WASHINGTON: With less than three months before the US election, Iran is intensifying its efforts to meddle in American politics, US officials and private cybersecurity firms say, with the suspected hack of Donald Trump’s campaign being only the latest and most brazen example.
Iran has long been described as a “chaos agent” when it comes to cyberattacks and disinformation campaigns and in recent months groups linked to the government in Tehran have covertly encouraged protests over Israel’s war in Gaza, impersonated American activists and created networks of fake news websites and social media accounts primed to spread false and misleading information to audiences in the US
While Russia and China remain bigger cyber threats against the US, experts and intelligence officials say Iran’s increasingly aggressive stance marks a significant escalation of efforts to confuse, deceive and frighten American voters ahead of the election.
The pace will likely continue to increase as the election nears and America’s adversaries exploit the Internet and advancements in artificial intelligence to sow discord and confusion.
“We’re starting to really see that uptick and it makes sense, 90 days out from the election,” said Sean Minor, a former information warfare expert for the US Army who now analyzes online threats for the cybersecurity firm Recorded Future, which has seen a sharp increase in cyber operations from Iran and other nations. “As we get closer, we suspect that these networks will get more aggressive.”
The FBI is investigating the suspected hack of the Trump campaign as well as efforts to infiltrate the campaign of President Joe Biden, which became Vice President Kamala Harris’ campaign when Biden dropped out. Trump’s campaign announced Saturday that someone illegally accessed and retrieved internal documents, later distributed to three news outlets. The campaign blamed Iran, noting a recent Microsoft report revealing an attempt by Iranian military intelligence to hack into the systems of one of the presidential campaigns.
“A lot of people think it was Iran. Probably was,” Trump said Tuesday on Univision before shrugging off the value of the leaked material. “I think it’s pretty boring information.”
Iran has denied any involvement in the hack and said it has no interest in meddling with US politics.
That denial is disputed by US intelligence officials and private cybersecurity firms who have linked Iran’s government and military to several recent campaigns targeting the US, saying they reflect Iran’s growing capabilities and its increasing willingness to use them.
On Wednesday Google announced it had uncovered a group linked to Iran’s Revolutionary Guard that it said had tried to infiltrate the personal email accounts of roughly a dozen people linked to Biden and Trump since May.
The company, which contacted law enforcement with its suspicions, said the group is still targeting people associated with Biden, Trump and Harris. It wasn’t clear whether the network identified by Google was connected to the attempt that Trump and Microsoft reported, or were part of a second attempt to infiltrate the campaign’s systems.
Iran has a few different motives in seeking to influence US elections, intelligence officials and cybersecurity analysts say. The country seeks to spread confusion and increase polarization in the US while undermining support for Israel. Iran also aims to hurt candidates that it believes would increase tension between Washington and Tehran.
That’s a description that fits Trump, whose administration ended a nuclear deal with Iran, reimposed sanctions and ordered the killing of an Iranian Gen. Qassem Soleimani, an act that prompted Iran’s leaders to vow revenge.
The two leaders of the Senate intelligence committee issued a joint letter on Wednesday warning Tehran and other governments hostile to the US that attempts to deceive Americans or disrupt the election will not be tolerated.
“There will be consequences to interfering in the American democratic process,” wrote the committee’s chairman, Democratic Sen. Mark Warner of Virginia, along with Republican Sen. Marco Rubio of Florida, the vice chairman.
In 2021, federal authorities charged two Iranian nationals with attempting to interfere with the election the year before. As part of the plot, the men wrote emails claiming to be members of the far-right Proud Boys in which they threatened Democratic voters with violence.
Last month, Director of National Intelligence Avril Haines said the Iranian government had covertly supported American protests against Israel’s war against Hamas in Gaza. Groups linked to Iran’s government also posed as online activists, encouraged campus protests and provided financial support to some protest groups, Haines said.
Recent reports from Microsoft and Recorded Future have also linked Iran’s government to networks of fake news websites and social media accounts posing as Americans. The networks were discovered before they gained much influence and analysts say they may have been created ahead of time, to be activated in the weeks immediately before the election.
The final weeks before an election may be the most dangerous when it comes to foreign efforts to impact voting. That’s when voters pay the most attention to politics and when false claims about candidates or voting can do the most damage.
So-called ‘hack-and-leak’ attacks like the one reported by Trump’s campaign involve a hacker obtaining sensitive information from a private network and then releasing it, either to select individuals, the news media or to the public. Such attacks not only expose confidential information but can also raise questions about cybersecurity and the vulnerability of critical networks and systems.
Especially concerning for elections, authorities say, would be an attack targeting a state or local election office that reveals sensitive information or disables election operations. Such an incursion could undermine trust in voting, even if the information exposed is worthless. Experts refer to this last possibility as a “perception hack,” when hackers steal information not because of its value, but because they want to flaunt their capabilities while spreading fear and confusion among their adversaries.
“That can actually be more of a threat — the spectacle, the marketing this gives foreign adversaries — than the actual hack,” said Gavin Wilde, a senior fellow at the Carnegie Endowment for International Peace and former National Security Council analyst who specializes in cyber threats.
In 2016, Russian hackers infiltrated Hillary Clinton’s campaign emails, ultimately obtaining and releasing some of the campaign’s most protected information in a hack-and-leak that upended the campaign in its final weeks.
Recent advances in artificial intelligence have made it easier than ever to create and spread disinformation, including lifelike video and audio allowing hackers to impersonate someone and gain access to their organization’s systems. Nevertheless, the alleged hack of the Trump campaign reportedly involved much simpler techniques: someone gained access to an email account that lacked sufficient security protections.
While people and organizations can take steps to minimize their vulnerability to hacks, nothing can eliminate the risk entirely, Wilde said, or completely reduce the likelihood that foreign adversaries will mount attacks on campaigns.
“The tax we pay for being a digital society is that these hacks and leaks are unavoidable,” he said. “Whether you’re a business, a campaign or a government.”