Iranian hackers selling stolen academic research from top British universities online

By James Cooke

Source: Telegraph

 

Academic research from top British universities including Cambridge University have been stolen and resold online by Iranian hackers CREDIT: PA

Millions of documents, including sensitive research on nuclear power plants and cybersecurity defence, have been stolen from top British universities by Iranian hackers, the Telegraph can reveal. 

Infiltration of the elite British academic institutions, including Oxford and Cambridge, comes ahead of a new round of sanctions against Tehran due to be imposed in November.

Several Farsi language websites offer the hacked papers for sale, and will steal others on demand. While many are anodyne, others are on topics including nuclear development, and encryption of computer files.

The hack, which provides a backdoor to Western research, risks sparking deep displeasure in Washington, as Donald Trump’s administration seeks to isolate the regime in Tehran. 

Last week, a State Department official warned companies in Europe to comply with the new sanctions or face retaliation from the US. Yet the security breach means Britain’s top universities are effectively already being used to circumvent the blockade, which bans the sale of academic papers to Iran.

Alistair Fenemore, the chief information security officer of Edinburgh University, which is among those to have had research papers stolen and sold online, confirmed that hackers had targetted the university and that it was in the process of replacing and improving its computer network.

Mr Fenemore said that the hackers had attempted to steal passwords by setting up fake login pages which seek to trick staff and students into handing over their details.

“Universities should be worrying about it,” said Dave Palmer, a former MI5 and GCHQ officer now at the cybersecurity company Darktrace. “If you’re doing stuff like working on the next helmet-mounted display for the fighter aircraft of the future, that is clearly of interest to adversarial states.”

The hack is particularly embarrassing as it comes six months after the US Department of Justice revealed that Iranian hackers were targeting universities around the world. That warning was echoed by the UK’s National Cyber Security Centre. 

Today, however, British papers are being bought and sold on Farsi-language websites for as little as £2. 

To purchase the stolen papers, customers in Iran send an encrypted message to a phone number using apps such as WhatsApp and Telegram. They’re told to give the specific title of the paper they’d like to purchase, and then instructed to make a payment via a bank transfer.

Once the payment is received by the site’s operators, a copy of the stolen paper is then emailed to the customer.

Comments on the sites written in Farsi include requests for papers from academic databases. One person requested a paper on managing power plants “as soon as possible”. Another Iranian asked for the latest edition of a BMI Research report into business risk in Iran, which normally sells for over £900. 

The Iranian hack comes as Britain’s government-funded technology consultancy for higher education reveals that universities are worryingly blasé about the dangers posed by such hacking from abroad. 

Jisc, formerly known as the Joint Information Systems Committee, surveyed 114 universities and colleges in the UK this year and asked about their cybersecurity concerns and priorities. Only one said it was concerned about so-called “nation state” attacks.

Jens Monrad, principal intelligence analyst at cybersecurity company FireEye, said that the survey’s findings were surprising. “They are not addressing the threat landscape they face realistically”, he said of universities in the UK.

This comes as universities also face hacking attacks from their own students. Jisc has released data which shows that cyberattacks against universities and colleges peaked during term times, and declined when students weren’t in school.

The attacks faced by universities included distributed denial of service attacks, which involve flooding a target’s computer network with online traffic to slow it down or to take it offline altogether.

Attacks typically started around 9am before ending around 3pm or 4pm, according to Jisc’s security chief John Chapman.

A spokesman for Cambridge University said: “We are aware of the issue. We are constantly updating our cybersecurity.”

A spokesman for Edinburgh University Press, the academic publishing wing of the university, said: “We are aware that pirated versions of our eBooks exist, particularly in countries where copyright law is weak. If anyone comes across such material, we strongly encourage them to get in touch with us so we can issue a Cease & Desist Order.”

And a spokesman for the National Cyber Security Centre (NCSC) said: “NCSC experts work closely with the academic sector to improve their security practices and help protect education establishments from cyber threats. Every organisation must act to ensure their online security is as robust as possible, and we strongly urge them to follow the world-leading, best practice cyber security advice on the NCSC website. The UK has taken a unique approach to cyber security that is intentionally bold and interventionalist aimed at making the UK an unattractive target for attackers.”