Critical Infrastructure Security , Cybercrime , Cyberwarfare / Nation-State Attacks
2 Iranians Charged With 2020 US Election InterferenceFeds Say Men Accused of Accessing Voter Data, Spreading Disinformation
The U.S. Department of Justice has indicted two Iranians for allegedly interfering in the 2020 U.S. elections.
The charges against Seyyed Mohammad Hosein Musa Kazemi, 24, and Sajjad Kashian, 27, include conspiracy to commit computer fraud and abuse, voter intimidation and transmission of interstate threats, which together carry a maximum sentence of 11 years in prison.
"Kazemi is additionally charged with one count of unauthorized computer intrusion, which carries a maximum sentence of five years in prison; and one count of computer fraud, namely, knowingly damaging a protected computer, which carries a maximum sentence of 10 years in prison," the DOJ statement says.
The suspects, according to the statement, are experienced, Iran-based "computer hackers" who have previously worked as contractors for the Iranian company Emennet Pasargad, which offered cybersecurity services to the Iranian government, including to the Guardian Council.
In September and October 2020, the two men attempted to compromise 11 state voter websites, including those that contained registration and voter information, according to the DOJ statement. They exploited misconfigured computers of a "particular" U.S. state and downloaded, without authorization, information of more than 100,000 state voters, it says.
In October 2020, the alleged criminals, posing as members of the group called "Proud Boys volunteers," used the exfiltrated data to send threatening emails to intimidate and interfere with voters, the statement says. They also created and disseminated a video containing disinformation about purported election infrastructure vulnerabilities and attempted to access, without authorization, several states’ voting-related websites.
The same month, Kazemi and Kashian allegedly sent Facebook messages and emails containing false election messages to Republican senators, Republican members of Congress, individuals associated with the presidential campaign of Donald Trump, White House advisers, and members of the media.
"The false election messages claimed that the Democratic Party was planning to exploit 'serious security vulnerabilities' in state voter registration websites to 'edit mail-in ballots or even register non-existent voters,'" the DOJ statement notes. "The messages were accompanied by a video carrying the Proud Boys logo, which purported, via simulated intrusions and the use of state voter data, to depict an individual hacking into state voter websites and using stolen voter information to create fraudulent absentee ballots through the Federal Voting Assistance Program for military and overseas voters."
The men also "successfully gained unauthorized access to a U.S. media company’s computer network, that if not for successful FBI and victim company efforts to mitigate, would have provided the conspirators another vehicle to disseminate false claims after the election," the DOJ states.
The unidentified American media company provides content management services for dozens of newspapers and other publications, according to a report in news outlet The Hill.
Kazemi's role was to compromise servers, send voters threat emails and compromise the media company's systems, while Kashian was expected to manage the infrastructure used to carry out the voter threat email campaign and purchase social media accounts to supplement the campaign, the statement says.
Sanctions Imposed, Arrest Unlikely
The U.S. Treasury Department's Office of Foreign Assets Control has imposed sanctions against the two men, cybersecurity company Emennet Pasargad and four "leaders" in the company, according to the DOJ statement.
"The Department of State’s Rewards for Justice Program is offering a reward of up to $10 million for information on or about Kazemi and Kashian’s activities," the DOJ states.
But a DOJ official told reporters that the two indicted men are still at large and presumed to be based in Iran. So it is unlikely they will be arrested and held accountable in a U.S. federal court, as the U.S does not have an extradition treaty with Iran, the official said, but their movements would likely be "restricted" and future opportunities curtailed due to the indictments.
This is a good reminder that Russia is not the only threat actor who poses a serious threat to the U.S. elections, says John Hultquist, vice president of intelligence analysis at cybersecurity firm Mandiant.
"Iran continues to innovate in this area, and they have already carried out some dynamic operations to manipulate audiences in the U.S. and elsewhere. Nonetheless, many of us were surprised to see such a bold and aggressive action from Iran," he tells Information Security Media Group.
The bad actors attempting to access a legitimate media company to push their narrative is in line with pro-Iran and Iranian campaigns Mandiant has observed, he says.
"These actors [actors involved in pro-Iran and Iranian campaigns] have published letters and blog posts in legitimate media outlets, created personas claiming to be from legitimate news outlets, and we have seen evidence that they may have successfully compromised a news website," Hultquist notes.
In April 2021, the Biden administration formally sanctioned Russia over the cyberespionage operation that targeted SolarWinds and its customers, including nine federal agencies, as well as the disinformation campaign tied to the 2020 U.S. elections (see: US Sanctions Russia Over SolarWinds Attack, Election Meddling).
Besides the sanctions against Vladimir Putin's government, the Biden administration is sanctioning more than 30 Russian companies and individuals accused of supplying tools, infrastructure and technologies for various cyber operations or participating in election-related disinformation campaigns (see: US Intelligence Reports: Russia, Iran Targeted 2020 Election).
In March, the U.S. Office of the Director of National Intelligence assessed that Supreme Leader Khamenei had authorized the campaign and Iran's military and intelligence services had implemented it, using overt and covert messages and cyber operations.
The ODNI previously reported that Russia and Iran had attempted to interfere in the 2020 presidential election via disinformation campaigns but that it had found no attempt by foreign hackers to directly manipulate vote tabulations or results.