Iranian hackers targeting US voters identified by ‘dumb mistake’ — report

Investigators quickly tracked down attackers based in Iran due to oversight in video meant to intimidate Americans ahead of election, says Reuters

Illustrative: A cybersecurity expert stands in front of a map of Iran as he speaks to journalists about the techniques of Iranian hacking, on September 20, 2017, in Dubai, United Arab Emirates. (AP/Kamran Jebreili)
Illustrative: A cybersecurity expert stands in front of a map of Iran as he speaks to journalists about the techniques of Iranian hacking, on September 20, 2017, in Dubai, United Arab Emirates. (AP/Kamran Jebreili)

Iranian hackers were quickly identified as responsible for an email campaign threatening US voters due to a “dumb mistake,” according to a Thursday report.

The hackers sent out a video with incriminating information in it that betrayed their origin, according to the Reuters news agency.

The video included footage of the hackers pretending to break into a US voter registration network. It showed the hackers’ computer screen, which included codes an IP address.

Investigators tracked down the IP address and linked it to earlier Iranian hacking efforts, then cross-referenced it with other intelligence, the report said, citing four anonymous sources familiar with the matter.

“Either they made a dumb mistake or wanted to get caught,” a senior US official told Reuters. “We are not concerned about this activity being some kind of false flag due to other supporting evidence. This was Iran.”

The IP address was hosted by a Dutch service called Worldstream, which cybersecurity experts said Iranian hackers used to carry out other recent attacks. Worldstream said it had suspended the account following the report.

It is not certain that the Iranian government was behind the attack, which could have been carried out by other actors from the country. The Iranian government denied involvement.

The oversight allowed US investigators to identify and disclose the origin of the attack within days. Investigations into similar attacks usually take months.

On Wednesday, US Director of National Intelligence John Ratcliffe fingered Iran as behind the recent emails addressed to US voters, which threatened them to support US President Donald Trump and his Republican Party.

Rep. John Ratcliffe, R-Texas., questions former special counsel Robert Mueller as he testifies before the House Intelligence Committee hearing on his report on Russian election interference, on Capitol Hill in Washington, July 24, 2019 (AP Photo/Andrew Harnik, File)

The emails appeared to have been sent by a right-wing US militia group, the Proud Boys, but Ratcliffe said Iran was behind them.

Trump stirred controversy in his first debate with his Democratic opponent, Joe Biden, by equivocating on whether he condemns the Proud Boys.

Following the revelation, the United States on Thursday slapped new sanctions on five Iranian entities for what it called “brazen attempts” to interfere with the US election.

The Treasury imposed the fresh sanctions against the Islamic Revolutionary Guard Corps (IRGC), its Quds Force, the Bayan Rasaneh Gostar Institute, the Iranian Islamic Radio and Television Union and International Union of Virtual Media.

The Treasury Department accused the Iranian groups of seeking to spread disinformation and division ahead of the November 3 vote.

The groups have worked to “sow discord among the voting populace by spreading disinformation online and executing malign influence operations aimed at misleading US voters,” the Treasury said.

A woman drops off a vote-by-mail ballot with an election worker, right, at an official ballot drop box outside of an early voting site, October 20, 2020, in Miami Beach, Florida (AP Photo/Lynne Sladky)

Bayan Gostar, which the Treasury called an IRGC-Quds Force “front company” for propaganda, took the lead in the activities, it said.

Ahead of the election, “Bayan Gostar personnel have planned to influence the election by exploiting social issues within the United States, including the COVID-19 pandemic, and denigrating US political figures,” it said.

“As recently as summer 2020, Bayan Gostar was prepared to execute a series of influence operations directed at the US populace ahead of the presidential election.”

The Treasury gave no specific details on what the Iranians had done, but US social media companies have blocked accounts and postings they determined were part of Iranian government-backed influence efforts related to the election and social issues.

The sanctions, which forbid Americans and US entities from doing business with the Iranian groups, likely have little real impact, as the IRGC and Quds Force are already subject to other sweeping sanctions.

Iran summoned the ambassador of Switzerland, who represents US interests in Tehran in the absence of diplomatic relations, to deny the “fabricated and clumsy” allegations.

US authorities “have put forward a baseless claim on the verge of the country’s election so that they would advance their undemocratic and predefined scenario through shifting the blame,” Iran’s foreign ministry spokesman Saeed Khatibzadeh said in a statement.

The Treasury Department separately Thursday imposed sanctions against Iran’s ambassador to Iraq, where the United States has been working to fight Tehran’s influence.

The Treasury alleged Iraj Masjedi was a “close adviser” to Qassem Soleimani, Iran’s most powerful general, who was killed in January by a US strike.

read more:
Never miss breaking news on Israel
Get notifications to stay updated
You're subscribed
Register for free
and continue reading
Registering also lets you comment on articles and helps us improve your experience. It takes just a few seconds.
Already registered? Enter your email to sign in.
Please use the following structure: [email protected]
Or Continue with
By registering you agree to the terms and conditions. Once registered, you’ll receive our Daily Edition email for free.
Register to continue
Or Continue with
Log in to continue
Sign in or Register
Or Continue with
check your email
Check your email
We sent an email to you at .
It has a link that will sign you in.