Iranian Hackers Target Trump Campaign in 2024 Election Interference Attempt

Suspected Iranian hacks are latest round of U.S. election interference

As recently as last month, U.S. intelligence officials warned that Iran aimed to stoke societal discord and undermine former president Donald Trump's bid to regain the White House, a reprise of its online interference four years ago. Now the 2024 effort appears to have begun, with suspected hacking attempts targeting the Republican and Democratic presidential campaigns. But intelligence officials and disinformation experts remain unsure of Iran's precise plans. The FBI is investigating suspected hacking by Iran targeting Trump associate Roger Stone as well as advisers to the Biden-Harris campaign that used spear-phishing emails -- attempts to gain access to a target's communications by posing as a legitimate sender. That could have given intruders access to a vetting document prepared for the campaign on Sen. JD Vance (R-Ohio), Trump's running mate, that was sent to news organizations by an individual identifying himself only as "Robert." In an email with a Washington Post reporter, that person suggested his access to Trump campaign documents was distinct from the Iranian hacking effort; federal law enforcement officials are trying to determine if the two events are connected. The Trump campaign has suggested Iranian hackers leaked campaign documents to media organizations, but no proof of that has emerged. The campaign concluded that hackers had taken several documents, including some involving financial issues, said people familiar with the matter who spoke on the condition of anonymity to discuss a sensitive matter. But none were believed to be "hugely sensitive," one of the people said. The Harris campaign appears unaffected. In July, when President Joe Biden was the presumptive nominee, the FBI notified its legal and security teams that it was "targeted by a foreign actor influence operation. We have robust cybersecurity measures in place, and are not aware of any security breaches of our systems resulting from those efforts. We remain in communication with appropriate law enforcement authorities," a campaign official said. A spokesperson for Iran's permanent Mission to the United Nations said the government "neither possesses nor harbors any intent or motive to interfere in the United States presidential election." About all that's known of the Iranian efforts to date is that they reflect the ambitions that U.S. intelligence officials say Tehran has long held to undermine the American public's confidence in elections and exacerbate political polarization. "We shouldn't be surprised at all that the Iranians are trying to influence the electoral process. This is something they've done since '18, '20, '22," former National Security Agency director Paul Nakasone said. "I would characterize this as troublesome, but I wouldn't say this is particularly audacious." "Iran has maintained a steady, high attention to stopping the Trump campaign" through cyber and other efforts, one former senior U.S. intelligence officer who monitored foreign influence operations said. "That's very much how they approach regional elections [or] Israel -- and not just in cyber, but in all domains," the former official said, speaking on the condition of anonymity because he was not authorized by his private-sector employer to speak on the record. "They maintain these influence campaigns across decades." Researchers at Microsoft's Threat Analysis Center, which this month reported on the Iranian targeting of a U.S. political campaign, noted that Iran has "significantly increased" its malicious cyber activity in the last 90 days. That level of activity mirrors the rise in Iranian cyber activity ahead of the 2020 presidential election, they said in an email. "Unlike Russia, Iranian activity starts later in the election cycle and focuses much more on creating chaos than it does on shaping the outcome of the vote," they said. At a minimum, the suspected Iranian hack has demonstrated that Trump, who lambasted Democrats in 2016 for poor computer security that led to a massive leak of internal emails by Russian operatives, may have laid bare his own poor cyber hygiene. "They want to embarrass the Trump campaign and Trump and prevent him from winning," said Christopher Krebs, the former director of the U.S. Cybersecurity and Infrastructure Security Agency. "More broadly, they are trying to damage [the United States'] reputation globally and cause internal strife domestically." Some experts urged caution and said the extent of Iranian malicious political activity at present deserves to be punished, not feared. "No foreign nation should believe they can try to influence our nation and not pay a price for it," said Nakasone, who's also the founding director of the Vanderbilt Institute for National Defense and Global Security. For their part, Trump campaign officials didn't appear especially troubled by the potential compromise of their communications. They've been told that in recent months, other countries were also trying to infiltrate their emails, one adviser said. "Our people actually believe the Iranians are the least sophisticated of the bunch." Researchers have found clues of potential future Iranian influence operations. In its recent report, Microsoft spotlighted four websites, which the company said were covertly run by Iran, masquerading as legitimate news outlets that published articles on controversial subjects including the presidential election, LGBTQ+ rights and the Israeli military campaign in Gaza. The articles appear crafted to cater to different political persuasions and preferences, said Patrick Warren, a professor and disinformation expert at Clemson University who has studied nation-state attempts to influence political discourse online. Some of them include themes that are likely to appeal to political liberals, while others have a conservative bent. Paradoxically, one even published an opinion piece praising the assassination of a top Hamas official in Tehran, allegedly by Israel, an operation that the government of Iran has condemned and threatened to avenge. Warren and his research partner, Darren Linvill, said the sites' operators may be attempting to create legitimate-looking news outlets for a future disinformation effort. In the past, governments have used similar sites to publish false accusations and then circulate them through social media, spreading the misleading stories to a broader audience. One of the sites Microsoft identified, called Savannah Time, claims to be a "a platform for conservative voices" based in the coastal Georgia city and published an opinion piece critical of the Republican convention allegedly written by Adam Kinzinger, a former GOP congressman and prominent Trump opponent. The text of the piece appears nowhere else online, and Warren and Linvill said it was almost certainly generated using artificial intelligence. In a text message, Kinzinger said he had not written the article and had never seen it. The same site purports to have published articles by Michael Barone, a well-known conservative author and journalist and a senior political analyst for the Washington Examiner. The site also contains several supposed interviews with Barone on current events. In an email, Barone said he had not heard of Savannah Time and had never given the publication an interview. AI may have given the Iranians a boost in creating sites that look and read like authentic news outlets. "Compared to Iran's past efforts at creating influence accounts and sites, these sites seem much more authentic," Warren said. A recent post on Even Politics, a website that security researchers have previously identified as run by Iran, ridicules a high-dollar fundraiser that Trump held over the weekend in Aspen, Colo. The snarky piece, which the Clemson researchers said was written with AI, evinces a command of English vernacular and slang as well as an understanding of political tropes. It even takes digs at Trump's "golden toilet" and "reddish-orange face" makeup. Even Politics is so up-to-date that it posted an article on the suspected theft of the Vance vetting document, taking some liberties with the facts. "According to the big brains over at Microsoft, it seems an Iranian hacking group ... went full-on Mr. Robot and spear-phished their way into the email account of a 'high-ranking official' in the Trump campaign," the article states, alluding to the popular television show about an expert computer hacker. (Microsoft never identified the hacking target.) Messages sent to the websites via their contact forms, requesting comment, were not returned. The Clemson researchers said there is little evidence that many people are reading the suspected Iran-run sites or circulating the articles in social media. "It is possible that they are still in the reputation-establishing stage, so they can later use these sites to post the hacked content with or without alterations," Warren said. Tyler Pager contributed to this report.

News outlets were sent leaked Trump campaign files. They chose not to publish them

Former President Donald Trump stands onstage with Republican vice presidential candidate, Sen. J.D. Vance during a July 20 campaign rally in Grand Rapids, Michigan. In the hours after President Joe Biden's historic decision to step aside from the 2024 presidential race last month, journalists across three major US newsrooms began receiving emails from an anonymous person claiming to have tantalizing new information about the election. The individual, who identified themself only as "Robert," sent a trove of private documents from inside Donald Trump's campaign operation to journalists at Politico, The New York Times and The Washington Post. Beginning on July 22, Politico reported, it began receiving emails from an AOL email address that contained internal communications from a senior Trump campaign official and a research dossier the campaign had put together on Trump's running mate, Ohio Sen. JD Vance. The dossier included what the Trump campaign identified as Vance's potential vulnerabilities. Politico was also sent portions of a research document about Florida Sen. Marco Rubio, who had been among the contenders to join Trump on the GOP ticket. The Times and The Post later reported that they, too, had been sent a similar cache, including a 271-page document on Vance dated Feb. 23 and labeled "privileged & confidential," that the outlets said was based on publicly available information. But despite receiving the sensitive campaign files, the three outlets opted to not publish reporting on the trove they'd been handed, even as the the person suggested they still had a variety of additional documents "from [Trump's] legal and court documents to internal campaign discussions." "Politico editors made a judgment, based on the circumstances as our journalists understood them at the time, that the questions surrounding the origins of the documents and how they came to our attention were more newsworthy than the material that was in those documents," Politico spokesperson Brad Dayspring told CNN in a statement. Instead, the first public sign of any release of private information came Saturday, when the Trump campaign went public with its announcement that it had been hacked, pointing the finger at Iranian operatives. "These documents were obtained illegally from foreign sources hostile to the United States, intended to interfere with the 2024 election and sow chaos throughout our Democratic process," Trump campaign spokesperson Steven Cheung said. On Monday, CNN reported that the FBI and other investigators were probing the apparent security breach, which sources said involved compromising the personal email account of longtime Republican and Trump operative Roger Stone. Iran has denied the allegations, and the US government has declined to officially blame Tehran for the hack, a source told CNN, adding that the hackers' techniques closely resembled those used by Iranian operatives. But while the hacking incident, which occurred in June, set off a scramble in the Trump campaign, the FBI and Microsoft, the three news organizations that had received the files held off on publishing information from the trove. The decision marked a reversal from the 2016 election, when news outlets breathlessly reported embarrassing and damaging stories about Hillary Clinton's campaign after Russian hackers stole a cache of emails from the Democratic National Committee, publishing them on the website Wikileaks. The decision underscored the challenge news organizations face when presented with information potentially obtained by nefarious means and the shifting publishing standards of newsrooms in the wake of the 2016 election, during which Russian disinformation efforts we seen as playing a key role in Trump's victory. In the run up to the 2020 election, newsrooms were presented with another conundrum when the contents of Hunter Biden's laptop were shopped to news organizations, with most refusing to publish its contents over fears of a possible Russian disinformation effort. Video Ad Feedback FBI investigating apparent hacking of Trump campaign 04:09 - Source: CNN "As with any information we receive, we take into account the authenticity of the materials, any motives of the source and assess the public interest in making decisions about what, if anything, to publish," a Washington Post spokesperson told CNN on Tuesday. A New York Times spokesperson declined to comment, saying that the newspaper doesn't discuss editorial decisions about ongoing coverage. Trump on Tuesday downplayed the significance of the hack, calling the materials "boring information." "I've been briefed, and a lot of people think it was Iran, probably was," Trump said in an interview with Univision. "I think it's pretty boring information, and we know pretty much what it is, it's, it's not very important information." During the 2016 campaign, then-presidential hopeful Trump publicly encouraged the hack and release of embarrassing emails about Clinton, which emerged shortly after a videotape showing Trump bragging about sexually assaulting women was unearthed. "Russia, if you're listening, I hope you're able to find the 30,000 emails that are missing, I think you will probably be rewarded mightily by our press," Trump said at a July 2016 news conference. "WikiLeaks, I love WikiLeaks," he later told rallygoers. The website, founded in 2006 by Julian Assange to facilitate the anonymous leaking of secrets, had previously published tens of thousands of classified documents relating to the Afghanistan war and military documents from the Iraq War. While Trump embraced the release of hacked files to embarrass his opponent, some believe the press went too far in its eager coverage of WikiLeaks' releases. "News organizations should proceed with caution when dealing with hacked documents. As long as they're verified and newsworthy, then they're fair game, but motive is an important part of the story, too," Dan Kennedy, a journalism professor at Northeastern University, told CNN. "In 2016, too many news outlets ran with stories about the Democratic National Committee's emails without questioning why WikiLeaks, which had ties to the Russian government, had hacked them in the first place." Jane Kirtley, a professor of media ethics and law at the University of Minnesota, said that news organizations must always vet documents and "make every effort to ensure they are what they purport to be," an increasingly difficult task with the rise of sophisticated manipulation tools, including artificial intelligence. "From an ethical perspective, journalists should ask: who benefits from this disclosure? The role of the media is to act independently in this situation," Kirtley told CNN. "Again, the journalists' loyalty should be to the public, not one political party or candidate." Still, some criticized the decision by news outlets to withhold publication on the files as hypocritical after reporting in 2016 on the DNC emails obtained by Russian hackers, even as it remained unclear if some materials could still be published. "Seriously the double standard here is incredible. For all the yapping on interviews, it would be great for people making these decisions to be accountable to the public," Neera Tenden, a domestic policy adviser to President Biden, wrote Tuesday on X. "Do they now admit they were wrong in 2016 or is the rule hacked materials are only used when it hurts Dems? There's no in between." While it remains unclear who "Robert" is, news organizations appear to be showing the lessons learned over the last decade, offering a more cautious approach to hacking and state-run influence operations. "This episode probably reflects that news organizations aren't going to snap at any hack that comes in and is marked as 'exclusive' or 'inside dope' and publish it for the sake of publishing," Washington Post executive editor Matt Murray told the newspaper. Instead, "all of the news organizations in this case took a deep breath and paused, and thought about who was likely to be leaking the documents, what the motives of the hacker might have been, and whether this was truly newsworthy or not."