Why Iran is attacking the 2020 U.S. election

Pew finds 69% of Twitter's most prolific users are Democrats

Since the 2016 US presidential election, Russia has been recognized for its role in sowing disinformation and discord to bolster President Trump’s candidacy. While the US director for national security recently highlighted Russia’s ongoing attacks on this year’s elections, he also noted similar attempts by Iran.

The twist is that Iran’s efforts are aimed at bolstering former Vice President Joe Biden’s candidacy. While these attacks are nowhere near Russia’s level, they still raise questions about how Biden should react if he wins the election.

In a broader sense, Iran’s disinformation operation is another sign of the global rise of cyber warfare. Countries increasingly see such campaigns as a viable tool for influencing foreign governments that are vital to their security and economic interests.

“I think in this election we will see Iran come into play,” said Paul Prudhomme, cyberthreat intelligence advisor at IntSights. “I wonder if they will, so to speak, continue to take pages from the Russian playbook and become more aggressive. You can see that the Russians have probably had some success manipulating things to their advantage. So why shouldn’t they try to do the same? I think the long-term trend is escalating. “

Prudhomme recently wrote a report for IntSights examining Iran’s cyberattack efforts. New York City-based IntSights has developed a threat detection platform that uses artificial intelligence and machine learning to scour the deep and dark web for specific keywords to alert potential targets. In the case of elections, these attacks are targeted against governments and social media platforms, but also target companies that contain potentially valuable consumer data that could be linked to other voting data for more precise targeting.

In the latest report, Prudhomme found samples confirming that “Iran is one of the most likely state sponsors of cyberattacks that are set to affect the outcome of the 2020 US presidential election”.

Iran’s ardent support for Biden is not particularly surprising given that he was vice president when the Obama administration signed a nuclear deal with the country to lift many harsh economic sanctions. Trump threw this deal out the window, cutting Iran off from many trading partners and shaking its economy.

Biden has said he would try to resume diplomacy with Iran if he is elected and it seems the country is taking him at his word.

But Iran’s attacks could be the kind of electoral sway critics cite when calling for stricter sanctions and penalties against Russia. Trump has repeatedly ignored these calls and still insists that, despite the evidence from U.S. intelligence, Russia did nothing wrong.

If Biden wins, will he be told to punish Iran for meddling in a US election? How would that affect its ability to reach a diplomatic deal with the country? Prudhomme said Iran is willing to risk such a backlash because its economy is in such dire straits.

“I think Iran does not have the luxury of keeping hands clean in its current economic situation,” he said. “You have to feed your people. The economic situation is so bad that the possible side effects of a political backlash should probably be tolerated. “

Infiltrating elections

To understand the threat landscape, Prudhomme said he wanted to look beyond the two most talked about actors in cyberwarfare: Russia and China. The example of Russia in 2016 has apparently become a roadmap for others. So Prudhomme decided to focus on Iran to see how a smaller country could emulate such attacks. Iran was also a good subject because of its struggle with the Trump administration over sanctions.

“I wanted to get a slightly different perspective and see if governments other than Russia could be involved in such activities,” he said. “Iran appeared to be the leading candidate.”

In recent months, Prudhomme and others have found that Iran does indeed appear to be emulating Russia’s tactics. This includes attempting to hack into email accounts and release malicious information against perceived adversaries like the Trump administration. In the past, Iran has also used email phishing campaigns and malware to access email accounts.

Two months ago, Microsoft security researchers announced that the Iranian hacking group “Phosphorus” was continuing to attack the email accounts of people working on the Trump campaign. Phosphorus has been around for several years and Microsoft has fought a technical and legal battle to block the group.

Prudhomme said Iran appeared to be trying to follow the playbook Russia used when it hacked into Democratic National Committee email accounts and then published them via WikiLeaks in 2016. So far, it doesn’t seem like Iran has been successful.

But Prudhomme predicts Iran will also try to use a third party to make the leaks public, if it ever succeeds. He noted that in 2015, an Iran-backed Yemeni group hacked into email accounts in Saudi Arabia and posted malicious emails through WikiLeaks. Prudhomme said the attribution of the leak to the Yemeni group was cover for Iranian hackers.

One of the most notable incidents attributed to Iran in recent times involved thousands of intimidating emails sent to Democratic voters in Florida. The emails appeared to be from the white supremacist group of the Proud Boys and threatened recipients if they didn’t change their party registration and vote for Trump. Some emails contained a video from a hacker showing how voting information could be accessed.

It appears that Iranian hackers have managed to access Florida voter registration data and use it to target people.

“The desired effect was that the Trump campaign and its supporters look like violent thugs,” said Prudhomme.

Facebook separately confirmed that the groups involved in the coordinated email campaign were linked to accounts the social media giant had previously attempted to remove from its platform. Facebook banned an account that tried to share the video from these emails. In August 2018, Facebook, Twitter and Google closed hundreds of accounts for coordinated campaigns promoting Iranian propaganda.

Prudhomme said that fairly modest security measures – like two-factor authentication – could have prevented much of the tampering. Since these strategies also target basic human behavior, he recommends training employees in safety hygiene and reminding them to be vigilant if they are not opening lazy emails or clicking links sent from unknown accounts.

These and other security measures such as combating disinformation will be even more critical in the future. Prudhomme believes that a growing number of smaller countries are likely to invest in the resources necessary to wage cyber warfare against the electoral infrastructure.

“I would argue that this is going to be a trend,” he said. “All of these methods are now part of a clear repertoire that actors can use to try to manipulate a choice.”

You can’t solo the COVID-19 gaming security report: learn about the latest gaming attack trends. Access here