US intelligence agencies have identified Iran as the origin of the recent cyberattack on former President Donald Trump’s election campaign. Earlier this month, a report from Microsoft indicated that the Iranian Revolutionary Guard’s intelligence agency was behind the attack. Now the FBI and other security agencies have confirmed this.
Using an approach known as spear phishing, hackers sent personalized emails containing malware to campaign staff, allowing attackers to access and then share private information.
According to officials, both Republican and Democratic campaigns aimed to “sow discord and undermine trust in our democratic institutions.”
Déjà vu, right?
Javed Ali, a former senior counterterrorism official and professor at the University of Michigan, says Russia developed the blueprint for these types of attacks. Marketplace’s Meghan McCarty Carino asked him for his reaction to Iran adopting this strategy.
The following is an edited transcript of their conversation.
Javed Ali: Actually, that doesn’t surprise me at all. And if you look more closely at what Iran has tried to do against the US using various cyber tools and methods, that timeline goes back to the early 2010s. This is just the latest evolution of what they’ve already done in that time period.
Meghan McCarty Carino: In general, what benefit does a foreign actor have from a hack of this kind?
Ali: So I would say this is different from some of Iran’s previous attempts. It almost looks like a repeat of what Russia did to the United States in the mid-2010s, which the U.S. intelligence community largely didn’t understand until after all of these operations had taken place. So it seems to be a kind of classic attempt at a strategy that Russia and potentially other countries are using to influence our elections. The same cyber tools, spear phishing emails, hacking email accounts, sharing some of the information obtained in the hacks – that’s part of what Russia did in 2016, and it seems like Iran largely followed the same game plan.
McCarty Carino: And how similar was this situation in detail to the situation with Russia in 2016?
Ali: That’s exactly what Russia did very successfully in 2016. And again, the full scope and intent of this part of the Russian election interference operation wasn’t really clear to the U.S. intelligence community at the time. But then again, the Russians weren’t trying to hack into the (Republican National Committee) or get to people close to the Trump campaign team. They were trying to hack into the (Democratic National Committee) and the Democratic Party. So from a targeting perspective, this seems to be kind of a mirror image of that, even though the tools and methods were generally the same.
McCarty Carino: It appears that there may have been an attempt on the (Kamala) Harris campaign as well, which may have been unsuccessful. Is it clear if there is a preferred outcome regarding interference in this election?
Ali: Yes, that has come out in some media reports as well. Again, it’s difficult to get into the heads of the IRGC operators who are behind this and the supreme leader of Iran himself, who controls all these kinds of decisions in Iran. But it was also probably very opportunistic. They would launch these cyber campaigns or use these methods against both Harris and/or the DNC and Trump and/or the RNC and see how far they get. And even if you get caught doing that — and that’s clearly what happened in this case — there’s not really much the U.S. is going to do that it hasn’t already done to Iran. So the risk of getting caught is probably going to seem acceptable as well. But in terms of preference, I have to believe that if you try to figure out how the supreme leader sees the world, a Democratic administration for the next four years is better than a repeat of the Trump administration, because that’s when the maximum pressure campaign was launched against Iran. At that time, the US under President Trump launched a very controversial attack on arguably the second most powerful man in Iran, Qasem Soleimani, who was head of the IRGC’s Quds Force, its unconventional warfare wing, in January 2020. So Iran has a long memory of such attacks, and I think that’s why, in terms of its preferences for the supreme leader and other security officials in Iran, the country would rather deal with a democratic government than another Trump administration.
McCarty Carino: We have obviously seen some escalation of hostilities in the region. Do you think that increases the likelihood of further activities of this kind?
Ali: Yeah, that’s a really interesting question, and I’ve been thinking about it too. But I have to say again, this operation or campaign to influence the election in Iran was almost independent of the hostilities that have been going on between the U.S. and Iran for so many years. It seems to be very opportunistic and not overly concerned about getting caught, which they clearly are now. And it was probably just a matter of how deep you can get, how much information you can get, what — if any — impact it’s going to have on the perception of these two different candidates. But it doesn’t look like that’s the end. I have to assume that Iran will continue to try to investigate and do similar things, whether it’s trying to penetrate the DNC, the RNC, and the people around President Trump and Vice President Harris. So they’re not going to stop.
Another aspect that hasn’t been talked about as much is whether the Iranians are also thinking about election manipulation operations that actually aim to influence the electoral process. Now, the Russians have apparently been digitally monitoring at least some part of the digital election or infrastructure in every state in the country since 2016. But they’ve chosen not to manipulate any of it. Are the Iranians also thinking about doing something like that? Or have they also tried to plant malware like the Russians have done? Maybe they are, or maybe they just haven’t been caught or identified yet, but that would be another really interesting aspect of how Iran is thinking about the upcoming election.
McCarty Carino: As you noted, this operation is very similar to what we saw in 2016. Are you surprised that the campaign has not been tougher on it?
Ali: Well, you’re only as good as your last point of defense. What we’ve seen with some of these spear phishing operations is that even if you send a thousand emails with the same payload in an attachment or somewhere else, it only takes one person, and if that person clicks on that attachment and the payload is sent and impacts a device or a network, then you’re in. So I don’t think this necessarily indicates a major strategic failure by the RNC. But again, that’s the evil genius of these spear phishing campaigns. It only takes one person to drive an operation, and that’s apparently what happened in this case.
McCarty Carino: At a higher level, is there any possibility that the U.S. government could do more to prevent such cyberattacks in the future?
Ali: Well, the United States has used a number of policy instruments and tools against Iran, Russia, China, North Korea, Venezuela over the years. In my opinion, there is a sort of escalation ladder of actions that the United States can take in response to these operations that are either against the government or against private companies or even individuals, but I don’t think the United States has crossed some of those higher escalation thresholds yet. But there may be a day when folks are sitting in the White House Situation Room and, given the gravity and severity of a cyber operation directed against the United States, they would actually respond with military force to a cyberattack directed against us. What would that look like? Does it mean disrupting some of our critical infrastructure and causing actual, real-world impacts that cause loss of life or some kind of physical damage? That’s one of those thresholds that I don’t think we’ve crossed yet. That’s not to say that these adversaries haven’t perhaps already thought about carrying out these types of attacks against us. However, I believe there are things we have not done so far that we may be faced with in the future if such worst-case scenarios occur.
More information
Javed Ali mentioned that Iran has been behind such attacks for many years, and a new exclusive from CNN reveals some details of a cyberattack that targeted a close confidant of Trump’s former National Security Advisor John Bolton, who is known as a hawk on Iran policy.
In 2022, hackers reportedly broke into this person’s email account and sent a series of phishing messages asking people to review a sample of a book they were supposedly working on by clicking on a malicious link.
The attack was quickly discovered and reported to the FBI, but according to CNN, an official in Joe Biden’s administration was the target of a similar attack around the same time.
And while this all sounds a lot like the Russia-related events of 2016, as mentioned, the Associated Press points out one big difference this election cycle: Federal intelligence agencies have become much more open about the threat and released details to the public much sooner.