WASHINGTON — Iran and Russia have both obtained American voter registration data, top national security officials announced late on Wednesday, providing the first concrete evidence that the two countries are stepping in to try to influence the presidential election as it enters its final two weeks.
Iran used the information to send threatening, faked emails to voters, said John Ratcliffe, the director of national intelligence, and Christopher A. Wray, the F.B.I. director, in an evening announcement from the bureau’s headquarters. Intelligence agencies had collected information that Iran planned to take more steps more steps to influence the vote, prompting the unusual timing of the briefing as an effort to deter Tehran.
There was no indication that any election result tallies were changed or that information about who is registered to vote was altered, either of which could affect the outcome of voting that has already begun across the country. The officials also did not make clear whether either nation hacked into voter registration systems.
The material obtained by Iran and Russia was mostly public, according to an intelligence official, and Iran was using it as an opposing political campaign might. Some voter information, including party registration, is publicly available, and voters’ names may have been merged with other identifying material like email addresses from other databases, according to intelligence officials, including some sold by criminal hacking networks on the “dark web.”
Still, the announcement that a foreign adversary, Iran, had tried to influence the election by sending intimidating emails was a stark warning. Some of the spoofed emails, sent to Democratic voters, purported to be from pro-Trump far-right groups, including the Proud Boys.
Until now, some officials had insisted that Russia remains the primary threat to the election. But the new information, both Republican and Democratic officials said, demonstrates that Iran is building upon Russian techniques and trying to demonstrate that it, too, is capable of being a force in the election.
Since August, intelligence officials have warned that Iran opposed President Trump’s re-election. They said Iran intended not to deter voters but to hurt Mr. Trump and mobilize support for Joseph R. Biden Jr., the Democratic nominee, by angering voters about the president’s apparent embrace of the Proud Boys in the first debate.
Keep up with Election 2020
“This data can be used by foreign actors to attempt to communicate false information to registered voters that they hope will cause confusion, sow chaos and undermine your confidence in American democracy,” Mr. Ratcliffe said.
Iran has been considering how to influence the election for months, according to intelligence officials. At one time, officials thought that Iran could try to interrupt oil markets or mount some sort of attack in the Middle East intended to hurt Mr. Trump. But Tehran pulled back from those plans, and Wednesday’s announcement showed that instead they were following a playbook closer to Russia’s, according to American officials.
Iran opposes Mr. Trump’s re-election because its leaders believe that under a Biden administration, they might be able to revive their nuclear deal reached in 2015 with six world powers and restart international investment.
The fact that Iran — which has stepped up its cyberabilities drastically over the past decade, after its nuclear program was attacked with American and Israeli cyberweapons — was involved demonstrates how fast other nations have learned from Russia’s influence operations in 2016.
“We are under attack and we are going to be up to Nov. 3 and probably beyond,” Senator Angus King, independent of Maine who sits on the Senate Intelligence Committee. “Both the American people have to be skeptical and thoughtful about information they receive and certainly election officials have to be doubly cautious now that we know again they are targets.”
Intelligence officials briefed Senator Marco Rubio, the Republican chairman of the Senate Intelligence Committee, and Senator Mark Warner, the committee’s top Democrat. The two lawmakers urged the intelligence agencies to release more information about the threat, but officials said they had to limit what information they made public, according to people briefed on the meeting.
In 2016, Russia scanned the contents of many state election systems and penetrated a few, including Arizona and Illinois, even if they did not change any votes, “This may be the beginning of a more concerted operation,” said Mr. King. “They don’t have to do anything; they just have to make people think they are doing something.”
Latest Updates
- A struggling bar owner in a Biden ad also happened to be an ‘angel investor.’ The ad disappeared.
- In 5 to 3 ruling, Supreme Court blocks the use of curbside or ‘drive-up’ voting in Alabama.
- Iran used voter data to send threatening emails, F.B.I. says.
Officials have been warning for months about the risk of what are known as perception hacks: efforts to use a mix of easily accessible data to create the impression among voters that foreign powers are actually inside voting infrastructure. That perception alone, officials said, could shake confidence in the integrity of the vote — exactly what Russia has been seeking to do since its interference in 2016.
Iran has tinkered at the edges of American election interference since 2012, but always as a minor actor. Last year they stepped up their game, private cybersecurity firms have warned. They have caught Iranian operatives occasionally impersonating politicians and journalists around the world, often to spread narratives that are aimed at denigrating Israel or Saudi Arabia, its two major adversaries in the Middle East.
“But they have gone from propaganda to deliberate interference in this election,” John Hultquist, the senior director of FireEye, a Silicon Valley security firm, said after Wednesday’s announcement.
“Their focus here is to prey on existing fears that election infrastructure will be subverted and hacked, as well as fears of voter intimidation,” he said.
Mr. Ratcliffe and Mr. Wray said little about Russia, but until the wave of fake emails, Moscow had been the No. 1 concern of the National Security Agency, United States Cyber Command and the Department of Homeland Security’s Cyber Infrastructure and Security Agency, which has responsibility for helping states secure their voting systems.
Two weeks ago, Cyber Command, a part of the military, helped paralyze a complex network developed by Russian-speaking hackers and used in ransomware attacks on cities and towns across the United States, along with many companies. Microsoft led a team of firms doing the same, armed with court orders that enabled them to take down the command-and-control servers used to distribute the tools, which are called TrickBot. The move was made to disrupt the system so that it could not be used to lock up voter registration systems.
In recent days, another Russian hacking group called Energetic Bear, often linked to the F.S.B. — one of the successors to the Soviet Union’s K.G.B. — appears to have focused its attentions on gaining access to state and local government networks. That has caught the attention of federal investigators, because until now the group had largely targeted energy firms, including public utilities.
But there is no evidence that the hackers have directly attacked any election infrastructure. The fear among cybersecurity experts is that once inside local government networks, they could attempt to move laterally, into voter registration databases.
So far, there is no evidence they have attempted to do that, but officials said that kind of move would only come in the last days of the election campaign, if at all.
Iran’s efforts appear to focus on voter intimidation and disinformation. Some spoofed emails sent to voters contained links to a false and deceptive video that attempted to scare voters into believing the senders were also capable of manipulating the mail-in vote process, playing on fears that Mr. Trump has fanned with his insistence that mail-in ballots are subject to fraud.
Though the link was not widely shared on social media, a few users did post it to Twitter. Twitter said in a statement on Wednesday night that it had moved “quickly to proactively and permanently suspend a small number of accounts and limit the sharing of media” in the Iran-led campaign, but it gave no specifics.
Twitter said that the link to the video never gained traction on the platform or reached a widespread audience, though their investigation is ongoing.
The intelligence briefing on Wednesday evening was unusual because it featured two officials who have been criticized by opposite parties. Mr. Ratcliffe has been attacked by intelligence officials and Democrats for being overly partisan and Mr. Wray has been the target of Mr. Trump’s fury, including for his repeated insistence that Russia was a threat to the election.
Nicole Perlroth contributed reporting from San Francisco, Katie Benner from Washington and Nick Corasaniti from Philadelphia.
Source: Elections - nytimes.com