Iran flag depicted on the screen with the program code showing Iranian hackers election interference

Iranian Hackers Indicted Over 2020 US Election Interference; Used Confidential Voter Information To Send Targeted Misinformation and Threats

Two Iranian hackers have been indicted in New York for election interference in the 2020 US presidential campaign, charged with stealing information from state voter rolls to personally target thousands of individual voters as well as members of Congress and campaign staffers.

Among its other dirty tricks, the band of hackers represented themselves as members of the Proud Boys fringe right wing organization and contacted Republican politicians with fake information about voter fraud. They also staged a fake video purporting to show someone hacking into the voting system used to process absentee ballots from members of the military and US citizens who live overseas, and targeted Democratic voters with threatening messages.

Iranian hackers played both sides of the fence, looked to undermine voter confidence

A statement from the US Department of Justice reveals that the two Iranian hackers, Seyyed Mohammad Hosein Musa Kazemi and Sajjad Kashian, are nationals who work for a company called Eeleyanet Gostar that has been linked to the Iranian government as a cyber services consultant.

The pair are charged with a broad campaign of election interference that incorporated numerous different elements of threat and disinformation, but the central element that ties it all together is an attack on state voter registration systems. The Iranian hackers are accused of surveilling 11 state voter websites in September and October in 2020. They appear to have found one that had a misconfigured database, allowing them to download the voter registration information of at least 100,000 residents. The state that was compromised has not been named, nor the specific website that was hacked, but the Wall Street Journal reported at the time that it was Alaska.

The duo of Iranian hackers then made use of this information for a series of targeted attacks aimed at sowing discord and undermining confidence for election interference purposes. The first element, taking place in October 2020, was the targeting of a broad variety of Republican politicians with disinformation about voter fraud. The Iranian hackers purported to be “Proud Boys volunteers” and messaged the targets via email and Facebook, claiming that Democrats were plotting to use a vulnerability in state election websites to register fraudulent voters or edit mail-in ballots to change votes. The group even produced a fake video to support this narrative, which appeared to show someone hacking into the Federal Voting Assistance Program (FVAP) website (used to process the mail-in votes of military members stationed overseas and citizens that live outside the country).

Later in October, the Iranian hackers targeted Democrat voters directly using information gleaned from the breached state website. Again posing as Proud Boys, they sent threatening emails to registered Democrats attempting to intimidate them into changing their registration and voting for incumbent Donald Trump.

The Iranian hackers made one more attempt at election interference in November 2020, when they tried to use stolen credentials to access an unnamed media company’s internal network. The media company had apparently been notified of the credential theft by the FBI at that point, however, and the duo was unsuccessful at logging in.

The two face multiple charges: conspiracy to commit computer fraud, intimidation of voters, and transmission of interstate threats. All of these charges are felonies that carry sentences of one to five years in prison. However, the pair are believed to be in Iran and extremely unlikely to be extradited unless they are very unwise in the countries they choose to travel to. Hoping to spur at least some activity, the Department of State has offered a reward of $10 million for information about the Iranian hackers’ activities.

For the moment, the Department of the Treasury Office of Foreign Assets Control (OFAC) is also levying sanctions on the company that the two contracted for. The FBI’s Cyber Division remains on the case.

Election interference prompts harsh penalties, but enforcement an issue

This was not the first attempt at election interference by Iranian hackers. While Russia tends to steal the headlines in this area, multiple foreign nations made various attempts to sway the 2020 election. Iranian groups thought to be state-backed had previously been caught out disseminating “fake news” articles aimed at voters.

According to John Hultquist, Vice President of Intelligence Analysis at Mandiant: “The indictment indicates that actors attempted to leverage access to a legitimate media company to push their narrative. This is in line with pro-Iran and Iranian campaigns we have observed designed to impersonate and leverage access to media. These actors have published letters and blog posts in legitimate media outlets, created personas claiming to be from legitimate news outlets, and we have seen evidence that they may have successfully compromised a news website.”

The two Iranian hackers that were indicted were not directly linked to Iran’s state-backed threat actors, but centering their election interference campaign on making Republicans look bad tracks with the Iranian government’s general preference for a Democrat president. Iran sees this as a lower likelihood of the administration adopting a hardline stance that moves toward regime change. The hackers appeared to be playing both sides against each other, however, with the central aim likely being to generally undermine the political process in the eyes of all Americans.

Iranian #hackers charged with a broad campaign of #electioninterference that incorporated threat and #disinformation, and an attack on state voter registration systems. #cybersecurity #respectdataClick to Tweet

Other regular players in the election interference game include China, Cuba and Venezuela. Each has their own preferences based on presumed foreign policy choices. The source is almost irrelevant for law enforcement purposes, however, as the operatives are likely embedded in their home country safe from extradition and prosecution.