The US Department of Justice (DoJ) issued a release on Wednesday confirming that the duo had been charged with computer hacking, fraud, and aggravated identity after allegedly targeting and hacking into computers in New Jersey and other parts of the US. A variety of information was lifted from the systems reportedly accessed.
According to the release, fedeeral authorities believe Farhadi and Heidarian "stole hundreds of terabytes of data, which typically included confidential communications pertaining to national security, foreign policy intelligence, non-military nuclear information [and] aerospace data."
The list also included information on human rights activists, financial and "personally identifiable" data pertaining to victims and the intellectual property, such as "unpublished scientific research."
"In some instances, the defendants’ hacks were politically motivated or at the behest of Iran, including instances where they obtained information regarding dissidents, human rights activists, and opposition leaders. " the release detailed, citing the Tuesday indictment.
However, there were also reported occasions in which Farhadi and Heidarian sold off the hacked information and data via the black market "for private financial gain."
The DoJ claimed the duo's coordinated cyber intrusion campaign was not limited to the US, but also included locations in Europe and the Middle East. Israel and Saudi Arabia were explicitly named.
“These Iranian nationals allegedly conducted a wide-ranging campaign on computers here in New Jersey and around the world,” Craig Carpenito, US attorney for the District of New Jersey, said in a quoted statement published in the release. “They brazenly infiltrated computer systems and targeted intellectual property and often sought to intimidate perceived enemies of Iran, including dissidents fighting for human rights in Iran and around the world."
Farhadi and Heidarian, now considered fugitives by the Federal Bureau of Investigation, were each charged with "one count of conspiracy to commit fraud and related activity in connection with computers and access devices; unauthorized access to protected computers; unauthorized damage to protected computers; conspiracy to commit wire fraud; and access device fraud; and five counts of aggravated identity theft."