On December 1, 2021, a federal grand jury in the Eastern District of Missouri indicted two Iranian nationals located abroad for conspiracy to commit wire fraud. The charges stem from the defendants’ scheme to hack the computers of a Missouri-based technology company for the purpose of using their power to mine for cryptocurrency – a practice commonly known as “cryptojacking.”
The indictment states that the Iranians sought to impersonate the company in order to build and install new computer servers via a cloud service for the purpose of mining cryptocurrency. The fraud was first discovered by the company when it received a $760,000 bill from the cloud service that had set up for the servers.
According to the Department of Justice, cryptojacking is “often accomplished through the use of malware or compromised websites, which cause the victim’s computer to run a crypto-mining code.” In order to combat cryptojacking, the DOJ recommends that companies and individuals establish two-step authentication, monitor log-in history, and audit cloud storage.
This action demonstrates DOJ’s aggressive approach to combatting cyberattacks, particular where the virtual currency industry intersects with cybersecurity. While this case does not involve U.S. economic sanctions laws (the charges were wire fraud), it nonetheless represents the risks presented by cyberattacks that initiate from, or otherwise involve, actors located or resident in, or otherwise affiliated with, sanctioned countries such as Iran. As we have noted in the past, the U.S. government (including OFAC), have increasingly focused on ransom payments in connection with malicious cyber activities that originate from sanctioned jurisdictions or otherwise have a sanctions nexus.