Iran Targeted by U.S. Over Threats Against Democratic Voters
(Bloomberg) -- While the Trump administration often mentioned Iran among cyber-adversaries suspected of seeking to disrupt U.S. elections, the focus had been primarily on China and Russia.
Now, the Islamic Republic is emerging as a prime target for President Donald Trump in the final days before the Nov. 3 election over an alleged Iranian email campaign to intimidate voters and incite social unrest. In a public announcement late Wednesday, U.S. Director of National Intelligence John Ratcliffe described Iran’s efforts, elevating the Islamic Republic as a more prominent suspect in efforts to disrupt the American political process.
The emails, claiming to be from the right-wing Proud Boys group, threatened Democratic voters with violence if they didn’t change their party affiliation and voted for Trump on election day.
Iran was also distributing a video that sought to imply that fraudulent ballots were being mailed from overseas in a bid to interfere with the elections, Ratcliffe said. In addition, Iran and Russia had managed to collect voter registration material, which was available online, and that Tehran used to deploy emails to Americans in an attempt to “convey misinformation,” he said.
Google also identified an operation linked to Iran that “sent inauthentic emails to people in the U.S. over the past 24 hours,” a spokesperson said. For Gmail users, spam filters stopped 90% of the approximately 25,000 emails sent, the spokesperson said, suggesting the attack wasn’t particularly effective.
But with voters’ nerves already frayed, the administration’s handling of the episode also raises questions. Ratcliffe said the Iranian operation was meant to hurt the president, which is far from clear based on the contents of the video and emails. Cyber-researchers are also wondering what sort of intelligence Ratcliffe unearthed to accuse Iran of meddling within just hours of the spoofing operation. Attributing malicious operations to nation-states typically takes months and years, not hours.
Ohad Zaidenberg, lead cyber-intelligence researcher at ClearSky Cyber Security, said he’s still investigating the emails and their origin to understand how the U.S. was able to point the finger at Iran.
“We investigated the emails, but didn’t find the link to Iran,” said Zaidenberg, an expert in Iranian cyber-operations. “This attack’s source might be Iran, or other threat actor exploiting Iranians infrastructure.”
Speaker of the House Nancy Pelosi also questioned Ratcliffe’s conclusions. “I will be very interested to hear what they have to say in a classified briefing because everything we have seen in the public domain has not justified a statement that we heard yesterday,” said Pelosi, at a news conference prior to a closed-door briefing. Afterward, she told reporters, “I think we have to be very careful about any statements coming out from the intelligence community 13 days before the election.”
Iranian officials rejected the U.S. allegations. “These accusations are nothing more than another scenario to undermine voter confidence in the security of the U.S. election, and are absurd,” Alireza Miryousefi, a diplomat at the Iranian mission to the United Nations, said in a statement.
Cyber researchers with expertise in Iranian politics contend the operation fits Iran’s agenda of supporting the campaign of Democratic challenger Joe Biden. These hackers weren’t trying to scare off Democrats, but instead further vilify Trump’s base, said Paul Prudhomme, cyberthreat intelligence adviser at the cyber-research firm, IntSights.
Iran has been turning up its cyber spigot on the Trump administration since it pulled the U.S. out of a multinational nuclear accord with Iran in May 2018. Since then, Treasury Department officers have been targeted by Iranian social engineering campaigns. While Iran’s cyber capabilities pale in comparison to Russia’s, they still aspire to “do to Trump what the Russians did to Hillary Clinton in 2016,” Prudhomme said.
Iran is “happy to see disarray and disruption in the U.S.,” said Dr. Sanam Vakil, the deputy director of the Middle East and North Africa program at Chatham House, a London think tank. “And if it can embarrass America in any way that is a positive thing.”
With U.S. sanctions imposed by the Trump administration hampering its military endeavors, Iran sees cyber-attacks as a good way to continue to try to exert influence and have an impact, she said. “As tensions continue this is going to be an area where Iran is going to invest,” she said.
Yet even as Ratcliffe said the Iranian campaign sought to damage Trump’s election chances, Vakil said that Iran’s politics aren’t monolithic. The overriding consensus is that a Biden presidency was welcomed, but there are some in the Iranian political establishment who prefer four more years of Trump.
“They see him as weakening the U.S., and that sort of weakness is positive for Iran in the Middle East,” she said. “He also appears to be drawing down U.S. influence in the Middle East and that can be billed as another win for Tehran.”
Iranian information operations date back at least eight years, said John Hultquist, a senior director at the cybersecurity firm FireEye Inc. “They have grown beyond fake news sites and social network activity to elaborate tactics, such as impersonating journalists to solicit videos and interviews and placing op-eds. They have even impersonated American politicians,” he said in an email.
The digital feud between the U.S. and Iran dates back to when a devastating digital worm called Stuxnet, first discovered in 2010, crippled an Iranian uranium processing facility. That attack has been attributed by multiple media outlets to the U.S. and Israel.
Partly in response, Iranian hackers launched attacks starting in 2011 that overwhelmed the websites of Bank of America Corp., Wells Fargo & Co. and others over a period of months. Since then, state-sponsored hackers have been accused of attacking Saudi Aramco, the world’s biggest oil exporter, in 2012, and a Las Vegas casino in 2014, among other businesses in the U.S. and elsewhere.
More recently, U.S. officials and cybersecurity experts have warned that Iran was among a handful of nation states that are intent on trying to disrupt the Nov. 3 election. “Iran seeks to undermine U.S. democratic institutions, President Trump and to divide the country in advance of the 2020 elections,” according to an August intelligence assessment.
Earlier this month, Microsoft Corp. reported that an Iranian-government linked group of hackers tried to infiltrate email accounts of a U.S. presidential campaign. Other targets of the hackers included current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside of Iran, the company said.
©2020 Bloomberg L.P.