Prisoner swap frees Iranian hacker
- By Sean Lyngaas
- Jan 19, 2016
Among the seven Iranians freed in a prisoner swap between the United States and Iran over the weekend was a man accused of hacking into a Vermont-based defense firm to steal software. His case was a reminder that cyberspace has been a flashpoint in the often-tense U.S./Iran relationship.
Federal officials announced in December 2015 that Nima Golestaneh had pleaded guilty to hacking aerodynamics firm Arrow Tech Associates. According to the plea deal, he helped infiltrate Arrow Tech in October 2012 using servers that masked the identity and origin of the attackers.
Golestaneh was allegedly going after Arrow Tech's proprietary software. The firm's website says it develops software for designing and simulating guided and unguided missile projectiles.
Hackers "are not immune from the law because they hack from faraway countries that they perceive as offering a safe haven," U.S. Attorney Eric Miller said in a statement announcing the guilty plea. But any basking in Golestaneh's guilty plea from U.S. officials proved short-lived because he was freed just six weeks later.
The Justice Department's indictment of foreign hackers has been a key aspect of the Obama administration's search for a deterrent in cyberspace. A department spokesman did not respond to requests for comment on the impact of Golestaneh's release.
Chinese hackers have also targeted the intellectual property of U.S. defense contractors, and the Defense Department has tried to shore up defense of its secrets via an information-sharing scheme.
When ranking nation-states' cyber capabilities, U.S. officials often put Iran in the second tier, behind Russia and China. Director of National Intelligence James Clapper has characterized Iran and North Korea as less sophisticated than Russia and China in cyberspace but also more unpredictable.
Iranian hacks have sometimes relied more on guile than on technical feats. In one example, hackers allegedly set up a fake news site staffed by a team of fake reporters who tried to connect via social-media platforms to senior U.S. and Israeli government officials, according to a May 2014 report by iSight Partners.
Iranian hackers have also reportedly grown more capable in recent months. An April 2015 study produced by cyber intelligence firm Norse and the conservative think tank American Enterprise Institute concluded that Iran was "becoming a serious force in the malware world."
The country has been accused of sponsoring a wave of distributed denial-of-service attacks on the U.S. financial sector in 2011 and 2012, and a 2014 hack on a Las Vegas casino company.
"The Iranians are still poking around, still improving their skills, but the level of action against the U.S. appears to be under control," said James Lewis, a senior fellow at the Center for Strategic and International Studies. "DDOS against some bank isn't worth risking the nuclear deal."
The United States has reportedly conducted its own computer operations against Iran by working with Israel to develop the Stuxnet computer worm to destroy centrifuges used in Iran's nuclear program, according to multiple news reports.
Geopolitical developments can influence American and Iranian activity in cyberspace. For example, Adm. Michael Rogers, director of the National Security Agency, told Congress in September 2015 that Iranian cyberattacks on U.S. targets had declined noticeably with the intensification of nuclear negotiations between the two countries.
Sean Lyngaas is a former FCW staff writer.