Experts warn of wider disruptions after Trump campaign reports hacking
Analysts and intelligence experts warned Sunday that wider efforts may be underway by foreign powers to disrupt the U.S. presidential election, after Donald Trump’s campaign said it believed its email systems had been breached by hackers working for Iran.
So far, two Democratic House members who have served on intelligence and security committees have called for briefings and for declassification of information related to the possible foreign interference in the election.
The Trump campaign announcement came after it received questions from news organizations about an internal vetting document on vice-presidential candidate JD Vance that had been sent to the outlets.
The Washington Post was sent on Thursday the 271-page document, marked as “privileged & confidential,” from an anonymous AOL user going by the name “Robert.” Politico, which was the first to report on the Trump campaign’s statement, said that it had been receiving documents, including a vetting document on Vance, from a sender also going by the name “Robert” since July 22.
The Trump campaign has pointed to a report released Friday by Microsoft in which the company said it had discovered evidence that Iranian hackers had tried to break into the email account of a “high-ranking official” on a U.S. presidential campaign in June, which was around the same time Vance was selected as Trump’s running mate.
The company has declined to name the campaign but a person familiar with Microsoft’s work confirmed that the report’s reference was to the Trump campaign.
U.S. officials have not confirmed the campaign was hacked, and the campaign did not provide evidence of the breach or Iranian involvement.
Rep. Eric Swalwell (D-Calif.), a top Democrat on the House Homeland Security Committee’s cybersecurity subcommittee, said that he was seeking a briefing from the Department of Homeland Security.
“Yes, Trump is the most despicable person ever to seek office. He also sought foreign hacking in a past election. But that doesn’t mean America ever tolerates foreign interference,” he posted on X.
Former chair of the House Intelligence Committee, Rep. Adam Schiff (D-Calif.) urged officials to quickly declassify any information on the possible foreign nature of the hack reported by the campaign.
“In 2016, the Intelligence Community moved much too slow to properly identity the hacking and dumping scheme carried out by Russia to divide Americans and benefit the Trump campaign,” he posted on X. “The IC has since made improvements, but should act quickly here.”
He also called on both parties to condemn the reported hack. “In 2016, the Trump campaign welcomed Russian interference, took advantage of it, and then sought to deny it, much to the detriment of the country,” he said.
The Harris-Walz campaign has not responded to multiple requests for comment.
Since 2016, Democratic campaigns and affiliated organizations have put an emphasis on enhanced security protocols and heavily invested to shore up systems to guard against hacks and other cybersecurity threats.
Trump, the Republican nominee for president, said on his social media platform Truth Social that his campaign was informed by Microsoft that one of their websites was hacked by the Iranian government. He also claimed that only publicly available information was taken.
“We were just informed by Microsoft Corporation that one of our many websites was hacked by the Iranian Government – Never a nice thing to do!” he posted on the platform late on Saturday.
“They were only able to get publicly available information but, nevertheless, they shouldn’t be doing anything of this nature. Iran and others will stop at nothing, because our Government is Weak and Ineffective, but it won’t be for long.”
Microsoft and other security companies say that an Iranian group behind the June attack on a presidential campaign is run by the Iranian Revolutionary Guard Corps.
Microsoft did not confirm the Trump campaign was the target but the tech giant said on Friday that Iranian hackers took over a former adviser’s email account and sent a phishing message with a malicious link to a senior official still inside a campaign.
The Iranian hacking group used the same technique in 2021 against the press secretary for a U.S. official, according to email security provider Proofpoint. But the group also has custom malware that can be used in more subtle attacks.
Proofpoint researcher Joshua Miller said that the Iranian group is very actively targeting U.S. politicians and campaign staff. He said multiple Iranian groups impersonate journalists to approach targets.
The document that was sent to the Post was an internal campaign write-up of Vance’s potential political vulnerabilities, dated Feb. 23, that had been commissioned by the campaign from the law firm Brand Woodward. While it drew from public records and news clips, the vetting report itself was an internal document not previously public.
On Saturday, a spokesperson for the National Security Council said the Biden administration “strongly condemns any foreign government or entity who attempts to interfere in our electoral process or seeks to undermine confidence in our democratic institutions.”
The FBI said in a statement on Saturday that the agency was aware of the media reports and had no comment.
The news of the hack broke during Def Con, the annual hacking and security conference that draws tens of thousands to Las Vegas in summer.
Many of the attendees interviewed expressed dread at what might lie ahead.
They speculated that if Iranian hackers were involved, they may have taken more files than what news organizations have reported, with plans to dribble out other material to mainstream or less reputable news sites, including the surging number filled mainly with plagiarized content from elsewhere.
“‘Pink slime’ and fake sites are in their repertoire, so it’s possible that information gets posted in other fora if U.S. media outlets hold back,” Chris Krebs, the founding head of the Cybersecurity and Infrastructure Security Agency, which dealt with misinformation about the 2020 election, said in an interview with the Post. “It’s possible they do both.”
Earlier, Krebs wrote a post on X speculating that actors may be trying to repeat what happened during the 2016 campaign, when U.S. intelligence concluded that Russia interfered in the election by hacking and leaking internal Democratic documents. “Someone is running the 2016 playbook, expect continued efforts to stoke fires in society and go after election systems – 95% votes on paper ballots is a strong resilience measure, combined with audits. But the chaos is the point,” he wrote.
Some experts in email security said publicly available email exchange records indicate the campaign staff’s email accounts weren’t well protected. As one indicator, it had not enabled a common system called DMARC, which would confirm that an email sender from a Trump address was actually part of the campaign.
While Iranian cyber operations have become more sophisticated and aggressive since the 2020 election cycle, former U.S. officials said they pale next to Russia, which might have also breached one or more campaigns by now.
Most professionals said they expect more hacks and leaks as the election draws closer, with the big unknown being how the public and media react to minor nuggets.
“Unfortunately, this isn’t the ‘new normal.’ It’s just normal,” said Jake Braun, who recently left the White House after serving as acting principal deputy national cyber director.
A spate of recent government and industry reports have pointed to increased propaganda about the election from Russia as well as Iran, and channels that are used to push political viewpoints can be used to spread data from hacks.
- – -
Josh Dawsey, Isaac Arnsdorf, Devlin Barrett and Tyler Pager contributed to this report.