DCR Tech & Politics: U.S. government concludes Iran was behind threatening emails sent to Democrats.☕☕☕

Ayyyeee… What’s Goodie Everyone. So I got some tea and it involves the election and emails.

U.S. officials on Wednesday accused Iran of targeting American voters with faked but menacing emails and warned that both Iran and Russia had obtained voter data that could be used to endanger the upcoming election.

The disclosure by Director of National Intelligence John Ratcliffe at a news conference marked the first time this election cycle that a foreign adversary has been accused of targeting specific voters in a bid to undermine democratic confidence just four years after Russian online operations marred the 2016 presidential vote.

The emails claimed to be from a pro Trump group called the Proud Boys, but evidence had mounted that they in fact were the work of another, hidden actor. U.S. officials said that was Iran, a nation that increasingly has clashed with the president in recent years.

This claim that Iran was behind the email operation, which became news Tuesday as Democrats in several swing states reported receiving emails demanding that they vote for Trump, came without specific evidence, and other U.S. officials, speaking privately, stressed that Russia still remained the major threat to the 2020 election.

Ratcliffe accused Iran of using the data to send “spoofed emails designed to intimidate voters, incite social unrest and damage President Trump.”

The emails were engineered by someone working on the behalf of the Iranian government, according to a U.S. official who spoke on the condition of anonymity because of the matter’s sensitivity. The operation appeared to exploit a vulnerability in the Proud Boys’ online network.

The messages advised that the group was “in possession of all your information” and instructed voters to change their party registration and cast their ballots for Trump.
“You will vote for Trump on Election Day or we will come after you,” warned the emails, which by Tuesday night were said to have reached voters in as many as four states, three of them hotly contested swing states in the coming presidential election.

U.S. officials said privately that the operation was not sophisticated and was disclosed before it could have any major impact. Cybersecurity researchers said very little about the operation revealed a capacity for large scale deception.

Ratcliffe also confirmed that Iran was also distributing a video “that implies that individuals could cast fraudulent ballots, even from overseas.” The video, which was reviewed by The Washington Post, shows Trump making comments about mail in voting, followed by a logo with the name of the Proud Boys. It then documents what was made to appear as a hack of voting data in an effort to produce a fraudulent ballot. The video was also posted on a Twitter account that has since been suspended.

“This video, and any claims about such allegedly fraudulent ballots, are not true,” Ratcliffe said. “These actions are desperate attempts by desperate adversaries.”

Department of Homeland Security officials warned state and local election administrators on a call Wednesday that a foreign government was responsible for the online barrage, according to U.S. officials and state and local authorities who participated in the call. A DHS official also has said authorities had detected holes in state and local election websites and instructed those participating to patch their online services.

The domain enlisted for the misleading operation, officialproudboys.com, was recently dropped by a hosting company that uses Google Cloud services, according to Google Cloud spokesman Ted Ladd. Without a secure host, the domain stood vulnerable to exploitation, cybersecurity experts said. Voters using Comcast, Yahoo and Gmail accounts were affected.

A hosting service that previously carried the Proud Boys domain canceled the registration after Google Cloud notified the customer that a nonprofit group had raised concerns about the controversial organization, said Ladd, the Google Cloud spokesman. Following the action from the hosting service, the domain appears to have been left unsecured, allowing anyone on the Internet to take control of it and use it to send out the menacing messages, said Trevor Davis, CEO of CounterAction, a Washington based digital intelligence firm.

An Internet Protocol (IP) address associated with metadata in at least one email had previously been reported, pointing to its likely use in scam or phishing operations, said Cindy Otis, a former CIA analyst and vice president of analysis for Alethea Group, an organization combating online threats and misinformation.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s