Cyber Theft
of WMD grade
Military Software

Cyber Theft of WMD grade Military Software

A Case Study of the Iranian Circumvention of UN 2231 Resolution How Iranian contract hackers stole a military grade restricted software for producing weapons and resold and redistributed it to the IRGC for weapon production purposes.

Projectile Rocket Ordnance Design and Analysis System (PRODAS), is a software created to aid in the design of bullets, missiles, and other military projectiles. The software was developed by Arrow Tech, a Vermont, USA based company. PRODAS typically sold between $40,000 and $800,000. Most importantly, anyone who bought the software had to be approved by ITAR, meaning it couldn’t be exported from the US without US State Dept license. The buyers would receive a file to download the software along with a hardware component with a unique key (or password) to open the file.

The Circumvention of Arms Embargoes

Iranian contract hackers successfully stole this software in 2012. They snuck inside Arrow Tech’s private computer networks as early as 2006, and remained inside until 2013, consistent with Iranian hacker trends of remaining inside hacked networks for long periods of time to maximize the amount of information stolen as well as to conduct espionage.

The Cyber Theft Operation

The hackers concealed their identities with foreign servers and many different email addresses. As seen in the map above, the hackers used Canadian and Dutch servers to hack into the networks. The stolen software was transferred to a server in an unknown location in October 2012, before it was transferred to Iranian computers.

The Hackers and Cyber Theft Operators

Iranian businessman Mohammed Seed Ajily organized and marketed the theft. He advertised to Iranian government entities and universities he could acquire this software and many others without obtaining the necessary licenses from US government. To conduct the theft he contracted Dongle Labs, who provided license cracking services, meaning they sold a service of hacking into restricted technologies. Mohammed Reza Rezakhah who ran the labs and his collaborator Njma GoJestaneh provided the cracking service. Both companies and the involved hackers received payment and certificates of appreciation for work from Iranian military. This attack is characteristic of Iranian hacks that are facilitated by government contracts distributed to the private market. Ajily used multiple companies to conduct thefts of this nature, including Andisheh VesaJ Middle East Company. This company is registered in Iran as in the business of buying and selling software, but apparently provides a front for illicit thefts as well. Andisheh VesaJ Middle East Company advertised their hacking service to Malek Ashtar Defense University, Tehran University, Sharif Technical University, Khvajeh Nasir University, and Shiraz Electro Optic Industry, a missile company owned by the Iranian military, as well as other countries. Iranian universities and private companies are often primary actors in violations of UN sanctions. 2 Iranian hackers were sanctioned by the US for their involvement in this attack. Even though the theft by nature is a circumvention UN arms embargoes, no international action has followed in this case or other Iranian IP thefts. On April 21, 2016, a federal grand jury in the United States District Court, District of Vermont, Burlington, Vermont, indicted Rezakhah and Ajily for their alleged involvement in the conspiracy and a federal warrant was issued for their arrest after they were charged with Conspiracy to Commit Computer Fraud, Computer Fraud, Wire Fraud, Violation of International Emergency Economic Powers Act (IEEPA), and Violation of International Traffic in Arms Regulations (ITAR).

Cyber Theft of IP as a Sanctionable Offense

Theft of IP is an evolving cyber weapon that we are following closely at CCSI. Other cases have demonstrated that digital attacks to steal IP have attacked the UN sanctions system in the following ways:

  • ● Steal restricted technologies (such as in this demonstrated case)
  • ● Conduct Espionage for future and counter attacks
  • ● Hold information Ransom and earn funds
  • ● Expose/harm their adversaries by releasing information