US IN­DICTS IRANIANS OVER LINKS TO CY­BER AT­TACKS

▶ Hack­ers dis­abled sys­tems un­til the own­ers paid ran­soms in Bit­coin

The National - News - - FRONT PAGE - ARTHUR MacMILLAN

The US Jus­tice De­part­ment yes­ter­day im­posed sanc­tions on two Iranians it said had helped to ex­change dig­i­tal Bit­coin cur­rency from ran­som pay­ments into Ira­nian rial.

It also charged two Ira­nian hack­ers in­volved in a ran­somware con­spir­acy that net­ted them mil­lions of dol­lars.

More than 7,000 trans­ac­tions in Bit­coin were traced to two dig­i­tal cur­rency ad­dresses op­er­ated by the first two men.

Nam­ing them as Ali Kho­rashadizadeh and Mo­ham­mad Ghor­baniyan, the Trea­sury’s Of­fice of For­eign As­sets Con­trol said the con­spir­acy in­volved the SamSam ran­somware scheme where hack­ers tar­geted elec­tronic sys­tems at Amer­i­can hos­pi­tals, uni­ver­si­ties and gov­ern­ment agen­cies, caus­ing tens of mil­lions of dol­lars in dam­ages.

Their dig­i­tal cur­rency ad­dresses are the first to be pub­licly at­trib­uted to per­sons on a US sanc­tions black­list, Ofac said.

“Trea­sury is tar­get­ing dig­i­tal cur­rency ex­chang­ers who have en­abled Ira­nian cy­ber ac­tors to profit from ex­tort­ing dig­i­tal ran­som pay­ments from their vic­tims,” said Trea­sury un­der­sec­re­tary for Ter­ror­ism and Fi­nan­cial In­tel­li­gence Si­gal Man­delker.

“As Iran be­comes in­creas­ingly iso­lated and des­per­ate for ac­cess to US dol­lars, it is vi­tal that ... providers of dig­i­tal cur­rency ser­vices har­den their net­works against these il­licit schemes.”

Crim­i­nal ran­somware ac­tiv­ity en­crypts data on main­frame-style sys­tems. The con­spir­a­tors then of­fer to de­crypt the data in re­turn for pay­ment.

“Trea­sury will ag­gres­sively pur­sue Iran and other rogue regimes at­tempt­ing to ex­ploit dig­i­tal cur­ren­cies and cy­ber weak­nesses to fur­ther their ne­far­i­ous ob­jec­tives,” Ms Man­delker said.

In a re­lated ac­tion, the Jus­tice De­part­ment in­dicted two other Iranians for in­fect­ing data net­works with SamSam ran­somware in the US, Bri­tain and Canada since 2015. Fara­marz Shahi Sa­vandi and Mo­ham­mad Me­hdi Shah Man­souri, both op­er­at­ing in Iran, used SamSam ran­somware to hack into net­works.

Their tar­gets in­cluded US cities, Colorado’s trans­port de­part­ment, a hos­pi­tal and lab­o­ra­tory.

“The de­fen­dants’ ob­jec­tive al­legedly was to pre­vent these vic­tims from ac­cess­ing or us­ing data on the com­pro­mised com­put­ers, forc­ing them to shut down or dra­mat­i­cally cur­tail their op­er­a­tions,” the Jus­tice De­part­ment said.

The de­fen­dants al­legedly tar­geted more than 200 vic­tims, and col­lected more than $6 mil­lion (Dh22.03m) in crim­i­nal pro­ceeds. Vic­tims in­curred losses ex­ceed­ing $30m be­cause they were un­able to ac­cess their data.

The charge says the men acted for per­sonal profit, and were not gov­ern­ment di­rected. Both men are thought to be in Iran and are con­sid­ered fugi­tives from jus­tice, US of­fi­cials said.

The an­nounce­ments came shortly be­fore US Spe­cial Rep­re­sen­ta­tive for Iran Brian Hook said he would to­day present ev­i­dence of Tehran’s trans­fer of arms to proxy groups and is­sue an up­date on the regime’s lat­est bal­lis­tic mis­sile work.

“This dis­play con­tains clear and tan­gi­ble ev­i­dence that the Ira­nian regime is arm­ing dan­ger­ous groups with ad­vanced weapons, and spread­ing in­sta­bil­ity and con­flict in the re­gion, which poses a threat to in­ter­na­tional peace and se­cu­rity,” the State De­part­ment said.

Newspapers in English

Newspapers from UAE

© PressReader. All rights reserved.