On an October morning in 2012, the system administrator of a tiny Vermont defense contractor arrived at work to find the business’ computers had been hacked and a sophisticated software program stolen. Prosecutors later concluded the thieves were a group of Iranians who sold the software to organizations within the Iranian government.
The hack, revealed in an indictment unsealed last week, shows that mercenary hackers who sell stolen data to friendly governments are a growing threat to defense contractors, experts say.
“They are essentially nonsanctioned espionage groups,” said Brian Wallace, the lead security data scientist for the Irvine, California-based company computer security company Cylance Inc. “The government doesn’t create them, they don’t own them. They operate and get almost of their income from the government.”
The South Burlington company, Arrow Tech Associates, makes software used to monitor projectiles in flight.
Arrow Tech President Charles Hillman said the firm was able to track the hackers’ every keystroke, which helped the FBI trace the intrusion to three Iranians.
“We were very impressed with what they got done in just a few hours,” he added.
Iranian officials in Washington referred an emailed question on the issue from The Associated Press to “the pertinent department.” There was no further reply.
The eight-count indictment released last week alleged that from at least 2007 through May 2013 the three men broke into computers in “Vermont and elsewhere.” It said the group also stole software from an unidentified Western aerospace company in July 2012.
Arrest warrants were issued for two of the men: Mohammed Reza Rezakhah, 39, and Mohammed Saeed Ajily, 35. They were indicted in April 2016, and FBI wanted posters say the two men are believed to be in Iran.
The third man, Nima Golestaneh, had been indicted in 2013, but the case was sealed until February 2015, when he was brought to the U.S. from Turkey.
Golestaneh pleaded guilty in Vermont in December 2015. The next month, he was pardoned by then-President Barack Obama as part of a prisoner swap with Iran that included the release of Washington Post reporter Jason Rezaian and former U.S. Marine Amir Hekmati.
Such hacks are a growing threat for defense contractors, said Phil Sussman, the president of Norwich University Applied Research Institutes, which works on cyber security issues at the private Vermont military college.
“In the last five or six years anyways, it has been common knowledge that these kinds of services are readily available on the dark web and could be purchased,” Sussman said.