Saturday, February 19, 2022

The Iranian Cyber Threat: My Counterterrorism Magazine Piece On Iranian Cyber Operations To Influence 2020 Presidential Election

Counterterrorism magazine published my piece on the Iranian cyber threat. 

You can read the below pages or text:

The Iranian Cyber Threat: Iranians Indicted for Cyber Operations

to Influence the 2020 Presidential Election

By Paul Davis

While most of the attention has been on Russian interference in the 2020 election, a federal indictment this past November zeroed in on Iran’s cyber operations.

An indictment unsealed in New York on November 21st charged two Iranian nationals with involvement in a cyber-enabled campaign to intimidate and influence American voters, and undermine voter confidence, as well as sow discord, in connection with the 2020 U.S. presidential election.

According to Court documents, Seyyed Mohamad Hosein Musa Kazemi, aka Mohammad Hosein Musa Kazem, aka Hosein Zamani, 24, and Sajjad Kashaian, aka Kiarash Nabavi, 27, obtained confidential U.S. voter information from at least one state election website; sent threatening email messages to intimidate and interfere with voters; created and disseminated a video containing disinformation about purported election infrastructure vulnerabilities; attempted to access, without authorization, several states’ voting-related websites; and successfully gained unauthorized access to a U.S. media company’s computer network that, if not for successful FBI and victim company efforts to mitigate, would have provided the conspirators another vehicle to disseminate false claims after the election.

“This indictment details how two Iran-based actors waged a targeted, coordinated campaign to erode confidence in the integrity of the U.S. electoral system and to sow discord among Americans,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division. “The allegations illustrate how foreign disinformation campaigns operate and seek to influence the American public. The Department is committed to exposing and disrupting malign foreign influence efforts using all available tools, including criminal charges.”

U.S. Attorney Damian Williams for the Southern District of New York stated, “As alleged, Kazemi and Kashian were part of a coordinated conspiracy in which Iranian hackers sought to undermine faith and confidence in the U.S. presidential election. Working with others, Kazemi and Kashian accessed voter information from at least one state’s voter database, threatened U.S. voters via email, and even disseminated a fictitious video that purported to depict actors fabricating overseas ballots. The United States will never tolerate any foreign actors’ attempts to undermine our free and democratic elections. As a result of the charges unsealed today, and the concurrent efforts of our U.S. government partners, Kazemi and Kashian will forever look over their shoulders as we strive to bring them to justice.”

The FBI’s Cyber Division’s Assistant Director Bryan Vorndran added, “The FBI remains committed to countering malicious cyber activity targeting our democratic process. Working rapidly with our private sector and U.S. government partners and ahead of the election, we were able to disrupt and mitigate this malicious activity – and then to enable today’s joint, sequenced operations against the adversary.”

According to the Feds, from about August of 2020 to November 2020, Kazemi, Kashian, and other co-conspirators coordinated a campaign to undermine faith and confidence in the 2020 presidential election. The Campaign had four components:

“In September and October 2020, members of the conspiracy conducted reconnaissance on, and attempted to compromise, approximately 11 state voter websites, including state voter registration websites and state voter information websites. Those efforts resulted in the successful exploitation of a misconfigured computer system of a particular U.S. state (“State-1”), and the resulting unauthorized downloading of information concerning more than 100,000 of State-1’s voters,” the Justice Department stated.

“In October 2020, members of the conspiracy, claiming to be a “group of Proud Boys volunteers,” sent Facebook messages and emails (the “False Election Messages”) to Republican Senators, Republican members of Congress, individuals associated with the presidential campaign of Donald J. Trump, White House advisors, and members of the media. The False Election Messages claimed that the Democratic Party was planning to exploit “serious security vulnerabilities” in state voter registration websites to “edit mail-in ballots or even register non-existent voters.” The False Election Messages were accompanied by a video (the “False Election Video”) carrying the Proud Boys logo, which purported, via simulated intrusions and the use of State-1 voter data, to depict an individual hacking into state voter websites and using stolen voter information to create fraudulent absentee ballots through the Federal Voting Assistance Program (FVAP) for military and overseas voters.

“Also in October 2020, the conspirators engaged in an online voter intimidation campaign involving the dissemination of a threatening message (the “Voter Threat Emails”), purporting to be from the Proud Boys to tens of thousands of registered voters, including some voters whose information the conspiracy had obtained from State-1’s website. The emails were sent to registered Democrats and threatened the recipients with physical injury if they did not change their party affiliation and vote for President Trump.”

The Justice Department further stated that On Nov. 4, 2020, the day after the 2020 U.S. presidential election, the conspirators sought to leverage earlier September and October 2020 intrusions into an American media company’s (Media Company-1) computer networks. Specifically, on that day, the conspirators attempted to use stolen credentials to again access Media Company-1’s network, which would have provided them another vehicle for further disseminating false claims concerning the election through conspirator-modified or created content. However, because of an earlier FBI victim notification, Media Company-1 had by that time mitigated the conspirators’ unauthorized access and these log-in attempts failed. 

According to the Justice Department, Kazemi and Kashian are experienced Iran-based computer hackers who worked as contractors for an Iran-based company formerly known as Eeleyanet Gostar, and now known as Emennet Pasargad. Eeleyanet Gostar purported to provide cybersecurity services within Iran. Among other things, Eeleyanet Gostar is known to have provided services to the Iranian government, including to the Guardian Council.

“As part of his role in the Voter Intimidation and Influence Campaign, Kazemi compromised computer servers that were used to send the Voter Threat Emails, drafted those emails, and compromised the systems of Media Company-1. Kashian managed the conspirators’ computer infrastructure used to carry out the Voter Threat Emails campaign and he purchased social media accounts in furtherance of the Voter Intimidation and Influence Campaign,” the Justice Department stated.

Kazemi and Kashian were both charged with one count of conspiracy to commit computer fraud and abuse, intimidate voters, and transmit interstate threats, which carries a maximum sentence of five years in prison; one count of voter intimidation, which carries a maximum sentence of one year in prison; and one count of transmission of interstate threats, which carries a maximum sentence of five years in prison. Kazemi is additionally charged with one count of unauthorized computer intrusion, which carries a maximum sentence of five years in prison; and one count of computer fraud, namely, knowingly damaging a protected computer, which carries a maximum sentence of 10 years in prison.

“Concurrent with the unsealing of the indictment, the Department of the Treasury Office of Foreign Assets Control (OFAC) designated Emennet Pasargad, Kazemi, Kashian, and four other Iranian nationals comprising Emennet Pasargad leadership pursuant to Executive Order 13848.

Kazemi and Kashian are both wanted by the FBI. The State Department’s “Rewards for Justice Program” is offering a reward of up to $10 million for information on or about their activities.

Back in October of 2020, Treasury’s OFAC designated five Iranian entities for attempting to influence elections in the United States.

“The Iranian regime has targeted the United States’ electoral process with brazen attempts to sow discord among the voting populace by spreading disinformation online and executing malign influence operations aimed at misleading U.S. voters. Components of the Government of Iran, disguised as news organizations or media outlets, have targeted the United States in order to subvert U.S. democratic processes,” the Treasury Department stated.

The Treasury Department designated the Islamic Revolutionary Guard Corps (IRGC), the IRGC-Qods Force (IRGC-QF), and Bayan Rasaneh Gostar Institute (Bayan Gostar) pursuant to Executive Order (E.O.) 13848 for having directly or indirectly engaged in, sponsored, concealed, or otherwise been complicit in foreign interference in the 2020 U.S. presidential election. The Iranian Islamic Radio and Televisin Union (IRTVU) and International Union of Virtual Media (IUVM) were designated pursuant to E.O. 13848 for being owned or controlled by the IRGC-QF. The IRGC, including the IRGC-QF, has been designated under multiple authorities since 2007.

“The Iranian regime uses false narratives and other misleading content to attempt to influence U.S. elections,” said then-Treasury Secretary Steven T. Mnuchin.

According to the Treasury Department, the Iranian regime’s disinformation efforts have targeted a global audience through a variety of covert media organizations. Disinformation campaigns run by the Iranian regime focus on sowing discord among readers via social media platforms and messaging applications, and frequently involve mischaracterizing information.

Since at least 2015, Bayan Gostar has served as a front company for IRGC-QF propaganda efforts. In the months leading up to the 2020 U.S. presidential election, Bayan Gostar personnel have planned to influence the election by exploiting social issues within the United States, including the COVID-19 pandemic, and denigrating U.S. political figures. As recently as summer 2020, Bayan Gostar was prepared to execute a series of influence operations directed at the U.S. populace ahead of the presidential election.

IRTVU, a propaganda arm of the IRGC-QF, and IUVM aided Bayan Gostar in efforts to reach U.S. audiences. In addition, IRGC-QF outlets amplified false narratives in English, and posted disparaging propaganda articles and other U.S.-oriented content with the intent to sow discord among U.S. audiences. IUVM also posted conspiracy theories and disinformation related to the COVID-19 pandemic.

“As a result of the designations, all property and interests in property of the persons are blocked, and U.S persons are generally prohibited from engaging in transactions with them. In addition, foreign financial institutions that knowingly facilitate significant transactions for, or persons that provide material or certain other support to, the persons designated today risk exposure to sanctions that could sever their access to the U.S. financial system or block their property and interests in property under U.S. jurisdiction. Additionally, any entities 50 percent or more owned by one or more designated persons are also blocked,” the Treasury Department stated.

The National Intelligence Council’s “Foreign Threats to the 2020 U.S. Federal Elections” last March assessed that Iran had conducted a covert influence campaign during the 2020 elections.

“We assess that Iran carried out a multi-pronged covert influence campaign intended to undercut former President Trump’s reelection prospects – though without directly promoting his rivals – and undermine public confidence in the electoral process and U.S. institutions, and sow division and exacerbate societal tensions in the U.S,” the assessment stated. “We have high confidence in this assessment. We assess the Supreme Leader Khamenei authorized the campaign and Iran’s military and intelligence services implemented it using covert messaging and cyber operations.”

About the Author

Paul Davis, who writes the IACSP Threatcon column, is a longtime contributor to the Journal. 

No comments:

Post a Comment