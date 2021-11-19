That’s one of several clear takeaways from sanctions and indictments leveled yesterday against two Iranian hackers for attempted interference in the 2020 election.
Iran has been a major U.S. cyber opponent since at least 2011, when it launched a barrage of attacks against financial institutions that overwhelmed their websites with Internet traffic until they couldn't operate.
The election
But that was child’s play compared to the 2020 election interference operation, which melded traditional hacking with information operations aimed at intimidating voters and sowing discord among the U.S. electorate, as Devlin Barrett reports. U.S. officials uncovered and revealed many of the Iranian actions before the election.
Here’s a rundown of allegations in the indictment:
- The hackers penetrated a voter database in at least one state, downloading information about 100,000 people.
- They attempted to crack into the computer systems of a company that provides content management systems to newspaper websites to spread disinformation after the election. They were foiled because the FBI had alerted the company, which raised its defenses.
- They sent emails threatening physical attacks against thousands of mostly Democratic voters if they didn’t change their party affiliation and vote for President Donald Trump. The emails claimed to be from the Proud Boys, a far-right group with a history of violence.
- They sent Facebook messages and emails to Republican lawmakers, Trump campaign officials and members of the media claiming Democrats were planning to commit election fraud.
There’s no clear indication that the indicted hackers Seyyed Kazemi and Sajjad Kashian were working directly for the Iranian government. But they worked for an Iran-based company called Emennet Pasargad that is known to have provided services to the Iranian government, U.S. officials said.
The operation marked a leveling up for Iranian hackers, who had focused on attacking regional adversaries in recent years.
“Many of us were surprised to see such a bold and aggressive action from Iran,” Mandiant Vice President of Analysis John Hultquist said.
Uh-oh
More sophisticated attacks could be coming.
Iran’s cyber operations against regional adversaries could be a testing ground for attacks against U.S. targets, warned Adam Meyers, vice president of intelligence at the cybersecurity firm CrowdStrike. Cyber analysts have similarly warned that Russia's increasingly brazen hacks against Ukraine could signal the sort of attacks that might come during a heated U.S.-Russia conflict.
“What Iran is doing against the [United Arab Emirates] and the Saudis and other regional targets, that’s what they could bring to bear against the U.S.,” Meyers said.
Here are three other big takeaways from the indictments:
1. The perception of election interference can be as damaging as the reality.
The Iranian disinformation schemes played on anxieties and false narratives that were already coursing through the electorate.
The message to Republicans echoed baseless claims Trump had already voiced — that Democrats were prepping to steal the election. The message to Democrats was that thuggish Trump supporters were trying to bully their way to victory.
The good news: U.S. officials uncovered and investigated the disinformation campaign and attributed it to Iran in record time.
But the operation helped contribute to an outsize perception of the vulnerability of elections that is still being exploited by Trump and his supporters.
Matt Masterson, who was a top election security adviser to the Cybersecurity and Infrastructure Security Agency during the election:
2. The line between government, private sector and criminal hackers is getting increasingly hazy.
While Kazemi and Kashian weren’t working directly for Tehran, their actions were certainly aligned with the government’s interest in degrading faith in U.S. democratic processes and damaging Trump, who bolted the U.S.-Iran nuclear deal and ordered a strike that killed the Iranian military commander Maj. Gen. Qasem Soleimani.
There’s a similarly blurry line among Russian hackers between those who work directly for the government and those in companies and criminal networks that aid the Kremlin when called upon. North Korean government-backed hackers routinely engage in criminal activity to help fund government operations.
3. Don’t expect a break from election interference anytime soon.
The U.S. government has now delivered sanctions and indictments for Russia’s interference in the 2016 election and for Iran’s interference in 2020. But none of the responsible parties from either of those nations has seen the inside of a U.S. courtroom.
The U.S. cyber response has been restrained. What’s publicly known about that effort has centered on what officials call “active defense” — essentially disrupting adversaries by knocking them offline and removing access to their hacking tools.
The result: Adversaries face little disincentive from interfering in future elections.
Iran’s incentive to interfere in 2024 will be especially high if Trump is again the Republican nominee.
“If he’s running again, I’m sure they’ll see that as not good for Iran and potentially use tools to stop that from happening,” Meyers said.
Banks have to report major hacks within 36 hours starting in May
These are the first new rules requiring critical companies to report hacks within a certain time frame since the Transportation Security Administration ordered pipeline owners and operators to report hacks within 12 hours. They were announced by the Federal Reserve System’s Board of Governors, the Federal Deposit Insurance Corporation and the Office of the Comptroller of the Currency.
Hacking alerts are hot right now: The move comes as lawmakers are working on legislation that would impose similar cyber reporting requirements across a broad swath of critical industries including transportation, energy and agriculture.
Under the new regulations, banks will have to tell regulators when they experience a significant “computer-security incident.” The rules add on to other requirements that banks tell regulators about unauthorized access or use of customer information as soon as possible. The regulations have been in the works for nearly a year.
Banks have some of the most advanced security controls of any industry, but they’re also an especially ripe target for hackers. North Korea’s hackers are the “world’s leading 21st century nation-state bank robbers,” according to the Justice Department. Ransomware groups have also hit banks hard this year.
Israeli defense minister’s house cleaner offered to help an Iran-linked group hack his boss
Israeli officials accused the house cleaner Omri Goren of offering to help the Black Shadow hacking group compromise Defense Minister Benny Gantz, the Times of Israel’s Judah Ari Gross reports. He has been charged with espionage, which carries a 10- to 15-year prison sentence.
Goren reached out to “a figure affiliated with Iran and offered to help him in different ways, in light of his access to the minister’s home,” according to Israel’s domestic security agency, also known as the Shin Bet.
Goren was arrested before he could harm Israel’s national security, the Shin Bet said. And Goren “was not exposed to any security-related materials” when he worked for Gantz, Goren lawyer Gal Wolf told Gross.
The charges raise big questions about the security screening process for the inner circles of top Israeli officials.
The Shin Bet is looking into how it conducts background checks on people who come into contact with senior officials, Gross reports. Before working for Gantz, Goren was convicted of crimes including bank robbery, Gross reports. The charges “indicated that he was acting out of financial considerations, allegedly telling the group that he would ‘transfer information from the house to [Black Shadow] in exchange for a sum of money,’ ” Gross writes.
Gantz has long been targeted by hackers. In 2019, Israeli officials reportedly told Gantz that Iranian hackers breached his cellphone. He was running for prime minister at the time.
The fight over potential Trump-Russia computer links has intensified in court
Russia's Alfa Bank is suing unknown hackers who it says fabricated Internet data to “create the false appearance of a covert communication channel" between it and the Trump Organization, Devlin Barrett reports.
The allegation emerged at the end of the 2016 presidential campaign and was used to argue there might be nefarious links between the Trump campaign and the Kremlin. Several experts dismissed the idea that the internet traffic indicated anything. Alfa Bank’s lawsuit targets “John Does” who the bank says fabricated data to “create the false appearance of a covert communication channel."
The bank has tried to subpoena researchers who raised concerns about the records as part of the lawsuit. But lawyers for some of those researchers have shot back, saying the subpoenas are a ploy to help the bank gather insight into a separate investigation that special counsel John Durham is conducting into the origins of the FBI’s Russia investigation.
The lawsuit “is a Trojan horse to monitor what is transpiring before a federal grand jury exploring the same matters, and serves as an information-gathering tool about U.S. cybersecurity methods and means to benefit the Russian political regime,” attorneys for two researchers told a Florida judge.
Dunham's been focusing on the Alfa Bank issue for some time. A grand jury in September indicted cybersecurity lawyer Michael Sussmann, who alerted the FBI about the seeming communications. Sussmann is accused of having “lied about the capacity in which he was providing the allegations to the FBI.” According to the indictment, Sussmann told the FBI that he wasn’t representing a client in the matter when he was actually working for Hillary Clinton’s presidential campaign. Sussmann has pleaded not guilty.
