This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.nytimes.com/2019/10/04/technology/iranian-campaign-hackers-microsoft.html
The article has changed 8 times. There is an RSS feed of changes available.
| Version 4 | Version 5 |
|---|---|
| Iranian Hackers Targeted Trump’s Re-election Campaign | Iranian Hackers Targeted Trump’s Re-election Campaign |
| (32 minutes later) | |
| SAN FRANCISCO — Iranian hackers targeted President Trump’s re-election campaign, two people with knowledge of the attacks said on Friday, in a sign of how cyberattacks could become a fixture of the 2020 presidential election. | SAN FRANCISCO — Iranian hackers targeted President Trump’s re-election campaign, two people with knowledge of the attacks said on Friday, in a sign of how cyberattacks could become a fixture of the 2020 presidential election. |
| Microsoft said in a report earlier Friday that hackers, with apparent backing from Iran’s government, had made more than 2,700 attempts to identify the email accounts of current and former United States government officials, journalists covering political campaigns and accounts associated with a presidential campaign. | Microsoft said in a report earlier Friday that hackers, with apparent backing from Iran’s government, had made more than 2,700 attempts to identify the email accounts of current and former United States government officials, journalists covering political campaigns and accounts associated with a presidential campaign. |
| It was not clear what information — if any — had been taken in the attack on the Trump campaign, according to the two people, who were not allowed to publicly discuss the investigation. While the Microsoft report did not name Iran’s targets, it found evidence that hackers had infiltrated email inboxes in at least four cases. But the four successful hacks tracked by Microsoft did not belong to a presidential campaign. | It was not clear what information — if any — had been taken in the attack on the Trump campaign, according to the two people, who were not allowed to publicly discuss the investigation. While the Microsoft report did not name Iran’s targets, it found evidence that hackers had infiltrated email inboxes in at least four cases. But the four successful hacks tracked by Microsoft did not belong to a presidential campaign. |
| Tim Murtaugh, the Trump campaign’s communications director, said in a statement that “we have no indication that any of our campaign infrastructure was targeted.” | Tim Murtaugh, the Trump campaign’s communications director, said in a statement that “we have no indication that any of our campaign infrastructure was targeted.” |
| The attack is the latest indication that cyberattacks and disinformation are likely to play a major role in the 2020 presidential campaign, as they did three years ago. In 2016, Russian hackers infiltrated the computer networks of Democrats and Republicans, then selectively disseminated Democrats’ emails, including those of John D. Podesta, Hillary Clinton’s campaign chairman, in an effort to harm Mrs. Clinton’s campaign. | The attack is the latest indication that cyberattacks and disinformation are likely to play a major role in the 2020 presidential campaign, as they did three years ago. In 2016, Russian hackers infiltrated the computer networks of Democrats and Republicans, then selectively disseminated Democrats’ emails, including those of John D. Podesta, Hillary Clinton’s campaign chairman, in an effort to harm Mrs. Clinton’s campaign. |
| In addition to Iran, hackers from North Korea and Russia have already started targeting organizations that work closely with 2020 presidential candidates, executives at Microsoft said. | |
| No representatives for other presidential candidates said on Friday that their campaigns had been targeted. | No representatives for other presidential candidates said on Friday that their campaigns had been targeted. |
| The news that Iranian hackers targeted Mr. Trump came as his administration continues to weigh a cyberstrike against Iran to punish Tehran for what White House officials charge was an Iranian attack on Saudi oil facilities last month. | The news that Iranian hackers targeted Mr. Trump came as his administration continues to weigh a cyberstrike against Iran to punish Tehran for what White House officials charge was an Iranian attack on Saudi oil facilities last month. |
| The targeting of Mr. Trump is part of a much broader Iranian campaign, according to the Microsoft report, which found that hackers had tried to attack 241 accounts, using fairly unsophisticated means. The hackers appeared to have used information available about their victims online to discover their passwords. It was unclear what information they stole. | The targeting of Mr. Trump is part of a much broader Iranian campaign, according to the Microsoft report, which found that hackers had tried to attack 241 accounts, using fairly unsophisticated means. The hackers appeared to have used information available about their victims online to discover their passwords. It was unclear what information they stole. |
| For weeks, officials from the F.B.I., the Department of Homeland Security and the National Security Agency have said they are particularly concerned about Iranian-backed attacks. Their worries stemmed from rising tensions over new sanctions on Iran and nascent Iranian activity in the 2018 midterm elections. | For weeks, officials from the F.B.I., the Department of Homeland Security and the National Security Agency have said they are particularly concerned about Iranian-backed attacks. Their worries stemmed from rising tensions over new sanctions on Iran and nascent Iranian activity in the 2018 midterm elections. |
| While the officials said they believed that all the American presidential candidates were likely targets, Mr. Trump’s campaign has long been considered a prime target. | While the officials said they believed that all the American presidential candidates were likely targets, Mr. Trump’s campaign has long been considered a prime target. |
| It was Mr. Trump who abandoned the 2015 nuclear deal with Iran last year, and who has ramped up sanctions to the point that Iran’s oil revenues have dropped sharply. The United States has also designated the Islamic Revolutionary Guard Corps a terrorist group. The guard corps oversees the nuclear program and, by some accounts, Iran’s best hacking group, its Cyber Corps. | It was Mr. Trump who abandoned the 2015 nuclear deal with Iran last year, and who has ramped up sanctions to the point that Iran’s oil revenues have dropped sharply. The United States has also designated the Islamic Revolutionary Guard Corps a terrorist group. The guard corps oversees the nuclear program and, by some accounts, Iran’s best hacking group, its Cyber Corps. |
| But it is not clear whether the group that Microsoft identified reports to the Cyber Corps or is made up, deliberately, of freelancers and others whose affiliations are harder to trace. | But it is not clear whether the group that Microsoft identified reports to the Cyber Corps or is made up, deliberately, of freelancers and others whose affiliations are harder to trace. |
| When Iranian officials are asked about cyberattacks, they admit nothing but note that attacks have been two-way. Three times in the past decade, the United States has directed cyberweapons against Iranian targets. The most famous attack, code-named Olympic Games, wiped out about 1,000 centrifuges at the Natanz nuclear enrichment site. | When Iranian officials are asked about cyberattacks, they admit nothing but note that attacks have been two-way. Three times in the past decade, the United States has directed cyberweapons against Iranian targets. The most famous attack, code-named Olympic Games, wiped out about 1,000 centrifuges at the Natanz nuclear enrichment site. |
| Since then, there has been a long-running cybercampaign to disable Iranian missiles and, early this summer, an attack on a database that the Iranian military runs to track ships in the Persian Gulf, disabling Iranian abilities to follow and seize them. | Since then, there has been a long-running cybercampaign to disable Iranian missiles and, early this summer, an attack on a database that the Iranian military runs to track ships in the Persian Gulf, disabling Iranian abilities to follow and seize them. |
| In recent weeks, United States Cyber Command was asked to develop options for retaliating against the missile and drone attacks on Saudi Arabia’s oil fields. Officials reported that a cyberstrike against Iran, which the United States and Saudi Arabia blamed for the attacks, was emerging as the most attractive option, in an effort to avoid the kind of escalation that might result from a more conventional strike. | In recent weeks, United States Cyber Command was asked to develop options for retaliating against the missile and drone attacks on Saudi Arabia’s oil fields. Officials reported that a cyberstrike against Iran, which the United States and Saudi Arabia blamed for the attacks, was emerging as the most attractive option, in an effort to avoid the kind of escalation that might result from a more conventional strike. |
| So far, there is no evidence of such action, but it might take a while to gain access to Iranian computer networks, and the results might be subtle. Microsoft said little about the timing of the targeting of the campaigns and journalists, but there have been similar waves of such attacks over the past several years. | So far, there is no evidence of such action, but it might take a while to gain access to Iranian computer networks, and the results might be subtle. Microsoft said little about the timing of the targeting of the campaigns and journalists, but there have been similar waves of such attacks over the past several years. |
| Cybersecurity experts that specialize in disinformation say they have witnessed several coordinated disinformation campaigns aimed at influencing the 2020 campaign. | Cybersecurity experts that specialize in disinformation say they have witnessed several coordinated disinformation campaigns aimed at influencing the 2020 campaign. |
| The bulk of that disinformation has originated domestically, said Cindy Otis, the director of analysis at Nisos, a cybersecurity firm in Alexandria, Va. She said other nation-states were closely watching these domestic operations but appeared to be holding back. | The bulk of that disinformation has originated domestically, said Cindy Otis, the director of analysis at Nisos, a cybersecurity firm in Alexandria, Va. She said other nation-states were closely watching these domestic operations but appeared to be holding back. |
| “We’ve seen a lot of disinformation on the domestic front, but nation-states are likely to amplify those narratives, as we saw Russia do in 2016,” Ms. Otis said. “But with so many candidates still in the running, nation-states seem to be waiting before they put all their efforts into one basket.” | “We’ve seen a lot of disinformation on the domestic front, but nation-states are likely to amplify those narratives, as we saw Russia do in 2016,” Ms. Otis said. “But with so many candidates still in the running, nation-states seem to be waiting before they put all their efforts into one basket.” |
| Security executives at the Democratic National Committee warned staff members in an email this week that Iranian hackers might be targeting their email accounts with so-called spearphishing attacks, in which hackers try to lure their target into clicking on a malicious link or attachment. That link or attachment can give attackers a foothold into a computer network. | Security executives at the Democratic National Committee warned staff members in an email this week that Iranian hackers might be targeting their email accounts with so-called spearphishing attacks, in which hackers try to lure their target into clicking on a malicious link or attachment. That link or attachment can give attackers a foothold into a computer network. |
| The hackers were also believed to be interfering with an additional security feature known as two-factor authentication — a common security method that asks for credentials beyond a password — and were creating fake LinkedIn personas to make their email lures more believable. | The hackers were also believed to be interfering with an additional security feature known as two-factor authentication — a common security method that asks for credentials beyond a password — and were creating fake LinkedIn personas to make their email lures more believable. |
| After Russia’s interference in the 2016 presidential campaign, Democrats have repeatedly warned their Republican counterparts that election interference cuts both ways, and that state-sponsored hackers may not always seek to help the Republican candidate. | After Russia’s interference in the 2016 presidential campaign, Democrats have repeatedly warned their Republican counterparts that election interference cuts both ways, and that state-sponsored hackers may not always seek to help the Republican candidate. |
| But to date, Senator Mitch McConnell of Kentucky, the majority leader, has refused to bring any election security bills to the floor. And Mr. Trump has yet to acknowledge Russian interference in the 2016 election, even as cybersecurity experts collect evidence that Russian hacking of organizations close to the 2020 campaigns is again underway. | But to date, Senator Mitch McConnell of Kentucky, the majority leader, has refused to bring any election security bills to the floor. And Mr. Trump has yet to acknowledge Russian interference in the 2016 election, even as cybersecurity experts collect evidence that Russian hacking of organizations close to the 2020 campaigns is again underway. |
| James A. Lewis, a former government official and cybersecurity expert at the Center for Strategic and International Studies in Washington, said in a recent interview that cyberinterference, even from Russia, may not necessarily benefit Mr. Trump in 2020. | James A. Lewis, a former government official and cybersecurity expert at the Center for Strategic and International Studies in Washington, said in a recent interview that cyberinterference, even from Russia, may not necessarily benefit Mr. Trump in 2020. |
| “The Russians have come to the conclusion that, so long as President Trump is in office, U.S.-Russian relations will remain at a standstill,” Mr. Lewis said. | “The Russians have come to the conclusion that, so long as President Trump is in office, U.S.-Russian relations will remain at a standstill,” Mr. Lewis said. |
| Some cybersecurity firms said they were also witnessing what appeared to be the beginning stages of several different nation-state cyberattacks on American political campaigns. | Some cybersecurity firms said they were also witnessing what appeared to be the beginning stages of several different nation-state cyberattacks on American political campaigns. |
| Area 1, a Silicon Valley security company that is helping presidential and Senate candidates block phishing attacks, is witnessing cyberattacks against candidates across the political spectrum, said Oren Falkowitz, its chief executive. | Area 1, a Silicon Valley security company that is helping presidential and Senate candidates block phishing attacks, is witnessing cyberattacks against candidates across the political spectrum, said Oren Falkowitz, its chief executive. |
| “We’ve already seen attacks on several campaigns and believe the volume and intensity of these attacks will only increase as the election cycle advances toward Election Day,” Mr. Falkowitz said in an interview. | “We’ve already seen attacks on several campaigns and believe the volume and intensity of these attacks will only increase as the election cycle advances toward Election Day,” Mr. Falkowitz said in an interview. |
| In July, Tom Burt, Microsoft’s corporate vice president, told an audience at the Aspen Security Conference that Microsoft had evidence that Russia, Iran and North Korea had been the most active nations conducting cyberattacks. | In July, Tom Burt, Microsoft’s corporate vice president, told an audience at the Aspen Security Conference that Microsoft had evidence that Russia, Iran and North Korea had been the most active nations conducting cyberattacks. |
| Mr. Burt said Russian, Iranian and North Korean hackers had been targeting nongovernmental organizations and think tanks that work closely with political campaigns in the United States. He added that in the race to infiltrate the inboxes of American political operatives and campaigns, Chinese hackers had been notably quiet. | Mr. Burt said Russian, Iranian and North Korean hackers had been targeting nongovernmental organizations and think tanks that work closely with political campaigns in the United States. He added that in the race to infiltrate the inboxes of American political operatives and campaigns, Chinese hackers had been notably quiet. |