Iranian hackers probed election-related websites in 10 states, US officials say
Suspected Iranian hackers have probed the election-related websites of 10 states and, in one case, accessed voter registration data, federal personnel told election security officials on Friday.
As part of their reconnaissance activity, the hackers were conducting broad scanning of an unspecified number of state and local websites at the end of September, then attempted to exploit some of those websites to nab voter data, officials from the Department of Homeland Security said during a phone briefing. They successfully compromised one database, according to Jermaine Roebuck, an official at DHS’s Cybersecurity and Infrastructure Security Agency.
In addition, an FBI official on the briefing said that attackers had conducted “advanced open-source searches specific” to websites in 10 U.S. states in search of voting-related information.
“We have confirmed that in at least one state the threat actor did obtain [access] to a voter registration database by abusing a website misconfiguration,” Roebuck said. “We are aware of the specific states that were targeted in this activity and we’re actively coordinating with those states currently to ensure proper remediation.”
In some cases, Roebuck said, the suspected Iranian hackers have been attempting to exploit known software vulnerabilities in their search for voter data. He did not say which states were targeted.
“We weren’t able to attribute all of this activity to the same threat actor,” but there was overlap in IP addresses, IP ranges, virtual private network exit nodes, and other technical data, Roebuck said.
The briefing sheds more light on suspected Iranian efforts to interfere in the U.S. election. It follows a public accusation from American officials that Iran was behind an influence campaign involving phony emails threatening Democratic voters in Florida. U.S. officials said then that attackers had accessed some voter information, but they did not say how.
After this story was published, the FBI and CISA released advisories on the Iranian group allegedly behind the activity, indicating it was the same group behind the fake emails to Democratic voters.
There is no evidence that any of the activity has affected voting procedures, and U.S. officials stressed that the integrity of the vote is protected. CISA and the FBI used the briefing to encourage state and local officials to harden their IT systems days before Election Day. “We know that activity is out there, we know the steps” you can take to address it, said Matt Masterson, a CISA senior adviser.
With voting underway across the country, U.S. officials have publicly attributed a series of foreign cyber campaigns related to the elections sector. It’s a federal effort to be more transparent about foreign threats compared to 2016, and at the same time reassure voters their ballots are being protected.
The FBI and CISA previously said that the Russian government-connected TEMP.Isotope hacking group, also known as Energetic Bear, was responsible for breaching some IT infrastructure used by state and local officials. Beyond assigning blame, U.S. officials have also taken action against alleged election-meddlers, including sanctions against Iranian organizations.
The Iranian Mission to the United Nations did not immediately respond to a request for comment on the allegations.
Tim Starks contributed reporting.
Clarification, 11/1/20: This story has been updated to clarify the remarks of the FBI official on the phone briefing.
