Democracy Dies in Darkness

Suspected Iranian hacks are latest round of U.S. election interference

National security officials and researchers noted a rise in “troublesome” Iranian influence operations designed to meddle in the U.S. presidential race.

8 min
Iran's leader, Ayatollah Ali Khamenei, delivers a speech in July 28. (AFP/Getty Images)

As recently as last month, U.S. intelligence officials warned that Iran aimed to stoke societal discord and undermine former president Donald Trump’s bid to regain the White House, a reprise of its online interference four years ago. Now the 2024 effort appears to have begun, with suspected hacking attempts targeting the Republican and Democratic presidential campaigns. But intelligence officials and disinformation experts remain unsure of Iran’s precise plans.

The FBI is investigating suspected hacking by Iran targeting Trump associate Roger Stone as well as advisers to the Biden-Harris campaign that used spear-phishing emails — attempts to gain access to a target’s communications by posing as a legitimate sender. That could have given intruders access to a vetting document prepared for the campaign on Sen. JD Vance (R-Ohio), Trump’s running mate, that was sent to news organizations by an individual identifying himself only as “Robert.”

In an email with a Washington Post reporter, that person suggested his access to Trump campaign documents was distinct from the Iranian hacking effort; federal law enforcement officials are trying to determine if the two events are connected.

The Trump campaign has suggested Iranian hackers leaked its documents to media organizations, but no proof has emerged. The campaign concluded that hackers had taken several documents, including some involving financial issues, said people familiar with the matter who spoke on the condition of anonymity to discuss a sensitive matter. But none were believed to be “hugely sensitive,” one of the people said.

The Harris campaign appears unaffected. In July, when President Joe Biden was the presumptive nominee, the FBI notified its legal and security teams that it was “targeted by a foreign actor influence operation. We have robust cybersecurity measures in place, and are not aware of any security breaches of our systems resulting from those efforts. We remain in communication with appropriate law enforcement authorities,” a campaign official said.

A spokesperson for Iran’s permanent Mission to the United Nations said the government “neither possesses nor harbors any intent or motive to interfere in the United States presidential election.”

About all that’s known of the Iranian efforts to date is that they reflect the ambitions that U.S. intelligence officials say Tehran has long held to undermine the American public’s confidence in elections and exacerbate political polarization.

“We shouldn’t be surprised at all that the Iranians are trying to influence the electoral process. This is something they’ve done since ’18, ’20, ’22,” former National Security Agency director Paul Nakasone said. “I would characterize this as troublesome, but I wouldn’t say this is particularly audacious.”

“Iran has maintained a steady, high attention to stopping the Trump campaign” through cyber and other efforts, one former senior U.S. intelligence officer who monitored foreign influence operations said.

“That’s very much how they approach regional elections [or] Israel — and not just in cyber, but in all domains,” the former official said, speaking on the condition of anonymity because he was not authorized by his private-sector employer to speak on the record. “They maintain these influence campaigns across decades.”

Researchers at Microsoft’s Threat Analysis Center, which this month reported on the Iranian targeting of a U.S. political campaign, noted that Iran has “significantly increased” its malicious cyber activity in the last 90 days. That level of activity mirrors the rise in Iranian cyber activity ahead of the 2020 presidential election, they said in an email.

“Unlike Russia, Iranian activity starts later in the election cycle and focuses much more on creating chaos than it does on shaping the outcome of the vote,” they said.

At a minimum, the suspected Iranian hack has demonstrated that Trump, who lambasted Democrats in 2016 for poor computer security that led to a massive leak of internal emails by Russian operatives, may have laid bare his own poor cyber hygiene.

“They want to embarrass the Trump campaign and Trump and prevent him from winning,” said Christopher Krebs, the former director of the U.S. Cybersecurity and Infrastructure Security Agency. “More broadly, they are trying to damage [the United States’] reputation globally and cause internal strife domestically.”

Some experts urged caution and said the extent of Iranian malicious political activity at present deserves to be punished, not feared.

“No foreign nation should believe they can try to influence our nation and not pay a price for it,” said Nakasone, who’s also the founding director of the Vanderbilt Institute for National Defense and Global Security.

For their part, Trump campaign officials didn’t appear especially troubled by the potential compromise of their communications. They’ve been told that in recent months, other countries were also trying to infiltrate their emails, one adviser said. “Our people actually believe the Iranians are the least sophisticated of the bunch.”

Researchers have found clues of potential future Iranian influence operations.

In its recent report, Microsoft spotlighted four websites, which the company said were covertly run by Iran, masquerading as legitimate news outlets that published articles on controversial subjects including the presidential election, LGBTQ+ rights and the Israeli military campaign in Gaza.

The articles appear crafted to cater to different political persuasions and preferences, said Patrick Warren, a professor and disinformation expert at Clemson University who has studied nation-state attempts to influence political discourse online. Some of them include themes that are likely to appeal to political liberals, while others have a conservative bent. Paradoxically, one even published an opinion piece praising the assassination of a top Hamas official in Tehran, allegedly by Israel, an operation that the government of Iran has condemned and threatened to avenge.

Warren and his research partner, Darren Linvill, said the sites’ operators may be attempting to create legitimate-looking news outlets for a future disinformation effort. In the past, governments have used similar sites to publish false accusations and then circulate them through social media, spreading the misleading stories to a broader audience.

One of the sites Microsoft identified, called Savannah Time, claims to be a “a platform for conservative voices” based in the coastal Georgia city and published an opinion piece critical of the Republican convention allegedly written by Adam Kinzinger, a former GOP congressman and prominent Trump opponent.

The text of the piece appears nowhere else online, and Warren and Linvill said it was almost certainly generated using artificial intelligence. In a text message, Kinzinger said he had not written the article and had never seen it.

The same site purports to have published articles by Michael Barone, a well-known conservative author and journalist and a senior political analyst for the Washington Examiner. The site also contains several supposed interviews with Barone on current events. In an email, Barone said he had not heard of Savannah Time and had never given the publication an interview.

AI may have given the Iranians a boost in creating sites that look and read like authentic news outlets. “Compared to Iran’s past efforts at creating influence accounts and sites, these sites seem much more authentic,” Warren said.

A recent post on Even Politics, a website that security researchers have previously identified as run by Iran, ridicules a high-dollar fundraiser that Trump held over the weekend in Aspen, Colo. The snarky piece, which the Clemson researchers said was written with AI, evinces a command of English vernacular and slang as well as an understanding of political tropes. It even takes digs at Trump’s “golden toilet” and “reddish-orange face” makeup.

Even Politics is so up-to-date that it posted an article on the suspected theft of the Vance vetting document, taking some liberties with the facts. “According to the big brains over at Microsoft, it seems an Iranian hacking group … went full-on Mr. Robot and spear-phished their way into the email account of a ‘high-ranking official’ in the Trump campaign,” the article states, alluding to the popular television show about an expert computer hacker. (Microsoft never identified the hacking target.)

Messages sent to the websites via their contact forms, requesting comment, were not returned.

The Clemson researchers said there is little evidence that many people are reading the suspected Iran-run sites or circulating the articles in social media.

“It is possible that they are still in the reputation-establishing stage, so they can later use these sites to post the hacked content with or without alterations,” Warren said.

Tyler Pager contributed to this report.