Iranian hackers who sent threatening emails to thousands of US voters earlier this month successfully obtained voter registration data, US officials said Friday.
The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued a joint statement on the breach, saying an Iranian actor was targeting US state websites, including election sites.
The hackers gained access to voter data in at least one state, the statement said, without identifying the state. A video sent out with the emails included personal information about voters in Alaska, Reuters reported.
The hackers scanned other state websites for vulnerabilities, and not all of the activities observed by security officials could be attributed to the same Iranian actor, the statement said.
The information obtained in the hack was used in the propaganda video the assailants sent to US voters.
The emails, addressed to Democratic voters in multiple battleground states, threatened them to support US President Donald Trump and his Republican party.
A senior US official reportedly said that security personnel were able to quickly identify the hackers due to a “dumb mistake” in the video that betrayed their origin.
“We are not concerned about this activity being some kind of false flag due to other supporting evidence. This was Iran,” the official told Reuters.
The hack underscored the concern within the US government about efforts by foreign countries to spread false information meant to suppress voter turnout and undermine American confidence in the vote.
The emails appeared to have been sent by a right-wing US militia group, the Proud Boys, but US Director of National Intelligence John Ratcliffe said Iran was behind them. Trump stirred controversy in his first debate with his Democratic opponent, Joe Biden, by equivocating on whether he condemns the Proud Boys.
The voter intimidation operation apparently used email addresses obtained from state voter registration lists, which include party affiliation and home addresses and can include email addresses and phone numbers. The senders claimed they would know which candidate the recipient was voting for in the November 3 election, for which early voting is ongoing.
Ratcliffe described the attack at the time as “desperate attempts by desperate adversaries.”
Ratcliffe and FBI Director Chris Wray said the US would impose costs on any foreign countries that interfere in the 2020 US election and that the integrity of the election was still sound.
Following the revelation, the US Treasury slapped fresh sanctions on five Iranian entities for what it called “brazen attempts” to interfere with the US election, without giving details on what the Iranians had done.
It is not certain that the Iranian government was behind the email campaign, which could have been carried out by other actors from the country. The Iranian government denied involvement.
Ratcliffe said the spoofed emails were intended to hurt Trump, though he did not elaborate on how. An intelligence assessment released in August said: “Iran seeks to undermine US democratic institutions, President Trump, and to divide the country in advance of the 2020 elections. Iran’s efforts along these lines probably will focus on online influence, such as spreading disinformation on social media and recirculating anti-US content.”
Both Russia and Iran had previously obtained voter registration information, though such data is considered easily, publicly accessible. It wasn’t immediately clear what additional data Iran had obtained in the breach revealed on Friday.
The activities attributed to Iran would mark a significant escalation for a nation that some cybersecurity experts regard as a second-rate player in online espionage, with the announcement coming as most public discussion surrounding election interference centered on Russia, which hacked Democratic emails during the 2016 election, and China, a Trump administration adversary.