Iranian hackers stole academic research worth billions of dollars from hundreds of universities around the world — until a Charleston cybersecurity firm caught onto the scheme.

In the process, the company, PhishLabs, helped uncover what federal authorities are describing as “one of the largest state-sponsored hacking campaigns ever prosecuted.”

PhishLabs, a startup headquartered on Charleston’s upper peninsula, said Monday that it came across the Iranian hacking campaign in December. That’s when it found two websites chock full of web pages mimicking universities.

Crane Hassold, the company’s director of threat intelligence, found the first traces while researching cyber attacks targeting universities. It seemed like it might be part of something bigger, so he scooped up information about who started the websites and set out to find more like them.

He reached a startling conclusion: More than 300 universities around the world had been targeted over the course of nearly five years.

They included big-name research institutions, and they all focused on getting access to their library systems, apparently in hopes of finding proprietary research. None appears to have been in South Carolina, Hassold says.

“The phishing pages were all targeted specifically toward the libraries of the universities, so it was very unique and something I’d never seen before,” Hassold said. “If you looked at the list of universities, it’s certainly not like they were selected at random. They were selected for a reason.”

The campaign was simple enough. University professors — and, PhishLabs says, some students — were sent falsified emails saying they needed to update their login information to access library materials. The United Nations, two federal agencies, two states and dozens of businesses got similar messages.

Thousands of people took the bait, mistakenly handing over their account credentials. The attackers used it to hoover up an enormous trove of costly academic research, which they resold in Iran and shared with the government. The campaign cost American universities $3.4 billion in access fees, according to indictments unsealed on Friday.

All told, the Iranians snatched 31.5 terabytes of research. To run through that much data, you’d need to watch Netflix nonstop for a year.

The Iranian campaign is a massive example of phishing, which is one of the most common types of cyber attacks. That’s the practice of sending spoof emails that mimic legitimate institutions to pry personal information from unwitting users.

Spotting schemes like it is central to PhishLabs’ business. The company, which has raised a total of $11 million in investments, defends clients against being spoofed and trains workers how to spot scams.

Source » postandcourier