Iranian government-linked hackers are believed responsible for recent attempts to hack into the computer systems and data bases of seven leading Australian universities to steal secret research, according to a senior computer researcher.

The hackers, who are believed to have links with Iran’s Revolutionary Guards, were attempting to break into top-level valuable confidential research that could be used, or sold.

Universities in all Australian capitals, except Hobart and Darwin, were included in a wave of attacks that targeted 76 universities in 14 countries, including the US, Israel, the UK and South Africa.

Attacks thwarted

Alex Tilley, a senior security researcher at SecureWorks, which is listed on the US-technology bourse Nasdaq, said his team identified and stopped the attack within days.

“We got it while it was being set up,” Mr Tilley said. “But they could come back tomorrow – we need to keep monitoring.” The investigation is continuing.

The attackers are believed to be a group codenamed Cobalt Dickens that are linked to the Iranian government and operate out of Iran. Software experts can identify the source from the hackers’ techniques and targets.

The hackers created fake websites resembling the login pages for each university.

Authorised users who accidentally fill in their account name and passwords in the forged login pages provided the hackers with login credentials.

After filling in their details, the victims are automatically redirected to the legitimate website which means they are unaware of the attack.

Universities are attractive targets because they are usually less regulated than finance or healthcare organisations and are often undertaking cutting-edge research.

Mr Tilley said the targets and coding characteristics were similar to previous attacks by Cobalt Dickens.

Earlier this year, the US Department of Justice indicted nine Iranian nationals and the Mabna Institute, a private government contractor based in Iran with close links to the Islamic Revolutionary Guard Corps.

The nine alleged hackers are on an international ‘most wanted’ list for conspiracy to commit computer intrusions, conspiracy to commit wire fraud, computer fraud, unauthorised access for private financial gain and aggravated identify theft.

The indictment alleges the Iranians stole more than 31 terabytes of documents and data from more than 140 universities, 30 companies and five government agencies in the US.

Five ways to boost cyber security:

1.Enable some form of ‘two-factor authentication’, which is usually a password and then a personal detail.

2. Use strong, hard-to-guess passwords and change them regularly.

3. Invest in software that can monitor and manage account access.

4. Adhere to your organisation’s security policies and advise your IT team about suspicious links and sources within emails.

5. Don’t be afraid to pick up the phone to confirm that an email was sent by a legitimate contact.

Source » afr