The UK has joined the US in blaming Iran for a number of cyber attacks against UK universities. The UK National Cyber Security Centre has said: “..the Mabna Institute are almost certainly responsible for a multi-year Computer Network Exploitation (CNE) campaign targeting universities in the UK, the US, as well as other Western nations, primarily for the purposes of intellectual property (IP) theft.”
State-sponsored cyber attacks are becoming ever more daring. The majority of attacks are aimed at acquiring information. Many of these are based around long-term infiltration of computer systems. These yield significant amounts of data about both business activities and research. It is the latter in particular that is important to state-sponsored actors.
Universities increasingly undertake commercial research. The revenue earns the university income and ensures jobs for faculty members. It also raises the reputation of the university making it easier to attract the brightest students. Commercial companies using universities to conduct research do so because it gives them access to a much wider and focused talent pool. It is also cheaper than running their own R&D teams.
Hackers, especially state-sponsored teams see universities as an easier target than businesses. This is because they are dealing with large student populations whose Internet usage is unpredictable. This makes it easier to hide attacks in plain sight. It also makes the use of behavioural profiling and other cyber protection techniques less effective.
In a statement Foreign Office Minister for Cyber, Lord Tariq Ahmad of Wimbledon said:
“The UK Government judges that the Mabna Institute based in Iran was responsible for a hacking campaign targeting universities around the world. By stealing intellectual property from universities, these hackers attempted to make money and gain technological advantage at our expense.
“We welcome the US indictments. It demonstrates our willingness and ability to respond collectively to cyber-attacks using all levers at our disposal. The focus on universities is a timely reminder that all organisations are potential targets and need to constantly strive for the best possible cyber security.”
What does this mean?
It is not often that state-sponsored organisations involved in cyber attacks are clearly identified. In this case the charges are very specific and the US has named nine individuals. The UK is backing the US move. Mabna Institute is also believed to be backed by the Islamic Revolutionary Guard Corps. This means that the reasons for the action and charges have a political element to them.
The US is ratcheting up the pressure on Iran on many fronts. It has increased sanctions and wants to scrap the deal agreed by the P5+1 to curtail Iran’s nuclear ambitions. These charges are part of that campaign to bring pressure on the Iranian government. It will be interesting to see if the US or the UK ever brings anyone to court over these attacks. Past claims against state-sponsored actors have resulted in little more than limited seizures of assets held in the US and Europe.
There is another dimension here and that is a message to China. The US is on the brink of a trade war over intellectual property rights with China. It has made a number of claims over recent months as it steps up pressure on the Chinese government. There is also no question that the US has similar details against Chinese state-sponsored actors and individuals. However, it has chosen, for the moment, not to publicly bring charges. Expect any charges, when they are brought, to include reciprocal action from other US allies.
Is this the start of a coordinated campaign of outing state-sponsored hacking groups and individuals? Unlikely. It is also unlikely that this will reduce the number of large-scale and coordinated attacks.