With the 2024 US Election around the corner, foreign influence is back in the spotlight. A recent hack on the Trump campaign represents the growing threat.
As yet another US presidential election gets closer, there are growing concerns about foreign countries trying to interfere through the internet. This isn't new - in the 2016 presidential election, Russian operatives used internet “trolls” to influence potential voters on twitter. In 2020, Russia and Iran both ran influence campaigns to undermine public confidence in the election. With the 2024 election in sight, another presidential campaign has fallen victim to a sophisticated hack from an Iranian group.
On August 10, 2024, Donald Trump’s presidential campaign reported being hacked, leading to internal communications and documents being compromised. Before the announcement, Politico had received emails from someone posing to be part of Trump’s operation, identifying themselves as “Robert”, and providing internal communications from a higher-up official on the campaign, including a research dossier done on JD Vance. The email was likely sourced through a spear phishing email to the senior official in the campaign. The documents included in the communications were proven to be authentic, but have not been released or described in great detail. Politico was not the only news outlet that received compromised materials from the Trump campaign - The New York Times and The Washington Post were also contacted.
A spokesperson from the Trump campaign, Steven Cheung, credited Iran with the attack, citing a Microsoft report on the country’s attempts to influence the 2024 US Election. The report covers the efforts of many Iranian groups, including one secretly creating news websites to influence American voters on both sides of the political spectrum, and another connected with the Islamic Revolutionary Guard Corps (IRGC) that sent the spear phishing email.
In a recent blog, Google’s Threat Analysis Group (TAG) revealed more about that specific group, APT42. TAG explained that the group regularly targets prominent people in Israel and the U.S., including current and former government officials, political campaigns, diplomats, and people involved in think tanks, NGOs, and academic institutions that influence foreign policy discussions. Earlier this year, APT42 tried to gain access to about a dozen personal emails of individuals associated with both the Trump and Harris campaigns.
While the Trump campaign intrusion and leak is more well known, at least three staffers on the Biden-Harris campaign received phishing emails (though an intrusion was not successful). APT42 uses sophisticated methods to phish which is why TAG says it will “remain vigilant” around the U.S. election.
Especially after the 2020 election and the January 6 insurrection, election security has been a hot button topic. At the 2024 Black Hat conference, the director of the Cybersecurity and Infrastructure Security Agency (CISA) Jen Easterly discussed the issue, saying “I can say with confidence that election infrastructure has never been more secure” because “the election stakeholder community has never been stronger.”
Still, Easterly acknowledged that there would likely be some issues with election systems: "Things will go wrong - I can guarantee that," and "while these types of events are disruptive, they will not affect the security or the integrity of the votes passed or as they're counted as cast."
On August 15, 2024, the FBI and CISA also issued a Public Service Announcement assuring the public that “while ransomware attacks against state or local government networks or election infrastructure could cause localized delays, they will not compromise the security or accuracy of vote casting or counting processes.” Easterly described outside influence as a bigger concern than others: “Foreign adversaries will try to sow discord, and try to undermine American confidence in democracy. We … should not allow that.”
As the 2024 election approaches, the Trump campaign hack serves as a stark reminder of the persistent risks posed by foreign adversaries. While the election infrastructure is more secure than ever, as noted by CISA's Jen Easterly, the influence of groups like APT42 remains a pressing challenge. The focus must remain on preventing these disruptions from undermining confidence in the democratic process.