US Confirms Iran Hacked Voter Registration Data in 1 State
November 2, 2020
Some of the data Iran used to unleash a deluge of emails
designed to intimidate U.S. voters just weeks before the
country’s presidential election came directly from one state’s
voter registration database.
U.S. officials confirmed the finding late Friday in an alert
issued by the Federal Bureau of Investigation (FBI) and the
Cybersecurity and Infrastructure Security Agency (CISA), which
has been coordinating U.S. election security efforts.
The alert said Iranian hackers targeting websites belonging to
various U.S. states, including state election websites,
“successfully obtained voter registration data in at least one
state” by exploiting what it described as website
That data was then used as part of an Iranian campaign last week
to intimidate voters in at least four states, including Arizona,
Alaska, Pennsylvania and Florida.
The “spoofed” emails were designed to make it look as though
they had come from the Proud Boys, a far-right group that has
rallied behind President Donald Trump.
The text of the emails warned voters, “You will vote for Trump
on Election Day or we will come after you.”
According to the latest alert, the hacked voter registration
information was also featured in a video disseminated by Iran
implying that some voters might be prone to casting fraudulent
Just 27 hours
Iran’s foreign ministry last week rejected the U.S. accusations
as “baseless,” and summoned the Swiss ambassador, who represents
U.S. interests in Iran because the two countries do not have
However, Cyberscoop, a publication that focuses on
cybersecurity, cited U.S. officials Friday as saying the Iranian
hackers targeted websites in 10 different states.
Despite Iran’s initial success in penetrating a key database, it
took U.S. intelligence officials just 27 hours to trace the
emails and the video back to Tehran, sharing the information
with U.S. states ahead of a public announcement featuring
Director of National Intelligence John Ratcliffe and FBI
Director Christopher Wray.
Ratcliffe described the Iranian operation as a “desperate”
attempt to sow chaos and confusion, adding that when it came to
the video, “any claims about such allegedly fraudulent ballots
are not true.”
U.S. security and intelligence officials Friday said they remain
confident that the upcoming election, set for November 3, will
be the most secure in modern history. Officials said that
despite the data breach, voting infrastructure in all 50 states
remains resilient, with up to 95% of states now having systems
in place to ensure there is a paper record of every vote cast.
Still, they expressed concern that the U.S. could see a surge in
attacks on election-related systems as the nation gets closer to
Tuesday’s vote, noting Tehran has been aggressively flexing new
"We wouldn't be surprised to see more website defacements," CISA
Director Christopher Krebs told reporters earlier Friday,
calling it, “a tried-and-true tactic of the Iranians."
He said Iran has also been known to use distributed denial of
service attacks (DDoS), which block access to websites by
overwhelming the server hosting the site with internet traffic.
'Iran's capabilities are growing'
Researchers, though, caution against overplaying Iran’s cyber
capabilities just based on the intimidation emails and the
“It was a combination of the kinds of tools that spammers use to
get out lots of messages, along with a pretty ham-fisted attempt
at trying to get some of the narrative around this traction on
social media,” John Scott-Railton, a senior researcher with The
Citizen Lab at the University of Toronto's Munk School, told VOA
after the initial salvo.
“What it felt like was a group that could do certain things well
but didn't necessarily have a great idea about how to do some of
the more nuanced, sort of culturally sensitive things that go
into doing a disinformation campaign,” he said.
But Scott-Railton also said that could change.
capabilities are growing and they're learning. And each tango
with this kind of thing results in an evolution and maybe an
improvement for the next time around,” he said.
In the meantime, U.S. officials are bracing for more, whether
from Iran or from Russia, which also has managed to access voter
registration databases, though intelligence and election
officials now describe what the Russians got as products based
on the data, and not the data itself.
Other U.S. adversaries might also try to build on what they
perceive as a sense of vulnerability.
“I would expect claims from any number of actors that maybe
they’ve been able to manipulate [data or websites],” Krebs said,
though he warned in many cases the claims will far exceed their