During a press conference on election security at FBI Headquarters with FBI Director Christopher Wray, Director of National Intelligence John Ratcliffe confirmed that some voter registration information has been obtained by Iran, and separately, by Russia.
"This data can be used by foreign actors to attempt to communicate false information to registered voters that they hope will cause confusion, sow chaos, and undermine your confidence in American democracy," Ratcliffe said.
Government agencies discovered that Iran has also been sending “spoofed” emails designed to intimidate voters, incite social unrest, and damage President Trump, including distributing other content, to include a video that implies that individuals could cast fraudulent ballots, even from overseas.
"This video – and any claims about such allegedly fraudulent ballots – are not true," Ratcliffe noted. "These actions are desperate attempts by desperate adversaries. Even if the adversaries pursue further attempts to intimidate or attempt to undermine voter confidence, know that our election systems are resilient, and you can be confident your votes are secure."
Rafe Pilling, Senior Security Researcher, Secureworks, explains, “Our analysis indicates the attack was simulated using infrastructure setup by the adversary—and not against a real voter registration database."
Pilling adds, "The unusual thing about this campaign is the target set, theme, and inclusion of a contrived video showing a hack of a voter registration database. The messages were sent using compromised infrastructure from companies linked to Saudi Arabia, Estonia and United Arab Emirates. This is a common tactic for threat actors. In some cases, it appears that the threat actors had technical difficulties getting target-specific, personal information, to populate in their email templates, with only the variable name showing in the resulting message. This could indicate that aspects of the operation were rushed or not well-planned in advance. While the video shows the use of the sqlmap tool to compromise a voter registration database, some failures in the redaction reveal command lines that indicate the attack was simulated using infrastructure setup by the adversary—and not against a real voter registration database."
"Regarding the intent of the campaign, Secureworks’ CTU researchers agree with the US Director of National Intelligence, the campaign’s aim is to create confusion, as well as fuel speculation and existing voter division, but not to influence specific voters. The real attack is on the United States’ democratic system with the intention to cast doubt over the integrity of the election process. This is illustrated by the inclusion of a link to a contrived video showing what appears to be fraudulent requests being submitted to the Federal Voting Assistance Program on-line portal," Pilling notes. "Since Iranian disinformation operations are usually focused on its domestic audience and neighbors in the Middle East, this is an unusual foray into American politics perhaps intended to test the waters and monitor the U.S. response. This statement only relates to the Iranian operation. The Russian activity is very different. And probably less directly election related.”
