. attorney for the Southern District of New York, said when announcing charges against a group of Iranian “cyber attackers”:

“We have worked tirelessly to identify you,” Berman said. “You cannot hide behind a keyboard halfway around the world and expect not to be held to account. Together, along with our law enforcement partners, we will work relentlessly and creatively to apply the legal tools at our disposal to unmask and charge you. We will do all we can to bring you to justice. While the defendants remain at large, they are now fugitives from the American judicial system.

So what are these horrendous people being charged with? Stealing unreleased scripts of Game of Thrones and a bunch of academic articles. I am not making this up.

…members of the conspiracy used stolen account credentials to obtain unauthorized access to victim professor accounts, through which they then exfiltrated intellectual property, research, and other academic data and documents from the systems of compromised universities, including, among other things, academic journals, theses, dissertations, and electronic books.

(That is from the press release and here is the earlier press release on GOT, with which this has been combined in many news accounts. The full indictment is here).

In other words, the Iranians were running something like Sci-Hub, the website that some of you have probably used to bypass publisher paywalls to read articles linked to on MR that you haven’t paid for. I don’t defend such actions but neither do I want the federal attorney  working tirelessly to identify you. As crimes go this is a yawner.

Indeed, since Sci-Hub is already used in Iran, one wonders how useful the additional Iranian hacking was. A few companies are also listed as targets, although they turn out to be publishers, a stock image company, two online car companies etc. A few government agencies are thrown in for good measure although that appears to be window dressing.

The federal attorney claims the hacking (hacking not attacking) cost billions which they estimate because:

Through the course of the conspiracy, U.S.-based universities spent over approximately $3.4 billion to procure and access such data and intellectual property.

As Tim Worstall puts it:

That’s just DoJ making up some number to make them look good. The direct losses in this scheme almost certainly amount to zero, bupkiss, nada. Universities certainly haven’t lost anything – the data was copied, not taken. The publishers might have lost a bit, but even then it would only be the revenue they would have got from papers that would have been bought if they hadn’t been copied. A useful estimate of the size of that loss still being zero, bupkiss, nada.

Frankly, this is a joke of an indictment. But headlines like “US Charges 9 Iranians With Massive Cyberattack” are certainly fortuitously timed for new national security designate John Bolton and others who want to take a hardline on Iran.

Comments

"an hardline"?

👆🏼 Is it me or is Rimbaud’s poetry becoming more condensed, terse even?

Yes, an hardline is when you do things like NOT secretly send them pallets full of cash on an airplane.

Word is that Bolton might be into that. Booga booga!!

Returning someones down payment you mean?

Because the most powerful country in the world was obligated to repay Iran hundreds of millions of dollars, and especially to do so in an untraceable manner! Obama had no choice!

The most powerful country in the world sure has a lot of bedwetting citizens.

Just because Bolton is paranoid doesn’t mean the Islamic Republic of Iran isn’t a problem.

Bolton is for a first strike which is exactly what's needed for North Korea. As for AlexT's post, it's a yawner: theft of IP is routinely prosecuted. If you want to steal IP, let some risk taker seed it (uTorrent) and then download it, but use an Anonymous VPN that doesn't keep logs (like ExpressVPN). Chances are, the consumer of the illegal IP, that would be you, as opposed to the person who hacks the IP, will not be prosecuted. The hackers themselves are not innocent here ("In all, the hackers “stole more than 31 terabytes of academic data and intellectual property from universities, and email accounts of employees at private sector companies, government agencies and nongovernmental organizations,” the Justice Department said in a release.") notice the hackers got access to private emails, not just seeding stolen IP. AlexT, do you want your emails spammed all over the world? If so, please upload all your emails to DropBox to a public folder and let us read them.

Just because Bolton is paranoid doesn’t mean the Islamic Republic of Iran is a problem.

Doesn't that make the need for a serious person to be in his position more pressing?

The problem with Bolton isn’t that he is unserious, as Boonton implies. Bolton IS serious.

So really the problem for Boonton is that Bolton’s seriousness causes him to support / promote policies that Boonton doesn’t agree with.

If Bolton gave an additional 500 million dollars in unmarked cash to the Revolutionary Guard would he be your most seriousist and favoritist person?

To greater Israel? Yes,and thank God for that.

War... War never changes. Only the justifications become more and more strained.

Nooooooo, I just moved to a nice modern apartment last weekend.......not in the mood for living in a post-apocalyptic wasteland.

Don't worry... It's only a setup for the terrible pun below.

Arguably the posting of the link to sci-hub is supporting and abetting the site.

No, links are not considered aiding and abetting. This in regards to a previous version of this long running misunderstanding - http://cyberlaw.stanford.edu/blog/2013/09/recurring-myths-about-legal-obligations-online-platforms.

The United States District Court for the Southern District of New York is second only to the District Court for the Northern District of California in being a showcase for attorneys aspiring to advance in the immense maze of the federal judiciary through media grandstanding.

The hardliners, think neocons, have been hot to charge the Iranians with cyber mischief and paint them as serious threats to the US for years. Project Pistachio is a great example of that -- https://www.criticalthreats.org/analysis/the-growing-cyberthreat-from-iran-the-initial-report-of-project-pistachio-harvest-5a4408f5949b0

It's mostly hype and partly pure fiction. I know. I've seen the raw data this report came from, which, among other things, said Iran was not capable for being a cyber threat (for a variety of reasons). Yet the hardliners persisted. Others have criticized this report, too, and the general consensus of the security industry has been a yawn.

My first thought was that this was like SciHub. Good catch and I agree.

But doesn't getting inside thousands of researchers emails take it to another level?

One profit model would be to tip friends and relatives in the US to patent applications, sharing early drafts.

Fortuitous means by chance not luckily

The Iranians suffer the ire of Americans because the Iranians humiliated America. Unlike the Saudis, the Iranians didn't kill and maim thousands of Americans, but humiliation is worse than death. Isn't it?

Iran's biggest crime is thinking it can be equal among nations to the US.

Only the US is allowed to demand criminals be delivered to the US, and only the US can invade other nations when US demands are not met.

Only the US is allowed to hack other nations computers to obtain secrets and destroy property.

Only the US is allowed to defend itself by a policy of totally destroying civilization globally.

And Trump is now executing on the US being the only nation allowed to set terms and implement international agreements.

When other nations get to define the terms they agree to, the US is humiliated.

China pioneered computer hacking as technology transfer.

Related:

"Years ago a security researcher told me the Chinese probably have a file on every single American by now and I thought it outlandish but between this and the universe of data brokers, I'm now convinced he's right" - @mims

Iran’s “foreign policy” history shows that it too can invade, bully, destabilize, etc., countries. Don’t be willfully obtuse about Iran. It is not America alone that sees it as the greatest state sponsor of terror.

Excluding America and a handful of others, survey says that most of the world thinks the USA itself is the most terrorist state: https://nypost.com/2014/01/05/us-is-the-greatest-threat-to-world-peace-poll.

The word "terrorist" is not in that, at all. Screwed up your link?

I apologize for the understatement. Threatening world peace for 7 billion people has got to be more terrorizing than something less risky on average than slippery bathtubs.

Thor... Thor never changes...

Too bad the 9/11 terrorists weren't Iraqis, N. Iranians, or Russians... it would have been a slam dunk 2 decades ago.

What's good for Elselvier is good for America. Those 40%+ profit margins won't defend themselves!

Cyber-terrorists? Yes. Alex, these guys threatened to release Game of Throne spoilers! Are we gonna split hairs here? Okay then.

My optimistic take on it is that it’s probably good for the world if Iran copies some research. It will help them to catch up and diffuse ideas. It’s also really good for the rest of the world.

I work in International Development and I’m really in favour of the evidence based agenda. The only limit is that evidence is often gated and doesn’t travel well in Africa because of it. Sci Hub is great for that. I’ll always show it to my colleagues in the south when I have the opportunity.

watch the documentary "zero days" about stuxnet.
about the US cyberattack on Iran. appalling.

Comments for this post are closed