Misinformation and threatening emails to voters in the U.S. may not be the most sophisticated form of cyberattack, but the efforts to disrupt the democratic process are having the desired negative effect officials say.
(TNS) — While the Trump administration often mentioned Iran among cyberadversaries suspected of seeking to disrupt U.S. elections, the focus had been primarily on China and Russia.
Now, the Islamic Republic is emerging as a prime target for President Donald Trump in the final days before the Nov. 3 election over an alleged Iranian email campaign to intimidate voters and incite social unrest. In a public announcement late Wednesday, U.S. Director of National Intelligence John Ratcliffe described Iran's efforts, elevating the Islamic Republic as a more prominent suspect in efforts to disrupt the American political process.
The emails, claiming to be from the right-wing Proud Boys group, threatened Democratic voters with violence if they didn't change their party affiliation and voted for Trump on election day.
Iran was also distributing a video that sought to imply that fraudulent ballots were being mailed from overseas in a bid to interfere with the elections, Ratcliffe said. In addition, Iran and Russia had managed to collect voter registration material, which was available online, and that Tehran used to deploy emails to Americans in an attempt to "convey misinformation," he said.
Google also identified an operation linked to Iran that "sent inauthentic emails to people in the U.S. over the past 24 hours," a spokesperson said. For Gmail users, spam filters stopped 90% of the approximately 25,000 emails sent, the spokesperson said, suggesting the attack wasn't particularly effective.
But with voters nerves already frayed, the administration's handling of the episode also raises questions. Ratcliffe said the Iranian operation was meant to hurt the president, which is far from clear based on the contents of the video and emails. And aspects of the Iranian effort seem somewhat ham-handed compared to Russia's election meddling campaign in 2016.
Yet the Iranian email effort, even with some of the messages getting caught by spam filters, shows that a relatively minor operation can still create a sense of turmoil.
Iranian officials rejected the U.S. allegations. "These accusations are nothing more than another scenario to undermine voter confidence in the security of the U.S. election, and are absurd," Alireza Miryousefi, a diplomat at the Iranian mission to the United Nations, said in a statement.
Cyberresearchers with expertise in Iranian politics contend the operation fits Iran's agenda of supporting the campaign of Democratic challenger Joe Biden. These hackers weren't trying to scare off Democrats, but instead further vilify Trump's base, said Paul Prudhomme, cyberthreat intelligence adviser at the cyberresearch firm, IntSights.
Iran has been turning up its cyberspigot on the Trump administration since it pulled the U.S. out of a multinational nuclear accord with Iran in May 2018. Since then, Treasury Department officers have been targeted by Iranian social engineering campaigns. While Iran's cybercapabilities pale in comparison to Russia's, they still aspire to "do to Trump what the Russians did to Hillary Clinton in 2016," Prudhomme said.
Iran is "happy to see disarray and disruption in the U.S.," said Dr. Sanam Vakil, the deputy director of the Middle East and North Africa program at Chatham House, a London think tank. "And if it can embarrass America in any way that is a positive thing."
With U.S. sanctions imposed by the Trump administration hampering its military endeavors, Iran sees cyberattacks as a good way to continue to try to exert influence and have an impact, she said. "As tensions continue this is going to be an area where Iran is going to invest," she said.
Yet even as Ratcliffe said the Iranian campaign sought to damage Trump's election chances, Vakil said that Iran's politics aren't monolithic. The overriding consensus is that a Biden presidency was welcomed, but there are some in the Iranian political establishment who prefer four more years of Trump.
"They see him as weakening the U.S., and that sort of weakness is positive for Iran in the Middle East," she said. "He also appears to be drawing down U.S. influence in the Middle East and that can be billed as another win for Tehran."
Iranian information operations date back at least eight years, said John Hultquist, a senior director at the cybersecurity firm FireEye Inc. "They have grown beyond fake news sites and social network activity to elaborate tactics, such as impersonating journalists to solicit videos and interviews and placing op-eds. They have even impersonated American politicians," he said in an email.
The digital feud between the U.S. and Iran dates back to when a devastating digital worm called Stuxnet, first discovered in 2010, crippled an Iranian uranium processing facility. That attack has been attributed by multiple media outlets to the U.S. and Israel.
Partly in response, Iranian hackers launched attacks starting in 2011 that overwhelmed the websites of Bank of America Corp., Wells Fargo & Co. and others over a period of months. Since then, state-sponsored hackers have been accused of attacking Saudi Aramco, the world's biggest oil exporter, in 2012, and a Las Vegas casino in 2014, among other businesses in the U.S. and elsewhere.
More recently, U.S. officials and cybersecurity experts have warned that Iran was among a handful of nation states that are intent on trying to disrupt the Nov. 3 election. "Iran seeks to undermine U.S. democratic institutions, President Trump and to divide the country in advance of the 2020 elections," according to an August intelligence assessment.
Earlier this month, Microsoft Corp. reported that an Iranian-government linked group of hackers tried to infiltrate email accounts of a U.S. presidential campaign. Other targets of the hackers included current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside of Iran, the company said.
©2020 Bloomberg News, Distributed by Tribune Content Agency, LLC.
Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.