FBI says it is investigating Donald Trump campaign hack

Washington is investigating a suspected Iranian hack-and-leak operation amid fears Tehran plans to interfere in the US presidential election including another attempt to assassinate Trump.

Dustin Volz and Alexander Ward

5 min read

8:02AMAugust 13, 2024

Dow Jones

Trump’s team blames Iran for illegally obtaining campaign documents to ‘sow chaos’

The Federal Bureau of Investigation said Monday it was investigating a cyberattack into the Trump campaign that stole internal communications.

The announcement is the first sign that the U.S. government has launched a probe into a suspected Iranian hack-and-leak operation amid mounting fears of Tehran’s desire to interfere in the U.S. presidential election.

It is unclear what could result from the FBI probe, and the bureau declined to comment further. The U.S. government hasn’t said publicly whether Iran was involved, as the Trump campaign has alleged.

Iran has quickly emerged as the chief election security concern within the U.S. government. Just last month, U.S. intelligence officials told media reporters that Russia was the “pre-eminent threat” to the November vote and viewed Iran as a lesser concern seeking solely to generate discord.

But weeks later, they shared that their assessment on Iran had changed: Tehran wasn’t just hoping to spread chaos, they said, but aiming to harm Donald Trump’s candidacy, as it haphazardly sought to do four years ago. Iran was also attempting to directly engage Americans in its influence operations and even provide funding to support Gaza protests on college campuses, officials said, while relying on “vast webs of online personas and propaganda mills to spread disinformation.”

Trump has 'many battlefronts' to 'fight' on

Now, the threat posed by Tehran appears even more severe, though lacking in much sophistication. On Saturday, the Trump campaign said it had been hacked by “foreign sources hostile to the United States” in a breach the campaign linked to Iran. An anonymous source that called itself “Robert” had shared apparently stolen internal Trump campaign files with reporters at several media organisations, hoping to see the material published.

The White House was unaware of the hack-and-leak campaign, first learning of it from Politico’s Saturday report which detailed the breach, two administration officials said. The Biden administration still hasn’t made a formal determination of responsibility. The White House isn’t always immediately informed when intelligence or law-enforcement investigations into such matters begin.

News of the hack and the attempt to launder the purloined goods through reporters – if confirmed to be the handiwork of hackers tied to Iran – is the latest sign of the U.S. adversary’s deep and committed interest in meddling in the 2024 election, former officials and security experts said. It came just a day after Microsoft published threat research detailing a litany of efforts by Iran to target the election, including attempts to hack into an unnamed presidential campaign beginning in June by a group connected to Iran’s Islamic Revolutionary Guard Corps. The Trump campaign pointed to that research to bolster its case for blaming Iran.

Clint Watts, general manager of the Microsoft Threat Analysis Center, said cyber groups connected to Iran had in recent weeks expanded its election influence efforts on several fronts. The tactics observed included launching covert news sites driven by artificial intelligence to target voters and separate efforts to prepare to incite violence against political figures and cast doubt on the integrity of the election.

“First, they’ve laid the groundwork for influence campaigns on trending election-related topics and begun to activate these campaigns in an apparent effort to stir up controversy or sway voters – especially in swing states,” Watts said in a blog post. “Second, they’ve launched operations that Microsoft assesses are designed to gain intelligence on political campaigns and help enable them to influence the elections in the future.”

Influence of foreign actors on US election at its ‘peak’

In an election season already rocked by an assassination attempt against Trump and President Biden’s late decision not to seek re-election, Iran has added to the list of surprises by becoming the most active and serious foreign adversary trying to disrupt the contest. In addition to the cyber-enabled election influence operations, Iran was connected to another plot to assassinate Trump, according to federal prosecutors and other officials. U.S. officials have also previously renewed security protection of former Secretary of State Mike Pompeo – and other officials – because of fears Iran could try to kill him following his role in the assassination of Iran’s Qassem Soleimani.

The Kremlin is still widely seen as more adept at covert propaganda than Tehran, and possesses more resources and technological expertise. Russia was committed to waging a “whole-of-government” influence campaign on the election, U.S. intelligence officials said in their July media briefings, motivated to again try to push voters against supporting the Democratic Party and to favour Trump. The Kremlin’s calculus hinges chiefly on a view that Democrats would continue to resolutely support Ukraine, intelligence officials said.

But so far, Iran has demonstrated the most eagerness to disrupt the election, despite being mired in regional confrontations that could ignite a broader war in the Middle East.

“The regime is already trying to assassinate Trump and former senior members of his administration, so I don’t think anyone should be surprised it would hack the campaign to try to influence the election,” said Rich Goldberg, a former Trump National Security Council official now at Foundation for Defence of Democracies, a Washington think tank.

Sean Savett, a spokesman for the National Security Council, deferred comment on the matter to the Justice Department, but added: “The Biden-Harris Administration strongly condemns any foreign government or entity who attempts to interfere in our electoral process or seeks to undermine confidence in our democratic institutions.” The Trump campaign didn’t return a request for comment about how Iran gained access to its materials or if the Republican nominee’s team informed law enforcement. Trump, meanwhile, has personally tapped Iran as the culprit, posting on Truth Social over the weekend that “one of our many websites was hacked by the Iranian Government – Never a nice thing to do!” The up-ended expectations are reminiscent of the 2020 election, when U.S. intelligence officials viewed Russia as the most serious foreign threat, based on its success in 2016 and a number of warning signs that hackers have been targeting campaigns and American political groups.

But in the final weeks of that campaign, officials expressed private surprise that Moscow, by some measures, had been relatively quiet, while Iran had stepped up its interference ambitions instead. Its actions were so concerning it prompted top intelligence officials to deliver an unprecedented public warning at the height of the election cycle that Iran was behind a series of threatening emails sent to intimidate American voters.

Cybersecurity experts and former U.S. officials said Iran was attempting now to essentially re-create the successes of Russia’s 2016 interference operations, albeit crudely.

“Hack-and-leak is the white whale of influence operations,” said Thomas Rid, a disinformation expert and professor of strategic studies at Johns Hopkins University, explaining that they can be highly effective, dominate news cycles and be hard to counteract.

But Rid cautioned against giving the Iranians too much credit. “The Iranian surfacing attempt was old school – trying to trick a journalist into covering a seeded story – but it was also incompetent,” he said.

Iranian hackers have become the masters of what are known as spear-phishing campaigns. These are targeted cyberattacks, typically conducted via email or a messaging app, designed to trick the victim into divulging their online credentials. “They’re pretty sophisticated and they’re very persistent,” said Steven Adair, president of the cybersecurity firm Volexity.

The hackers will pretend to be someone they aren’t – a professor or a journalist, for example – and engage in email correspondence that can last for months. Then comes the spear-phish: often it will be a shared document that asks the victim to log into a fake phishing site designed to look like Microsoft’s or Google’s.

“You’ve just emailed with someone for two months or several weeks, so your guard is a little down,” Adair said. Once they gain access to online accounts, the Iranian hackers typically steal their victims’ data, Adair said, but he has never seen them attempt to leak the information afterward.

Dow Jones