By Devlin Barrett, The Washington Post (c) 2024
The Justice Department has charged three men with carrying outIran’s alleged hack and leak attack against Donald Trump’s presidential campaign.
Since June, the FBI has been investigating hacking activity aimed at the email accounts of Trump campaign staff and other people in the former president’s orbit. The FBI investigation has also focused on an online persona named “Robert” who contacted American reporters. That persona shared campaign documents they falsely claimed to have obtained while working with the Trump campaign, according to people familiar with the investigation who spoke on the condition of anonymity to describe the sensitive national security investigation.
Masoud Jalili, Seyyed Ali Aghamiri and Yasar Balaghi “prepared for and engaged in a wide-ranging hacking campaign” targeting current and former U.S. officials, political campaigns, members of the media, and others, the indictment charges. The Washington Post previously reported the Justice Department was preparing to bring charges in the case.
“Such activity is part of Iran’s continuing efforts to stoke discord, erode confidence in the U.S. electoral process, and unlawfully acquire information” that could be used to help Iran’s Islamic Revolutionary Guard Corps, the indictment alleges.
U.S. authorities have said the person, or people, posing as Robert was acting on behalf of the Iranian government and offering news organizations data files stolen from the email accounts of Trump advisers.
Among the hacking targets was adviser Susie Wiles, one of the most seniorofficials on the Trump campaign. Others in Trump’s camp were also compromised, including campaign advisers, the people familiar with the investigation said.
At Justice Department headquarters on Friday, Attorney General Merrick Garland called out Iran, Russia, and China for their efforts to interfere with U.S. politics and elections through hacking, disinformation, and surreptitious influence campaigns.
“These authoritarian regimes, which violate the human rights of their own citizens, do not get a say in our country’s democratic process,” Garland said. “The American people, and the American people alone, will decide the outcome” of this year’s elections.
The charges unsealed Friday do not necessarily mean any suspects will be brought to the United States to face trial. When foreign nations conduct cyberattacks on U.S. figures, the perpetrators often live in countries that will not extradite them to the United States.
However, in the last decade, U.S. officials have launched “name and shame” campaigns against hackers in Russia, China, Iran, and North Korea in the hopes of deterring such conduct.
The FBI and U.S. intelligence agencies concluded last month that Iran was responsible for recent attempted hacks into both the Trump and the Biden-Harris presidential campaigns. People familiar with the investigation had previously said they did not see evidence that the efforts to penetrate the email accounts of Biden advisers were successful, though they continue to gather evidence.
The persona offered files from to reporters at The Washington Post and Politico and has since offered material to others.
The evidence reviewed by investigators includes at least some of “Robert’s” emails with reporters, the people familiar with the investigation said. It wasn’t immediately clear how authorities were able to obtain those messages. Spokespeople for the two publications said they did not cooperate with the government investigation.
As part of the scheme, campaign staffers received phishing emails that were designed to appear legitimate but could give an intruder access to the recipients’ communications, The Post has previously reported, citing people familiar with the matter who spoke on the condition of anonymity to describe a sensitive investigation.
Matthew Olsen, the head of the Justice Department’s National Security Division, warned in a recent speech that foreign nations’ efforts to interfere in American elections “present a clear and present danger to our democracy.”
Olsen said Iran “is making a greater effort to influence this year’s election than it has in prior election cycles.”
“Iranian activity is growing increasingly aggressive as this election nears,” he said. “Iran perceives this year’s elections to be particularly consequential in impacting Iran’s national security interests, increasing Tehran’s inclination to try to shape the outcome.”
His comments echo warnings issued by the FBI earlier this summer that “the Iranians have through social engineering and other efforts sought access to individuals with direct access to the Presidential campaigns of both political parties.”
Such tactics are not new. U.S. intelligence officials have said that Iran’s efforts to stoke societal discord in the United States and undermine Trump’s bid to regain the White House are a repeat of the country’s efforts in 2020. Russia has also led similar cyberattacks.
“Iran and Russia have employed these tactics not only in the United States during this and prior federal election cycles but also in other countries around the world,” the FBI and U.S. intelligence agencies said in a joint statement this summer.
The FBI began its investigation into suspected Iranian hacking directed at the U.S. presidential campaigns in June, before President Joe Biden dropped out of the race and endorsed Vice President Kamala Harris as the Democratic nominee.
FBI agents worked with Google and Microsoft, two major providers of email services, to examinewhat appeared to be a phishing effort targeting people associated with the presidential campaigns, people familiar with the investigation previously told The Post.
FBI and private computer security experts have said Iran was behind spear-phishing emails sent in June to Roger Stone, a longtime informal adviser to Trump. The ruse was successful, and hackers were able to take control of Stone’s email account and send messages with spear-phishing links to others, people familiar with the investigation said. Stone has acknowledged being contacted by the FBI and notified that his emails were hacked.