Get the Global IP Investigations and Enforcement Perspective

Industry content delivered straight to your inbox.
Email address
Secure and Spam free...

How Did the 9 Iranian IP Thieves Do It?

So, how sophisticated was the massive theft of IP by the 9 Iranians charged by the U.S. Department of Justice on Friday?

Well, here is a quote from a recent New York Times report, “According to the indictment, the Iranians broke into universities through relatively simple but common means — tricking professors to click on compromised links.”


The IP theft operation reportedly started in 2013 with the following impact:

  • 31.5 terabytes of academic data and IP stolen
  • $3-4 Billion value to procure data and IP by affected U.S. universities
  • 144 U.S. universities
  • 176 universities across 21 foreign countries
  • Targeted 100,000 professor accounts around the world
  • 8,000 professor email accounts in the U.S. alone
  • 47 domestic and foreign private sector companies, and
  • 5 U.S. government agencies


The New York Times report continued, “The spear-phishing emails purported to be from professors at one university to those at another and contained what appeared to be authentic article links. But once clicked on, the links steered the professors to a malicious Internet domain that led them to believe they’d been logged out of their systems and that asked them to enter their log-in credentials.

“Those credentials were logged and stolen by the hackers, prosecutors say.”[1]


Of course, as investigators, we are all too familiar with this routine fraud strategy: “Impersonation.”

In this case, the IP thieves lured the university professors in by impersonating other professors and institutions.

But the strategy is common: Impersonate the government institution, university, or private company (and persons purporting to represent those entities) by presenting an authentic appearance. And often it simply begins with a bogus email address, which is followed up with a bogus website, which leads to a bogus link, which often leads to giving-up personal identifying data (i.e., passwords) which then gives the thieves access to your IP.


Again, we are reminded of the need to raise the mindfulness of personnel whether in universities, private industry, or government institutions of the fundamentals of IP protection.

I wrote about IP protection mindfulness in a previous post titled, “Trade Secrets Protection-Mindfulness” on October 31, 2017.

Here is an excerpt: “HOW DO YOU RAISE THE TRADE SECRETS PROTECTION MINDFULNESS OF YOUR EMPLOYEES? The answer is Training. Just as companies have devoted resources to raising the “mindfulness” to workplace violence and sexual harassment (to minimize their risk to such episodes), companies need to devote resources to “trade secrets protection mindfulness” training.

“THE REALITY Companies, by necessity, need to accept the times we live in and the bad actors out there who will go to extreme lengths to steal their “trade secrets.” Just as we all—in this age of terrorism—have learned to live with exhaustive airport screening to minimize the chance of being attacked, similarly, in this exponentially growing age of IP theft, companies need to accept the critical need to raise the “trade secrets protection mindfulness” of its employees to minimize the risk of their “trade secrets” being stolen.”

Trade Secrets Protection-Mindfulness (+AUDIO)


In this recent episode, the bottom line issue is Online Use Discipline: “If you don’t know the sender, “Don’t Click the Link.”


  • Australia
  • Canada
  • China
  • Denmark
  • Finland
  • Germany
  • Ireland
  • Israel
  • Italy
  • Japan
  • Malaysia
  • Netherlands
  • Norway
  • Poland
  • Singapore
  • South Korea
  • Spain
  • Sweden
  • Switzerland
  • Turkey
  • United Kingdom


Nine Iranians Charged With Conducting Massive Cyber Theft Campaign on Behalf of the Islamic Revolutionary Guard Corps, U.S. Department of Justice, Press Release, March 23, 2018

When Nation-States Hack the Private Sector for Intellectual Property, The Hill, March 31, 2018

Nine Iranians Charged in Massive Hacking Scheme, NBC News, March 23, 2018

U.S. Charges 9 Iranians in Massive Hacking Scheme, written by the Associated Press and published in the New York Times, March 24, 2018

[1] U.S. Charges 9 Iranians in Huge Theft of Intellectual Property, NY Times, March 23, 2018,


Disclaimer: is offered as a service to the professional IP community. While every effort has been made to check information in this blog, we provide no guarantees or warranties, express or implied, with regard to content provided in We disclaim any and all liability and responsibility for the qualification or accuracy of representations made by the contributors or for any disputes that may arise. It is the responsibility of the readers to independently investigate and verify the credentials of such person and the accuracy and validity of the information provided by them. This blog is provided for general information purposes only and is not intended to provide legal or other professional advice.

Did you find this post useful?
I agree to have my personal information transfered to MailChimp ( more information )
Join other IP protection professionals, i.e., investigators, attorneys, and brand protection specialists and receive updates straight to your inbox.
We hate spam. Your email address will not be sold or shared with anyone else.

Ron Alvarez is an IP investigations and protection consultant and writer in New York City. He is a former NYPD lieutenant where he investigated robbery, narcotics, internal affairs, and fine art theft cases. Ron has since coordinated the private investigation of international fraud and money laundering cases, as well as IP-related investigations and research involving the four pillars of IP: copyright, patents, trademarks, and trade secrets. Ron is a graduate of the FBI National Academy and earned a B.A. in Government and Public Administration from John Jay College of Criminal Justice in Manhattan. He has written a number of articles for various investigative publications, as well as published "The World of Intellectual Property (IP) Protection and Investigations" in November 2021.

3 comments on “How Did the 9 Iranian IP Thieves Do It?

  1. Very informative post. Thanks.

  2. Tom Manley

    Interesting Readings
    Thank You

  3. Pingback: Why We Must Become Hacker-Detection-Profilers – IP PI BLOG

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get the Global IP Investigations and Enforcement Perspective

Industry content delivered straight to your inbox.
Email address
Secure and Spam free...
%d bloggers like this: