With campaign hacks, Iran takes a page from Russia’s playbook
U.S. intelligence officials have identified Iran as the source of the recent cyberattack on former President Donald Trump’s election campaign. Earlier this month, a report from Microsoft pointed to the intelligence arm of Iran’s Islamic Revolutionary Guard Corps as the operator of the attack. Now the FBI and other security agencies have confirmed it.
Using an approach called spear-phishing, hackers sent personalized emails containing malware to campaign staff, enabling the attackers to access private information and then leak it.
Officials say both Republican and Democratic campaigns were targeted in an effort to “stoke discord and undermine confidence in our democratic institutions.”
Déjà vu, right?
Javed Ali, a former senior counterterrorism official and a professor of practice at the University of Michigan, says Russia created the blueprint for this kind of attack. Marketplace’s Meghan McCarty Carino asked him for his reaction to Iran adopting the strategy.
The following is an edited transcript of their conversation.
Javed Ali: I’m actually not surprised at all. And if you take a deeper look at what Iran has attempted to do against the United States using different cybertools and methods, that timeline stretches back to the early 2010s. This is just the latest evolution of what they’ve already been doing for that stretch of time.
Meghan McCarty Carino: In general, what does a foreign actor gain from a hack like this?
Ali: So, this is different, I would argue, than some of what Iran has attempted in the past. This looks almost like a replay of what Russia did to the United States in the mid-2010s that for the most part, the U.S. intelligence community didn’t really understand until after all those operations happened. So, this seems to be sort of a classic attempt at a strategy that we’ve seen Russia, and potentially other countries, use to try to influence our elections. The same cybertools, spear-phishing emails, hacks of email accounts, dumping of some of the information that’s obtained in the hacks, that’s part of what Russia did in 2016, and it just seems like Iran has followed the same playbook for the most part.
McCarty Carino: And how similar in detail was this to the situation with Russia in 2016?
Ali: This is exactly what Russia did in 2016 very successfully. And again, the U.S. intelligence community at the time didn’t really understand the full scope and intent of that strand of the Russian election influence operation. But on the flip side, the Russians weren’t trying to hack into the [Republican National Committee] or get to people close to the Trump campaign. They were trying to do it on the [Democratic National Committee] side and into the Democratic Party. So, this seems to be sort of a mirror image of that from the targeting perspective, even if the tools and the methods were generally the same.
McCarty Carino: It appears that there was potentially an attempt on the [Kamala] Harris campaign as well, perhaps unsuccessful. Is it clear whether there’s a favored outcome as far as interfering with this election?
Ali: Yeah, that has come out in some of the media reports as well. Again, it’s hard to get into the minds of the IRGC operators who are behind this and the supreme leader of Iran himself, who controls all of these types of decisions in Iran. But it was probably also very opportunistic. They would launch these cybercampaigns or use these methods against both the Harris and/or the DNC, and against Trump and/or the RNC, and see how far they can get. And even if your hands get caught in the cookie jar — and that clearly is what happened in this case — there isn’t really much that the U.S. is going to do that they haven’t already done to Iran. So, the risk of getting caught will probably seem to be acceptable as well. But in terms of preference, I would have to believe that if you’re trying to figure out how the supreme leader looks at the world, that having a Democratic administration in place for the next four years is better than a repeat of the Trump one because that’s when the maximum pressure campaign got launched against Iran. That’s when the U.S., under President Trump, initiated a very controversial strike against arguably the second-most-powerful person in Iran, Qasem Soleimani, who was the head of the IRGC Quds Force, their unconventional warfare wing, in January 2020. So, Iran has a long memory for that, and I think that’s why, in terms of preferences for the supreme leader and other security officials in Iran, they would prefer to deal with a Democratic administration than another Trump one.
McCarty Carino: We’ve obviously seen some escalation in hostilities in the region. Do you think that increases the likelihood at all of more activity of this sort?
Ali: Yeah, that’s a really interesting question, and I’ve thought about that too. But again, I would have to assess that this Iran election influence operation or campaign was almost independent of the hostilities that have been going on between the U.S. and Iran for so many years now. It seems to be very opportunistic, not overly concerned about getting caught, which they clearly have been now. And it was just probably a question of, how deep can you get, how much information can you get, what — if any — impact will there be on the perception of these two different candidates? But it doesn’t seem like this will be the end of it. I would have to assume that Iran will continue to try to probe and to do similar things, either to get inside the DNC, the RNC and the people around both President Trump and Vice President Harris. So, they’re not going to stop.
Another aspect of this that hasn’t been talked about as much is the question of, are the Iranians also thinking about election interference operations that would actually be designed to affect the process of voting? Now, the Russians, going back to 2016, apparently had done at least digital surveillance on some aspect of digital voting, or the infrastructure of digital voting, in every state in the country. What they chose not to do, though, was corrupt any of that. Are the Iranians also thinking about doing something like that? Or have they also tried to preposition malware the way the Russians did? Maybe they are or maybe they just haven’t been caught or identified yet, but that would be another really interesting aspect of how Iran is thinking about the elections going forward.
McCarty Carino: This operation, as you noted, seems so similar to what we saw in 2016. Are you surprised that the campaign wasn’t more hardened against it?
Ali: Well, you’re only as good as sort of your last point of defense. What we’ve seen from some of these spear-phishing-type operations, even if you launched a thousand emails with the same payload in an attachment or somewhere, all it takes is one person, and if they click on that attachment and the payload gets launched and it affects a device or a network, then you’re inside. So, I don’t think it necessarily points to some huge strategic failure of the RNC. But again, this is the evil genius of these spear-phishing campaigns. All it takes is one person to get an operation moving forward, and that’s apparently what happened in this case.
McCarty Carino: At a higher level, is there more that the U.S. government could do to deter these kinds of cyberattacks in the future?
Ali: Well, the U.S. has used a number of policy instruments and tools over the years against Iran, Russia, China, North Korea, Venezuela. In my mind, there’s sort of this escalatory ladder of things that the U.S. can do in response to these operations that get directed against either the government or private corporations or even individuals, but I don’t think the U.S. has crossed some of these higher-level escalatory thresholds yet. But there might be a day where people are sitting in the Situation Room in the White House and based on the gravity and severity of a cyberoperation directed against the United States, where we would actually respond with military force to a cyberattack that gets launched against us. What would that look like? Does it mean that some part of our critical infrastructure gets disrupted and leads to actual, real-world effects that cause the loss of life or some kind of physical damage? That’s one of those thresholds I don’t think we’ve crossed yet. That doesn’t mean any of these adversaries haven’t perhaps thought about using those kinds of attacks against us, but I do think there are things that we have not done yet that we may be confronted with in the future if these more kind of worst-case scenarios emerge.
Javed Ali mentioned that Iran has been behind these kinds of attacks for many years, and a new exclusive from CNN uncovers some details of a cyberattack that targeted a close associate of former Trump National Security Adviser John Bolton, a well-known hawk on Iran.
In 2022 hackers reportedly breached this individual’s email account and sent out a number of phishing messages asking people to review a sample of a book they claimed to be working on by clicking a malicious link.
The attack was quickly detected and reported to the FBI, but according to CNN, a Joe Biden administration official was targeted with a similar attack at around the same time.
And while, as we discussed, this does all sound a lot like what happened with Russia in 2016, The Associated Press points out one big difference in this election cycle: Federal intelligence agencies have been a lot more forthright about the threat, releasing details to the public much earlier.
Stories You Might Like
The future of this podcast starts with you.
Every day, the “Marketplace Tech” team demystifies the digital economy with stories that explore more than just Big Tech. We’re committed to covering topics that matter to you and the world around us, diving deep into how technology intersects with climate change, inequity, and disinformation.
As part of a nonprofit newsroom, we’re counting on listeners like you to keep this public service paywall-free and available to all.
Support “Marketplace Tech” in any amount today and become a partner in our mission.
