Iranian hackers steal voter registration data from one US state and attempt to hack nine others
- DHS’s Cybersecurity and Infrastructure Security Agency (CISA) briefed Friday
- They told election officials in a phone call about the Iranians’ efforts
- In late September the Iranians probed 10 states’ election sites looking to enter
- In one unnamed state they managed to access voter registration data
- Jerome Roebuck of CISA said the Iranians exploited a ‘website misconfiguration’
- On October 21 officials announced Iran had sent emails to Democrat voters
- Both the emails and the hack mark a significant increase in Iranian skill
Iranian hackers have attacked election-related websites of ten states and managed to obtain voter registration data in one, the Department of Homeland Security confirmed.
In a briefing on Friday, Jermaine Roebuck, an official at DHS’s Cybersecurity and Infrastructure Security Agency (CISA) detailed the Iranian efforts in a phone briefing to election officials.
He said the Iranians took advantage of a ‘website misconfiguration’ to hack into the state site.
‘We have confirmed that in at least one state the threat actor did obtain [access] to a voter registration database by abusing a website misconfiguration,’ said Roebuck, according to CyberScoop.com.
‘We are aware of the specific states that were targeted in this activity and we’re actively coordinating with those states currently to ensure proper remediation.’
Iranian hackers have targeted election data from 10 states, successful in one
Iranian hackers are believed to have significantly increased their cyberhacking efforts
The CISA confirmed Roebuck’s assessment, writing on their website in an update posted on Friday: ‘evaluation by CISA and the FBI has identified the targeting of U.S. state election websites was an intentional effort to influence and interfere with the 2020 U.S. presidential election.’
Jerome Roebuck (pictured) spoke to election officials on Friday to alert them of the CISA’s findings and to urge vigilance
Roebuck said the Iranians acted between September 20 and September 28.
‘We weren’t able to attribute all of this activity to the same threat actor,’ Roebuck said, but the IP addresses, IP ranges, virtual private network exit nodes, and other technical data bore similarities.
On October 21 American officials accused Iran of being behind a flurry of emails sent to Democratic voters in multiple battleground states that appeared to be aimed at intimidating them into voting for President Donald Trump.
U.S. officials said then that attackers had accessed some voter information, but they did not say how.
There is no evidence that any of the activity has affected voting procedures, and U.S. officials stressed that the integrity of the vote is protected.
On October 25, CISA tweeted: ‘ICYMI: Iranian cyber actors are creating fictitious media sites and spoofing legitimate media sights in likely attempt to influence and interfere in the U.S. election.’
Iranians have moved into territory more normally associated with Russia, experts believe
CISA and the FBI used the briefing on Friday to encourage state and local officials to harden their IT systems days before election day.
‘We know that activity is out there, we know the steps’ you can take to address it, said Matt Masterson, a CISA senior adviser, according to the site.
CISA recommended election officials keep a careful eye on their sites, use multi-factor authentication, strong password requirements and account lockout policies ‘to defend against brute-force attacks’.
Such direct attempts to sway public opinion are more commonly associated with Moscow, which conducted a covert social media campaign in 2016 aimed at sowing discord and is again interfering this year, but the idea that Iran could be responsible suggested that those tactics have been adopted by other nations, too.
‘These actions are desperate attempts by desperate adversaries,’ said John Ratcliffe, the government’s national intelligence director, on October 21.
Ratcliffe, along with FBI Director Chris Wray, insisted the U.S. would impose costs on foreign countries that interfere in the U.S. election and that the integrity of the vote remains sound.
‘You should be confident that your vote counts,’ Wray said.
‘Early, unverified claims to the contrary should be viewed with a healthy dose of skepticism.’
It would not be the first time that the Trump administration has said Tehran is working against the president.
An intelligence assessment in August said: ‘Iran seeks to undermine U.S. democratic institutions, President Trump, and to divide the country in advance of the 2020 elections.’
It said the country would probably continue to focus on ‘spreading disinformation on social media and recirculating anti-U.S. content.’
Officials are emphasizing that the integrity of the election has not been compromised
Alireza Miryousefi, a spokesman for Iran’s mission to the United Nations, denied Tehran’s involvement.
‘Unlike the U.S., Iran does not interfere in other country’s elections,’ Miryousefi wrote on Twitter.
‘The world has been witnessing U.S.′ own desperate public attempts to question the outcome of its own elections at the highest level.’
While state-backed Russian hackers are known to have infiltrated U.S. election infrastructure in 2016, there has until now been no evidence that Iran has ever done so.
The operation represented something of a departure in cyber-ops for Iran, which sought for the first time on record to undermine voter confidence. Iran’s previous operations have been mostly propaganda and espionage.
Federal officials have long warned about the possibility of this type of operation, as such registration lists are not difficult to obtain.
‘These emails are meant to intimidate and undermine American voters’ confidence in our elections,’ Christopher Krebs, the top election security official at the Department of Homeland Security, tweeted on October 20, night after reports of the emails first surfaced.