Joerg Habermeier - stock.adobe.c

Iranian hackers pose as far-right group to threaten U.S. voters

The FBI said Russia and Iran have obtained voter information, and Iranian hackers have also been sending threatening emails to voters that appeared to be from a far-right group.

The FBI called a press conference with little warning Wednesday evening to disclose disinformation threats against American voters

U.S. Director of National Intelligence John Ratcliffe, appearing with FBI Director Christopher Wray, said during the briefing that both Iran and Russia have already made efforts to interfere with the U.S. presidential election by obtaining voter information and, in Iran's case, sending threatening emails to voters.

"We would like to alert the public that we have identified that two foreign actors, Iran and Russia, have taken specific actions to influence public opinion relating to our elections. First, we have confirmed that some voter registration information has been obtained by Iran, and separately, by Russia," Ratcliffe said during the press conference.

SearchSecurity asked the FBI whether the voter information obtained by these two nation-state groups was limited to publicly available sources; the FBI and Office of the Director of National Intelligence (ODNI) declined to clarify further.

The press conference also covered emails received by registered voters in several swing states over the last few days that claimed to be from the Proud Boys, a far-right group known for political violence, intimidating voters to vote for President Trump "or else!" Though the emails appeared to be legitimate, Ratcliffe said that the emails were spoofed.

"We have already seen Iran sending spoofed emails designed to intimidate voters, incite social unrest and damage President Trump. You may have seen some reporting on this in the last 24 hours or you may have even been one of the recipients of those emails," he said.

Prior to the press conference, several infosec researchers noted peculiarities with the emails. Experts at the Election Integrity Partnership said on Twitter Tuesday that the emails "had all the hallmarks of an active measures campaign" to spread disinformation. Motherboard first reported Tuesday that the email appeared to be spoofed and were likely sent from an IP address in Estonia.

In a tweet, CrowdStrike co-founder and former CTO Dmitri Alperovitch said that "This Proud Boys spoofed email campaign in Florida that the US Government has just publicly attributed to Iran is probably the fastest ever public disclosure of attribution intelligence ever made by the US. It took literally hours for press conference vs months/years in the past."

Ratcliffe also said Iran was spreading disinformation in other ways, including a video released in some of the spoofed emails that "implies that individuals could cast fraudulent ballots, even from overseas." Ratcliffe said that these claims, and others like them, are not true.

Wray reassured voters that the FBI and other agencies are working diligently to protect the security of the election.

"At the FBI, we're working closely with our intelligence community partners, as well as our other federal, state and local partners, to share information, bolster security, and identify and disrupt any threats. We're not going to tolerate foreign interference in our elections or any criminal activity that threatens the sanctity of your vote or undermines public confidence in the outcome of the election," Wray said during the press conference. "When we see indications of foreign interference or federal election crimes, we're going to aggressively investigate and work with our partners, to quickly take appropriate action."

While no major cyber attacks on election infrastructure or political campaigns have been revealed this year, the U.S. government and private sector partners have conducted several efforts to strengthen election security and address some of the misinformation campaigns targeting voters.

Toward the end of the briefing, Wray said, "You should be confident that your vote counts."

Dig Deeper on Threats and vulnerabilities

Enterprise Desktop
Cloud Computing