Data Loss Prevention (DLP) , Governance & Risk Management

FBI Blames Iranian Hackers for Stealing US Missile Tech

Export-Restricted Software Helps Develop Rockets, Missiles and Other Weapons
FBI Blames Iranian Hackers for Stealing US Missile Tech
An M777A2 155 mm Howitzer during a live fire exercise in 2011. (Photo: U.S. Army Spc. Michael Blalack, via Flickr/CC)

Two Iranian nationals remain at large after being charged by the U.S. Department of Justice with hacking into a Vermont-based engineering firm and stealing software used to develop projectiles, ranging from bullets to GPS-guided artillery shells and missiles.

See Also: Live Webinar | Cyber Resilience: Recovering from a Ransomware Attack

A superseding indictment, dated April 21, 2016, and unsealed Monday, charges Mohammed Reza Rezakhah, 39, and Mohammed Saeed Ajily, 35, with a raft of hacking-related offenses. Charges include computer fraud and abuse, unauthorized access to computers, theft of information, as well as wire fraud and conspiracy. Arrest warrants have been issued for both men.

Based on an investigation led by the FBI cyber squad based in Albany, New York, beginning around 2007, Ajily - a businessman who regularly sells to Iranian military and government entities - instructed Rezakhah and others to steal valuable software or else find a way to crack it, referring to defeating any devices or code designed to restrict its use, the indictment alleges.

"Rezakhah would then conduct unauthorized intrusions into victim networks to steal the desired software," the Justice Department says. "Once the software was obtained, Ajily marketed and sold the software through various companies and associates to Iranian entities, including universities and military and government entities, specifically noting that such sales were in contravention of U.S. export controls and sanctions."

Target: Projectile Design Software

One of the group's alleged targets was the proprietary PRODAS - Projectile Rocket Ordnance Design and Analysis System - software that retails for $40,000 to $800,000, according to court documents. The software is developed by Arrow Tech, an engineering consulting firm based in Burlington, Vermont.

The software allegedly stolen by the suspects is designated as a "defense article" on the U.S. Munitions List of the International Traffic in Arms Regulations - ITAR - meaning anyone who wants to export it from the United States must first obtain a license from the U.S. Department of State.

PRODAS software start screen, circa 2007.

PRODAS requires a hardware dongle to operate, and it includes warnings stating that it can only be shipped outside the United States with an export license.

So the defendants allegedly focused on cracking the hardware dongle. "Rezakhah and co-conspirator Nima Golestaneh operated under the company name 'Dongle Labs' to sell customers the capability to circumvent these types of protections on a variety of software packages," according to the indictment. "Razakhah also conducted other hacking and cracking activities at [Ajily's] direction."

Ajily sold the stolen software via a business named the Andisheh Vesal Middle East Company, according to court documents. The company's alleged customers included - but were not limited to - Malek Ashtar Defense University, Tehran University, Sharif Technical University, Nasir University and Shiraz Electro Optic Industry.

Arrow Tech said it was unable to comment on the indictment or what anti-hacking tweaks it might have since made to its dongles, and referred all related inquiries to the Department of Justice. A spokesman at the Justice Department could not be immediately reached for comment.

Unexpected Twist for Third Suspect

Nima Golestaneh, pictured in 2015. (Source: Essex County Sheriff's Department in Vermont)

The third man mentioned in the indictment, Golestaneh, an Iranian national, was arrested in Turkey in connection with the case in November 2013, via an Interpol "red notice," and extradited to the United States on Feb. 12, 2015.

On Dec. 2, 2015, Golestaneh pleaded guilty in Vermont federal court to related charges, including obtaining access to servers based in Canada and the Netherlands for Rezakhah, which Rezakhah allegedly used to hack into Arrow Tech's computers. According to court documents, the servers were used "to conduct unauthorized computer intrusions so that the intrusions would be more difficult to trace."

In January 2016, Golestaneh - then 30 years old - was one of seven Iranians granted clemency by President Barack Obama, in exchange for the release of Americans held captive in Iran.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.