In January 2016 the United States and Iran engaged in a prisoner swap. None of the freed prisoners returned to Iran, instead they all chose to remain in the United States, including Nima Golestaneh, the only Iranian national in the group. (The remainder were dual U.S.-Iranian citizens). Golestaneh, who had been nabbed in, and extradited from, Turkey, had been convicted of a scheme to hack into Arrow Tech in Vermont and send its ITAR-controlled software back to Iran.

Now we have a pretty good idea why he may have been selected for a pardon and why he decided that going back to Iran might not have been such a good idea. Yesterday, two Iranians, Mohammed Ajily and Mohammed Rezakhah were added by OFAC to the Specially Designated Nationals and Blocked Persons List (the “SDN List”) and the Department of Justice announced that an indictment against the two had been unsealed. The indictment reveals that Ajily and Rezakhah were Golestaneh’s co-conspirators in the hacking scheme, and it seems certain that Golestaneh made a deal and dropped the dime on Ajily and Rezakhah.

Both Ajily and Rezakhah are currently in Iran and probably have no current plans to visit Disneyland or anywhere else outside Iran. It’s also safe to assume that Golestaneh would not be welcomed with open arms should he turn up in Iran. In fact, that would be an instance of going from the frying pan (a U.S. jail) into the fire (an Iranian one).

The indictment details Golestaneh’s role in the hacking conspiracy. Apparently his job was to procure servers in Canada and the Netherlands. These enabled Rezakhah to download the Arrow Tech software without using an IP address from Iran, which likely would have been blocked by Arrow Tech. The software would not run without a hardware dongle from Arrow Tech, and Arrow Tech informed foreign customers that they would need an export license to obtain the dongle. That dongle not doubt contained the digital key needed to decrypt the program and allow it to run. It looks like Rezakhah hacked into Arrow Tech’s servers to obtain the digital key needed to decrypt the program.

Of course, it’s not just Rezakhah who has a problem in this scenario. If in fact, if Arrow Tech allowed foreign download of ITAR-controlled encrypted software without a license, that was arguably problematic. DDTC has taken the position that items are exported even if encrypted. And, if there is support for that position by DDTC, it can be found in this case, which demonstrates that there is always some possibility that the encryption will be broken. (It now appears that Arrow Tech distributes the software only by optical media and not by download). One has to wonder if the failure of DDTC to adopt rules like those adopted by BIS which exempt encrypted items from the definition of export is, at least in part, the result of what happened in this case.

One other thing bears noting here, namely, the most amusing irrelevant statement ever put in a criminal indictment. For some reason, the indictment notes that Ajily, Rezakhah’s co-conspirator “received certificates of appreciation for his work from several of the Iranian government and military entities.”   Seriously, he got certificates he could frame and hang on his office wall.  Awesome.  That was a clear violation of the law that forbids receiving certificates of appreciation from Iran.  I have to imagine that this factoid comes from Golestaneh who, when he was singing to the DOJ, said something on the order of  “Ajily got certificates and all I got was this lousy jumpsuit.”

Copyright © 2017 Clif Burns. All Rights Reserved.  (No republication, syndication or use permitted without my consent.)