Two Iranian nationals were hit with federal charges in the US this week (8 August 2017) in relation to an alleged conspiracy involving computer hacking and credit card fraud.
An indictment alleged that Arash Amiri Abedian, 31, and Danial Jeloudar, 27, obtained stolen credit card numbers and related personal information by hacking, before using that information to try and extort money from American victims, the US Department of Justice (DoJ) said.
According to the allegations in the indictment – filed in Columbia, South Carolina – beginning October 2007 Abedian and Jeloudar conducted multiple cybercrimes that were in clear violation of US criminal law while residing in the Islamic Republic of Iran.
Between 2011 and 2016, the DoJ said in a release, Abedian used malware to capture the credit card and other personal information of individuals "who had transacted with certain merchants' websites".
The identities of the victims and the full scope of the cybercrime operation were not disclosed.
In February 2012, Abedian reportedly sent Jeloudar approximately 30,000 names and numbers, which he said were hijacked credit card numbers and associated information.
Around the period of March 2012 and April 2012, the DoJ continued, Jeloudar "ordered and obtained various equipment, servers, and internet hosting services from a provider in South Carolina" using a selection of stolen credit card numbers and hijacked identities.
The culprits' cybercrime operations did not stop as the years rolled on.
In January 2017, Jeloudar allegedly contacted a California-based website and threatened to disclose its customers' credit card numbers he said were previously obtained from a hack on the merchant's website, unless it paid a ransom in bitcoin, a form of cryptocurrency.
The website in question was not named.
US federal authorities said that Jeloudar threatened to inform the company's customers that their private information had been compromised by hackers and later launched a distributed-denial-of-service (DDoS) cyberattack attack on the company's website's servers.
The pair were charged with identity theft; wire fraud and unauthorised access to, and theft of information from, computers in the US.
Both men have been added to the FBI's Most Wanted list and are currently believed to be living in Iran. This means that if they travel to a country allied with the US they will be liable for arrest.
According to the FBI's website, both should be considered an international flight risk.
In July, the DoJ unsealed an indictment against two other Iranian citizens accused of selling stolen weapons software to the country's government. In that case, dating back to 2012, Mohammed Ajily, 35, and Mohammed Rezakhah, 39, reportedly infiltrated a US firm called Arrow Tech.