FRESH AIR

Iran stepping up influence operations and cyber-mischief in lead-up to US election

Oct 27, 2020 | Oved Lobel

Iran Cyber 2

On November 5, 2019, a joint statement by US intelligence and security agencies warned: “Our adversaries want to undermine our democratic institutions, influence public sentiment, and affect government policies. Russia, China, Iran, and other foreign malicious actors all will seek to interfere in the voting process or influence voter perceptions. Adversaries may try to accomplish their goals through a variety of means, including social media campaigns, directing disinformation operations, or conducting disruptive or destructive cyberattacks on state and local infrastructure.”

Last week, Director of National Intelligence John Ratcliffe announced at a press conference alongside other US intelligence officials that Iran had obtained some voter registration information. It was also reported the same day that US intelligence had concluded that Iran was behind thousands of emails purporting to come from the far-right Proud Boys threatening democratic voters to vote for Trump. “You will vote for Trump on Election Day or we will come after you. Change your party affiliation to Republican to let us know you received our message and will comply,” read one of the emails. The emails falsely claimed that they had obtained personal voter information, such as addresses, because local election systems had been hacked, in an attempt to undermine voter confidence in the integrity of the election.  In reality, voter registration information is publicly available. The US was able to immediately attribute the emails to Iran thanks to information gleaned from a video attached to some of the messages. “Either they made a dumb mistake or wanted to get caught,” one senior US official told Reuters.

Separately, Twitter recently announced it had removed about 130 accounts linked to Iran based on information from the FBI, while the US government seized 92 domain names linked to Iran’s Islamic Revolutionary Guards Corps (IRGC), which were being used to spread propaganda and disinformation. On October 21, the US Department of Justice (DOJ) announced it had seized two domain names used by Kataib Hezbollah, the IRGC proxy militia that dominates Iraq. An investigation by McClatchy and the Miami Herald, also published last week, discovered that the Islamic Republic of Iran Broadcasting Corporation (IRIB), Iran’s official state propaganda network, actually has had parts of its sites hosted physically in the US despite being sanctioned.

AIJAC readers will not be surprised to learn any of this. Since 2018, AIJAC has been covering Iran’s expansive propaganda and influence operations as well as its cyberattacks and hacking attempts. There is the International Union of Virtual Media (IUVM), a vast network of websites and social media accounts and pages that produce or launder pro-regime propaganda across the world, as well as its official counterpart, the IRIB. Twitter, Facebook, Google, and Microsoft are constantly announcing mass takedowns of sites, accounts and pages linked to IRIB and IUVM.

Then there are more refined operations, like “Endless Mayfly,” where Iranian operatives invented about a dozen personas to plant articles and target specific individuals, including Israelis, Iranian expats and dissidents and even reportedly Hisham al-Hashimi, an Iraqi security expert and advisor recently assassinated by IRGC proxies. An Iran-linked hacking group dubbed “Charming Kitten” involved in this operation also masqueraded as journalists and utilised “typosquatting,” the mimicking of a link, account or website but changing one or two letters to mislead inattentive users. As AIJAC wrote at the time: 

In one incident, right after then-Israeli Defence Minister Avigdor Lieberman resigned in protest over a ceasefire with Hamas, a fake article on a fake version of the Belfer Center website quoted ex-Mossad chief Tamir Pardo telling the Belfer Center that Lieberman had been dismissed because he was a Russian agent. The article was then spread by the fake persona “Bina Melamed.” Pardo had in fact just spoken at the Belfer Center, and the ability to immediately create a clone website that drew on real events demonstrates much more situational awareness than previous disinformation campaigns.

With these spoofed Proud Boys emails, Iran has once again demonstrated its ability to quickly react to events in real time – in this case, Donald Trump refusing to condemn the Proud Boys during the first presidential debate – to employ effective disinformation and engage in blatant election interference. As cybersecurity expert and analyst John Hultquist put it, “This incident marks a fundamental shift in our understanding of Iran’s willingness to interfere in the democratic process. While many of their operations have been focused on promoting propaganda in pursuit of Iran’s interests, this incident is clearly aimed at undermining voter confidence.”

Iran has also been heavily involved in targeting coronavirus-related research across the world, including trying to hack accounts of World Health Organisation (WHO) staff. Adam Rawnsley, who covers Iran-linked information operations at the Daily Beast, reported that someone seemingly linked to Endless Mayfly managed to set up a verified Twitter account in the name of a senior WHO official to push racist COVID-19 vaccine conspiracy theories.

Rawnsley also reported on the hacking the Twitter account of Israel Hayom, where the hackers, likely Iranian, posted disinformation and then amplified that disinformation using pro-Iran accounts. This was a similar incident to the hacking of Kuwait’s State-Run news agency KUNA in January and almost certainly related to Endless Mayfly. Accounts involved also amplified a fake story written in poor Hebrew planted on Hidabroot, an Orthodox media site, by hackers, recalling the spoofing of the  US-based Foreign Policy Research Institute (FPRI) in January, where a fake article in poor English on the fake version of the site was clearly intended to increase tensions between the US and Iraq. The article spread so widely that the Iraqi Prime Minister at the time issued a denial of its contents and FPRI itself also had to issue a statement.

The cyberwar between Iran, Israel and the US has continued into 2020, with cybersecurity firms ClearSky and Profero reporting that IRGC-linked hackers dubbed “MuddyWater” attempted several ransomware attacks on Israeli firms. Iran, meanwhile, recently announced it had suffered large cyber-attacks against several government institutions, including the Port Authority. One of Iran’s hacking fronts, the Rana Intelligence Computing Company, was itself hacked and its tools leaked online, a substantial blow to Iran’s Ministry of Intelligence and Security (MOIS).

The Proud Boys email spoof is the next step in the trend towards more sophisticated, targeted Iranian influence operations. As Amir Rashidi, director of digital rights and security at the Miaan Group, told the New York Times, “Iran’s behavior on the internet, from censorship to hacking, has become more aggressive than ever.”

RELATED ARTICLES


An IDF bulldozer checks for explosive charges beneath roads approaching the Nur Shams camp near Tulkarem (Screenshot)

IDF, Shin Bet launch major operation in northern West Bank

Aug 28, 2024 | Featured, Fresh AIR
Image: United Nations/ X

The UN continues to ignore Israeli victims of terrorism

Aug 28, 2024 | Featured, Fresh AIR
The aftermath of the violent settler attack upon the West Bank town of Jit (Image: X/ Twitter)

Jewish community condemnation of settler violence is not new

Aug 27, 2024 | Featured, Fresh AIR
Iran Hackers

Iran steps up election interference in the US

Aug 23, 2024 | Featured, Fresh AIR
At rallies across the world, it’s not unusual to see the former Iranian flag being waved proudly alongside Israeli flags (Image: X/ Twitter)

The many Iranians who support Israel and Israelis

Jul 25, 2024 | Featured, Fresh AIR
Screenshot 2024 07 19 At 1.21.58 PM

Defying expectations: Silent settlement freeze and outpost demolitions

Jul 19, 2024 | Featured, Fresh AIR

RECENT POSTS

The “encampment” at the University of Sydney (Image: X/Twitter)

AIJAC welcomes Federal Government announcement of National Student Ombudsman

Image: Yehuda Bergstein/ Shutterstock

Living with a bomb bag: A mother’s perspective on Jewish life after 7 October and the death of six young Israelis

Screenshot 2024 09 06 At 11.20.57 AM

Eylon Levy, former Israeli Government spokesperson, in conversation with AIJAC’s Rebecca Davis

Image: Shutterstock

The UN continues to ignore Israeli victims of terrorism

Mass protest in Tel Aviv (Image: X/ Twitter screenshot)

Heartbreak has turned to rage in Israel: Can Benjamin Netanyahu survive the biggest challenge to his rule?

The “encampment” at the University of Sydney (Image: X/Twitter)

AIJAC welcomes Federal Government announcement of National Student Ombudsman

Image: Yehuda Bergstein/ Shutterstock

Living with a bomb bag: A mother’s perspective on Jewish life after 7 October and the death of six young Israelis

Screenshot 2024 09 06 At 11.20.57 AM

Eylon Levy, former Israeli Government spokesperson, in conversation with AIJAC’s Rebecca Davis

Image: Shutterstock

The UN continues to ignore Israeli victims of terrorism

Mass protest in Tel Aviv (Image: X/ Twitter screenshot)

Heartbreak has turned to rage in Israel: Can Benjamin Netanyahu survive the biggest challenge to his rule?

SORT BY TOPICS