Election securityIranian Government Hackers Target U.S. Presidential Campaign: Microsoft

Microsoft announced on Friday that a hacking group linked to the Iranian government has carried out a campaign against a U.S. presidential candidate.

The group, which the tech giant named Phosphorous, made more than 2,700 attempts during a 30-day period between August and September to identify customer e-mail accounts. The hackers managed to hack into 241 of them.

CBS News reports that in addition to the unnamed presidential candidate, the Iranian hackers also targeted current and former U.S. government officials and journalists covering global affairs, in Iran and elsewhere. The hackers also targeted prominent Iranians living abroad.

Microsoft Corporate Vice President Tom Burt posted the information on a Microsoft blog on Friday.

“It is important that we all — governments and private sector — are increasingly transparent about nation-state attacks and efforts to disrupt democratic processes,” he wrote.

Burt said that four accounts had been compromised, but none of these were linked to the presidential campaign. They described the attacks as “not technically sophisticated” but warned all users to “be vigilant.”

The hackers appear to have attempted to gather information about people through gaming password reset processes and account recovery features.

Microsoft said it had informed the Democratic National Committee (DNC) about the hack, but declined to identify which campaign had been targeted, citing privacy issues.

Foreign hackers have long targeted U.S. government and politicians, typically with little notice. But Russia’s successful campaign to help Donald Trump win the 2016 election has prompted fears that other countries will try to emulate Russia’s effort.

These fears have been heightened by Trump’s continuing denial that there was such a Russian interference in the 2016 campaign, and his public denigration of the U.S. intelligence community for reaching a unanimous conclusion that the Russians interfered in the election in order to help him win the election. Trump has also refused to lead a government-wide effort to thwart future foreign interference in U.S. elections.

Intelligence experts have pointed to China, Iran, and North Korea as the most likely – and capable – countries to follow the Russia example.

“The Russians came after us and our election system in 2016 and they paid virtually no price for that activity,” Jamil N. Jaffer, director of the national security law and policy program at George Mason University, and former chief counsel of the Senate Foreign Relations Committee, told CBS News. “It’s not surprising that China now more aggressively and maybe the Iranians are getting in that game. Why not?”

DHS said it was working with Microsoft to “assess and mitigate impacts.” Chris Krebs, director of the department’s Cybersecurity and Infrastructure Security Agency, said much of the activity is likely “run-of-the-mill” foreign intelligence service work.

But, “Microsoft’s claims that a presidential campaign was targeted is yet more evidence that our adversaries are looking to undermine our democratic institutions,” Krebs said.

Hacking by a foreign power is not the only worry of those who want to ensure the integrity of U.S. election. In 2016 Russia was successful in its effort to have Trump win the election by focusing its broad social media campaign on Facebook, Twitter, and Instagram on suppressing African American vote in Pennsylvania, Michigan, and Wisconsin. The Russian campaign helped Trump win these three states by a combined total of fewer than 100,000 votes.

CBS News notes that on Thursday, 3 October, a memo prepared by DHS and the FBI was sent to state election officials outlining possible ways Russia could seek to interfere in the 2020 elections by discouraging voters or utilizing voter suppression tactics.

The document, which was reviewed by the Associated Press, outlines a few possible scenarios for state and local election officials to be aware of. These scenarios include the use of social media to exacerbate divisions within political parties during state primaries and the hacking of election websites to spread misinformation on voting processes or to alter voter registration data.