Oct 22, 2020

Analysis | The Cybersecurity 202: Iran’s alleged voter intimidation scheme shows what 2020 election interference looks like


Joseph Marks

The emails claimed to have voters’ addresses and other personal information and threatened, “You will vote for Trump on Election Day or we will come after you.” It was sent to voters in Florida, Alaska, Pennsylvania and Arizona and affected voters using Gmail, Yahoo and Comcast accounts. 

In some cases, the emails linked to a video showing Trump — who has repeatedly claimed without evidence that mail-in voting during the pandemic will lead to widespread fraud — making disparaging comments about mail ballots and documenting what was made to look like someone producing a fraudulent ballot. 

In fact, the voter information included in the emails is publicly available or can be purchased. And there’s no evidence Iran obtained any secret voter information, though the scheme did appear to exploit a vulnerability in the Proud Boys’ online network, which was recently dropped by its hosting company, making it far easier to penetrate. 

The scheme demonstrates the ease with which adversaries can inject false narratives into the U.S. electorate and undermine voters’ faith in the democratic process without actually doing anything that makes voting less secure

“These actions are desperate attempts by desperate adversaries,” Director of National Intelligence John Ratcliffe, said during the news conference. “Even if the adversaries pursue further attempts to intimidate or attempt to undermine voter confidence, know that our election systems are resilient and you can be confident your votes are secure. ”

More such attacks could be coming before Election Day. 

Russia has also obtained voter registration data that it could use to create a false impression of breached election systems, Ratcliffe said during the news conference. 

Ratcliffe gave no indication of whether Russia obtained the same data as Iran or if officials had wind of any plans, but Russian intelligence agencies are generally considered to be far savvier at hacking and influence operations than their Iranian counterparts.  

Authorities have also detected holes in some state and local election websites, which they’ve instructed them to patch, my colleagues reported. 

And just because the alleged first effort by Iran was uncovered doesn’t mean there won’t be subsequent actions. 

“This is absolutely something to be concerned about,” John Scott-Railton, a senior researcher at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs and Public Policy, told my colleagues. “This is what election interference looks like.” 

The effort also comes at a tense electoral and political moment.

There are less than two weeks to go before Election Day and 33 million early and absentee votes have already been cast. 

Trump and Joe Biden are scheduled to appear in their final debate tonight where the legitimacy of the election is likely to once again be a point of contention. Trump has repeatedly attacked the election's potential validity, though his criticism has been based on phony claims about mail ballot fraud rather than foreign interference. 

Ratcliffe, meanwhile, portrayed the alleged Iranian effort as a shoddy operation that was easily uncovered and would have little effect so long as Americans are fully informed about it. 

“Rest assured that we are prepared for the possibility of actions by those hostile to democracy," he said. "The great women and men of the intelligence community caught this activity immediately, and our colleagues at FBI and DHS acted swiftly in response to this threat. We are standing before you now to give you the confidence that we are on top of this and providing you with the most powerful weapon we have to combat these efforts: the truth.”

Such disinformation efforts have proved far more difficult to combat than election hacking. 

For one thing, large swaths of voter information are public, making it easy to con people into believing a breach has happened when it hasn’t.

Here are details from voting security expert and Georgetown University Professor Matt Blaze:

And from Maurice Turner, senior adviser at the Election Assistance Commission:

Adversary nations can also launch such operations with little risk that the hackers will face criminal charges in the United States or other consequences. 

Clint Watts, a distinguished research fellow at the Foreign Policy Research Institute who tracks Russian influence operations:

Indeed, evidence so far suggests the purported Iranian operators weren’t very good at their tradecraft, which helped intelligence officials unravel the plot so quickly. 

More from Scott-Railton:

About 90 percent of the roughly 25,000 emails to Gmail users were stopped by spam filters, CNN's Donie O'Sullivan reports:

Social media companies have also struggled to blunt the force of disinformation without getting into the dangerous territory of restricting speech on their platforms.

As a result, researchers have already uncovered numerous disinformation operations this election cycle linked to both Russia and China.  

The fight against election hacking, meanwhile, is in full force. 

For the past several months, American military cyber-operators have been targeting Russian spies, trying to knock them off the Internet and reduce their access to hacking tools, Ellen and Craig report. The effort mirrors an operation that prevented the notorious Russian troll farm, the Internet Research Agency, from accessing its tools during the 2018 midterms. 

States and localities have also made major progress on securing their election systems against manipulation since 2016, spurred by more than $1 billion in funding from Congress. Those reforms have included a network of Department of Homeland Security hacking sensors affixed to election systems, as well as shifting to more secure voting options that include paper ballots and allowing for post-election audits. 

The keys

Online fraudsters are using the election to profit, Facebook says. 

The scammers are using fake accounts and posts about the election to amplify clickbait websites and scammy e-commerce sites, a new Facebook report finds, Reuterss Jack Stubbs reports

The activity is financially, not politically, motivated like some of the other inauthentic behavior stopped by Facebook in recent months. But the similar appearance of the two kinds of operations can alarm users, says Nathaniel Gleicher, Facebook’s head of cybersecurity policy.

“I want people to be aware of the full range of deception that is happening out there,” Gleicher said. “One of the ongoing challenges is people so often and so regularly mistake a financially motivated scheme to sell T-shirts as an influence operation coming from a foreign government.” 

Trump administration officials are raising alarms about Chinese cyberthreats.

National security adviser Robert C. OBrien blasted China yesterday for allegedly hacking coronavirus vaccine research facilities, Reuterss Tim Hepher reports.

“The [Chinese Communist Party] is seeking dominance in all domains and sectors (and) plans to monopolize every industry that matters to the 21st century, he said at an Atlantic Future Forum event. 

John Demers, the assistant attorney general for national security, also condemned China, pointing to recent allegations that Chinese hackers targeted researchers in Europe and the United States developing coronavirus vaccines.

The country “has become a safe haven for cybercriminals as long as they’re also doing work on behalf of the state, Demers said in an interview with CyberScoop.

Lawmakers are raising concerns about Justice Department changes they say could interfere with the election.

A dozen mostly Democratic members of the Senate Judiciary and Rules committees are demanding an explanation for the Justice Departments decision to ease constraints on election-related investigations close to Election Day. The changes could create “the obvious risk of chilling legitimate voting and campaign activities, they charged in a letter to Corey Amundson, the departments chief of public integrity.

The group is led by Sen. Amy Klobuchar (Minn.), the top Democrat on the Rules Committee.

The change would allow DOJ to announce fraud allegations during the short period remaining before Election Day under certain circumstances. The move comes as Trump has frequently pushed unsupported claims that mail-in voting will lead to rampant fraud some of which were backed by Attorney General William P. Barr

“It is deeply troubling that the Department has chosen to weaken its non-interference policy weeks before Election Day and while millions of Americans have already voted, many of them by mail,” the senators wrote.

The lawmakers asked Amundson which officials were involved in the decision-making process and how the department plans to ensure the rule change wont disturb mail-in ballot counting.

Global cyberspace

A German cybersecurity consultant accused of being a Russian asset met with U.S. cybersecurity officials last year. 

The Department of Homeland Security officials and corporate executives from Amazon and Microsoft who met with Hans-Wilhelm Dünn seemed unaware that he had been accused by German counterintelligence of working with Russian spies on influence operations, Michael Weiss and Pierre Vaux report for the Daily Beast.  

Dunns meetings with DHS officials and corporate executives coincided with his alleged work with Russias spy service, the Daily Beast reports. Dunn also met with top cybersecurity officials in France, Israel and the United Kingdom and visited critical infrastructure sites in the United States including centers run by the North American Electric Reliability Corp. and the California Public Utilities Commission. 

More cybersecurity news:


  • The USC Election Cybersecurity Initiative will host a final workshop on the lessons from the workshops it has hosted in 50 states leading up to the election on Oct. 28 at 1:30 p.m.
  • The Cybersecurity Coalition and the Cyber Threat Alliance will host CyberNextDC on Nov. 17-18, starting at 11 a.m.

Secure log off

Dolly Parton brings Stephen Colbert to tears.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Latest Post Published

From The Desk of Fernando Guzmán Cavero.

 Dear friends :  Unfortunately Some Themes, Pages and other features are not working fine in an appropriate manner with quite a few mistakes...