Two Iranians Charged with Hacking US Defense Technology Maker

Written by

Two Iranian nationals have been charged by the US government for hacking a US defense technology maker in a bid to steal and sell software used in ammunition design.

According to the US Department of Justice, Mohammed Reza Rezakah, 39, and others, hacked Arrow Tech, a Vermont-based engineering consulting and software company. Arrow Tech’s primary product was PRODAS, a piece of proprietary software that assists users in aerodynamics analysis and design for projectiles, from bullets to GPS guided artillery shells.

PRODAS typically sold for between $40,000 and $800,000. Customers would have to download a locked version of the software from Arrow Tech’s website, and use a code from a special hardware key to access it.

The software is designated as a ‘defense article’ on the US Munitions List of the International Traffic in Arms Regulations (ITAR), meaning it can’t be exported from the US without a license from the US Department of State – a fact made clear on Arrow Tech’s website.

Mohammed Saeed Ajily, 35, would task Rezakhah with conducting unauthorized intrusions into victim networks to steal the desired software. Once it was obtained, Ajily marketed and sold the software through various companies and associates to Iranian entities, including universities and military and government entities. He would specifically note that such sales were in contravention of US export controls and sanctions, the DoJ said.

The hacking, stealing and redistributing of software took place between August 2007 and May 2013.

Ajily had a business called Andisheh VesaJ Middle East Company which was a smokescreen for an organization that obtained and sold software. Rezkhah ran a company called Dongle Labs, which provided licence cracking services.   

The DoJ said that Rezakhah and Ajily “knowingly and wilfully conspired with each other and others known and unknown to the grand jury, including Nime Golestaneh, to intentionally access protected computers without authorization and thereby obtain information from the protected computers where the value of the information obtained exceeded $5m”.

Both Rezakhah and Ajily have been charged with criminal conspiracy relating to: computer fraud and abuse, unauthorized access to and theft of information from computers, wire fraud, exporting a defense article without a license and violating sanctions against Iran.

The court issued arrest warrants for both defendants. Their partner, Nima Golestaneh pleaded guilty to hacking Arrow Tech back in December 2015.

What’s hot on Infosecurity Magazine?