Export-Restricted Software Helps Develop Rockets, Missiles and Other Weapons
Two Iranian nationals remain at large after being charged by the U.S. Department of Justice with hacking into a Vermont-based engineering firm and stealing software used to develop projectiles, ranging from bullets to GPS-guided artillery shells to missiles.
See Also: Spear Phishing, Identity Deception, Ransomware: How to Predict the Future of Crime
A superseding indictment, dated April 21, 2016, and unsealed Monday, charges Mohammed Reza Rezakhah, 39, and Mohammed Saeed Ajily, 35, with a raft of hacking-related offenses. Charges include computer fraud and abuse, unauthorized access to computers, theft of information, as well as wire fraud and conspiracy. Arrest warrants have also been issued for both men.
Based on an investigation led by the FBI cyber squad based in Albany, New York, beginning around 2007, Ajily – a businessman who regularly sells to Iranian military and government entities – tasked Rezakhah and others to steal valuable software or else find a way to crack it, referring to defeating any devices or code designed to restrict its use, the indictment alleges.
“Rezakhah would then conduct unauthorized intrusions into victim networks to steal the desired software,” the Justice Department says in a news release. “Once the software was obtained, Ajily marketed and sold the software through various companies and associates to Iranian entities, including universities and military and government entities, specifically noting that such sales were in contravention of U.S. export controls and sanctions.”
Target: Projectile Design Software
One of the group’s alleged targets was the proprietary PRODAS – Projectile Rocket Ordnance Design and Analysis System – software that retails for between $40,000 and $800,000, according to court documents. The software is developed by Arrow Tech, an engineering consulting firm based in Burlington, Vermont.
The software allegedly stolen by the suspects is designated as a “defense article” on the U.S. Munitions List of the International Traffic in Arms Regulations – ITAR – meaning anyone who wants to export it from the United States must first obtain a license from the U.S. Department of State.
PRODAS requires a hardware dongle to operate, and includes warnings stating that it can only be shipped outside the United States with an export license.
So the defendants allegedly focused on cracking the hardware dongle. “Rezakhah and co-conspirator Nima Golestaneh operated under the company name ‘Dongle Labs’ to sell customers the capability to circumvent these types of protections on a variety of software packages,” according to the indictment. “Razakhah also conducted other hacking and cracking activities at [Ajily’s] direction.”
Ajily sold the stolen software via a business named the Andisheh Vesal Middle East Company, according to court documents. The company’s alleged customers included – but were not limited to – Malek Ashtar Defense University, Tehran University, Sharif Technical University, Nasir University and Shiraz Electro Optic Industry.
Arrow Tech could not be reached for comment on the indictment, or what anti-hacking tweaks it might have since made to its dongles.
Unexpected Twist for Third Suspect
The third man mentioned in the indictment, Golestaneh, an Iranian national, was arrested in Turkey in connection with the case in November 2013, via an Interpol “red notice,” and extradited to the United States on Feb. 12, 2015.
On Dec. 2, 2015, Golestaneh pleaded guilty in Vermont federal court to related charges, including obtaining access to servers based in Canada and the Netherlands for Rezakhah, which Rezakhah allegedly used to hack into Arrow Tech’s computers. According to court documents, the servers were used “to conduct unauthorized computer intrusions so that the intrusions would be more difficult to trace.”
In January 2016, Golestaneh – then 30 years old – was one of seven Iranians granted clemency by President Barack Obama, in exchange for the release of Americans held captive in Iran.