Skip to main content

Analysis | The Cybersecurity 202: Iran’s alleged voter intimidation scheme shows what 2020 election interference looks like


Joseph Marks

The emails claimed to have voters’ addresses and other personal information and threatened, “You will vote for Trump on Election Day or we will come after you.” It was sent to voters in Florida, Alaska, Pennsylvania and Arizona and affected voters using Gmail, Yahoo and Comcast accounts. 

In some cases, the emails linked to a video showing Trump — who has repeatedly claimed without evidence that mail-in voting during the pandemic will lead to widespread fraud — making disparaging comments about mail ballots and documenting what was made to look like someone producing a fraudulent ballot. 

In fact, the voter information included in the emails is publicly available or can be purchased. And there’s no evidence Iran obtained any secret voter information, though the scheme did appear to exploit a vulnerability in the Proud Boys’ online network, which was recently dropped by its hosting company, making it far easier to penetrate. 

The scheme demonstrates the ease with which adversaries can inject false narratives into the U.S. electorate and undermine voters’ faith in the democratic process without actually doing anything that makes voting less secure

“These actions are desperate attempts by desperate adversaries,” Director of National Intelligence John Ratcliffe, said during the news conference. “Even if the adversaries pursue further attempts to intimidate or attempt to undermine voter confidence, know that our election systems are resilient and you can be confident your votes are secure. ”

More such attacks could be coming before Election Day. 

Russia has also obtained voter registration data that it could use to create a false impression of breached election systems, Ratcliffe said during the news conference. 

Ratcliffe gave no indication of whether Russia obtained the same data as Iran or if officials had wind of any plans, but Russian intelligence agencies are generally considered to be far savvier at hacking and influence operations than their Iranian counterparts.  

Authorities have also detected holes in some state and local election websites, which they’ve instructed them to patch, my colleagues reported. 

And just because the alleged first effort by Iran was uncovered doesn’t mean there won’t be subsequent actions. 

“This is absolutely something to be concerned about,” John Scott-Railton, a senior researcher at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs and Public Policy, told my colleagues. “This is what election interference looks like.” 

The effort also comes at a tense electoral and political moment.

There are less than two weeks to go before Election Day and 33 million early and absentee votes have already been cast. 

Trump and Joe Biden are scheduled to appear in their final debate tonight where the legitimacy of the election is likely to once again be a point of contention. Trump has repeatedly attacked the election's potential validity, though his criticism has been based on phony claims about mail ballot fraud rather than foreign interference. 

Ratcliffe, meanwhile, portrayed the alleged Iranian effort as a shoddy operation that was easily uncovered and would have little effect so long as Americans are fully informed about it. 

“Rest assured that we are prepared for the possibility of actions by those hostile to democracy," he said. "The great women and men of the intelligence community caught this activity immediately, and our colleagues at FBI and DHS acted swiftly in response to this threat. We are standing before you now to give you the confidence that we are on top of this and providing you with the most powerful weapon we have to combat these efforts: the truth.”

Such disinformation efforts have proved far more difficult to combat than election hacking. 

For one thing, large swaths of voter information are public, making it easy to con people into believing a breach has happened when it hasn’t.

Here are details from voting security expert and Georgetown University Professor Matt Blaze:

And from Maurice Turner, senior adviser at the Election Assistance Commission:

Adversary nations can also launch such operations with little risk that the hackers will face criminal charges in the United States or other consequences. 

Clint Watts, a distinguished research fellow at the Foreign Policy Research Institute who tracks Russian influence operations:

Indeed, evidence so far suggests the purported Iranian operators weren’t very good at their tradecraft, which helped intelligence officials unravel the plot so quickly. 

More from Scott-Railton:

About 90 percent of the roughly 25,000 emails to Gmail users were stopped by spam filters, CNN's Donie O'Sullivan reports:

Social media companies have also struggled to blunt the force of disinformation without getting into the dangerous territory of restricting speech on their platforms.

As a result, researchers have already uncovered numerous disinformation operations this election cycle linked to both Russia and China.  

The fight against election hacking, meanwhile, is in full force. 

For the past several months, American military cyber-operators have been targeting Russian spies, trying to knock them off the Internet and reduce their access to hacking tools, Ellen and Craig report. The effort mirrors an operation that prevented the notorious Russian troll farm, the Internet Research Agency, from accessing its tools during the 2018 midterms. 

States and localities have also made major progress on securing their election systems against manipulation since 2016, spurred by more than $1 billion in funding from Congress. Those reforms have included a network of Department of Homeland Security hacking sensors affixed to election systems, as well as shifting to more secure voting options that include paper ballots and allowing for post-election audits. 

The keys

Online fraudsters are using the election to profit, Facebook says. 

The scammers are using fake accounts and posts about the election to amplify clickbait websites and scammy e-commerce sites, a new Facebook report finds, Reuterss Jack Stubbs reports

The activity is financially, not politically, motivated like some of the other inauthentic behavior stopped by Facebook in recent months. But the similar appearance of the two kinds of operations can alarm users, says Nathaniel Gleicher, Facebook’s head of cybersecurity policy.

“I want people to be aware of the full range of deception that is happening out there,” Gleicher said. “One of the ongoing challenges is people so often and so regularly mistake a financially motivated scheme to sell T-shirts as an influence operation coming from a foreign government.” 

Trump administration officials are raising alarms about Chinese cyberthreats.

National security adviser Robert C. OBrien blasted China yesterday for allegedly hacking coronavirus vaccine research facilities, Reuterss Tim Hepher reports.

“The [Chinese Communist Party] is seeking dominance in all domains and sectors (and) plans to monopolize every industry that matters to the 21st century, he said at an Atlantic Future Forum event. 

John Demers, the assistant attorney general for national security, also condemned China, pointing to recent allegations that Chinese hackers targeted researchers in Europe and the United States developing coronavirus vaccines.

The country “has become a safe haven for cybercriminals as long as they’re also doing work on behalf of the state, Demers said in an interview with CyberScoop.

Lawmakers are raising concerns about Justice Department changes they say could interfere with the election.

A dozen mostly Democratic members of the Senate Judiciary and Rules committees are demanding an explanation for the Justice Departments decision to ease constraints on election-related investigations close to Election Day. The changes could create “the obvious risk of chilling legitimate voting and campaign activities, they charged in a letter to Corey Amundson, the departments chief of public integrity.

The group is led by Sen. Amy Klobuchar (Minn.), the top Democrat on the Rules Committee.

The change would allow DOJ to announce fraud allegations during the short period remaining before Election Day under certain circumstances. The move comes as Trump has frequently pushed unsupported claims that mail-in voting will lead to rampant fraud some of which were backed by Attorney General William P. Barr

“It is deeply troubling that the Department has chosen to weaken its non-interference policy weeks before Election Day and while millions of Americans have already voted, many of them by mail,” the senators wrote.

The lawmakers asked Amundson which officials were involved in the decision-making process and how the department plans to ensure the rule change wont disturb mail-in ballot counting.

Global cyberspace

A German cybersecurity consultant accused of being a Russian asset met with U.S. cybersecurity officials last year. 

The Department of Homeland Security officials and corporate executives from Amazon and Microsoft who met with Hans-Wilhelm Dünn seemed unaware that he had been accused by German counterintelligence of working with Russian spies on influence operations, Michael Weiss and Pierre Vaux report for the Daily Beast.  

Dunns meetings with DHS officials and corporate executives coincided with his alleged work with Russias spy service, the Daily Beast reports. Dunn also met with top cybersecurity officials in France, Israel and the United Kingdom and visited critical infrastructure sites in the United States including centers run by the North American Electric Reliability Corp. and the California Public Utilities Commission. 

More cybersecurity news:


  • The USC Election Cybersecurity Initiative will host a final workshop on the lessons from the workshops it has hosted in 50 states leading up to the election on Oct. 28 at 1:30 p.m.
  • The Cybersecurity Coalition and the Cyber Threat Alliance will host CyberNextDC on Nov. 17-18, starting at 11 a.m.

Secure log off

Dolly Parton brings Stephen Colbert to tears.


Popular posts from this blog

Analysis | The Cybersecurity 202: How the shutdown could make it harder for the government to retain cybersecurity talent

By Joseph Marks 13-17 minutes THE KEY President Trump delivers an address about border security amid a partial government shutdown on Jan. 8. (Carolyn Kaster/AP) The partial government shutdown that's now in its 18th day is putting key cyber policy priorities on hold and leaving vital operations to a bare bones staff. But the far greater long-term danger may be the blow to government cyber defenders' morale, former officials warn. With the prospect of better pay and greater job security in the private sector, more government cyber operators are likely to decamp to industry, those former officials tell me, and the smartest cybersecurity graduates will look to industry rather than government to hone their skills. That’s especially dangerous, they say, considering the government’s struggle to recruit and retain skilled workers amid a nationwide shortage of cybersecurity talent. About 20 percent of staffers are furloughed at the De

Democrats call for investigation into Trump’s iPhone use after a report that China is listening:Analysis | The Daily 202 I The Washington Post. By James Hohmann _________________________________________________________________________________ President Trump and Chinese President Xi Jinping visit the Great Hall of the People in Beijing last November. (Andrew Harnik/AP) With Breanne Deppisch and Joanie Greve THE BIG IDEA: If Democrats win the House in two weeks, it’s a safe bet that one of the oversight hearings they schedule for early next year would focus on President Trump’s use of unsecured cellphones. The matter would not likely be pursued with anywhere near the gusto that congressional Republicans investigated Hillary Clinton’s use of a private email server during her time as secretary of state. Leaders of the minority party have higher priorities . But Democratic lawmakers made clear Thursday morning that they will not ignore a New York Times report that Trump has refused to stop using iPhones in the White House, despite repeated warnings from U.S. intelligence offici

RTTNews: Morning Market Briefing.-Weekly Jobless Claims Edge Down To 444,000. May 13th 2010

Morning Market Briefing Thu May 13 09:01 2010   Commentary May 13, 2010 Stocks Poised For Lackluster Open Amid Mixed Market Sentiment - U.S. Commentary Stocks are on pace for a mixed start to Thursday's session, as a mostly upbeat jobs report continued to relieve the markets while some consternation regarding the European debt crisis remained on traders' minds. The major index futures are little changed, with the Dow futures down by 4 points. Full Article Economic News May 13, 2010 Weekly Jobless Claims Edge Down To 444,000 First-time claims for unemployment benefits showed another modest decrease in the week ended May 8th, according to a report released by the Labor Department on Thursday, although the number of claims exceeded estimates due to an upward revision to the previous week's data. Full Article May 13, 2010 Malaysia's Decade High Growth Triggers Policy Tightening Malaysia's economy grew at the fastest pace in a decade in