Foreign phishing

NICK EICHER, HOST: It’s Tuesday the 20th of August.

Glad to have you along for today’s edition of The World and Everything in It. Good morning, I’m Nick Eicher.

MYRNA BROWN, HOST: And I’m Myrna Brown.

Up first, Iran’s hacking scheme.

Last week, Google released a report saying it has been disrupting Iranian hacking attempts against presidential campaigns. That’s after Microsoft released a separate threat analysis saying Iran is creating fake news sites and using phishing techniques to target the campaigns.

NICK EICHER, HOST: This isn’t the first time bad actors overseas have tried to influence U.S. elections by stealing sensitive information. But just how dangerous is this?

WORLD Radio’s Mary Muncy has the story.

DONALD TRUMP: It looks like it's Iran, because Iran is no friend of mine.

MARY MUNCY: Two weeks ago, former President Donald Trump’s campaign said he had been hacked by an Iranian group. He said the hackers sent internal campaign documents to several news sites, including Politico—which said they received the information but didn’t publish it. Now the FBI is looking into it.

TRUMP: The reason is because I was strong on Iran, and I was protecting people in the Middle East that maybe they don't they aren't so happy about that.

And this isn’t the first time hackers have targeted presidential candidates.

CBS NEWS: Microsoft says it has found evidence foreign entities are working to meddle in the 2020 election.

Google and Microsoft say Iran, China, and Russia have been trying to influence American elections since at least 2016.

JANATAN SAYEH: This has been a growing pattern with Tehran's foreign policy strategy.

Janatan Sayeh is a research analyst on Iranian influence operations at the Foundation for Defense of Democracies. He says Iran is always operating influence campaigns within the U.S., but they tend to ramp up before elections.

SAYEH: Iran really sees it as its own interest to prevent the Trump reelection.

Sayeh says Iran suffered under the Trump administration’s sanctions, so they seem to be targeting his campaign more than the other side. That said, they will also do things like feed propaganda to the opposing side of an issue… any issue.

SAYEH: The main purpose there is chaos, and they do that by capitalizing on civic unrest.

According to a National Intelligence Council report declassified in 2021, bad actors did not attempt any major hacks of election infrastructure in 2020.

Instead, the report says Iran used influence campaigns to sow discord among the American public and undercut Trump.

With that in mind, Sayeh says supposedly leaked information coming from any unverified source should be carefully examined.

SAYEH: Iranians are not known to be reliable actors when it comes to sharing leaked information about different actors.

In the most recent reports, Microsoft and Google identified phishing as one of the main ways Iran and other bad actors are targeting campaigns. That’s phishing with a P-H.

GARRETT YODER: Phishing attacks are essentially putting out a link or a piece of information or something else as a bait, so to speak, and trying to get your target to interact with it.

Companies ask Garret Yoder to try to find the weaknesses in their cyber infrastructure and then help them fix them.

YODER: General phishing goes to everyone. Spear Phishing is a much more specific approach, where, particularly in the context of intelligence gathering, they say, ‘Okay, we know that these three people talk to this campaign a lot. We know that they have a trusted flow of communication. Anywhere there's trust, let's try to exploit that.’

Yoder says that creates a chain. A hacker may go after a friend of someone at a think tank, then from there get to someone lower in the campaign structure, and finally to the campaign manager.

YODER: ‘Now we can take the next steps and see what else we can attack’ but it all has to start from that initial a person clicked a link, someone opened the door to something that they didn't realize what they were letting in.

While software can be flawed, Yoder says people are almost always the weakest link in any organization’s security.

YODER: It's not a question of is it possible for someone to hack your system? It's a question of, how hard is it?

And then how quickly can you get the hackers out of your system?

But once you get them out, Yoder says there isn’t much more to do.

The reason many cyber security reports use the words “disrupted” an attack, instead of “stopped” an attack is because trying to find the hacker and hold them accountable is often nearly impossible.

YODER: Hackers are very good at covering their tracks.

And actually prosecuting someone is another can of worms. If the hacker is an Iranian or Chinese actor working on behalf of the government, the odds of extradition and prosecution are low, unless that person wanders into a country friendly to the U.S.

YODER: Prosecuting really only comes into play when it comes to crime syndicates and criminal actors, and even then, they pretty much have to be operating out of a friendly country, otherwise, there's really not much you can do.

For now, Yoder says Americans will need to be on the lookout for misinformation.

YODER: A lot of these propaganda sites, and the sources of them are pretty new. So regardless of what you think about the mainstream media, they are less likely to be sharing straight-up propaganda than some blogger site. Blogger sites are kind of infamous for that.

Sayeh and Yoder both say that the odds of a technical hack that could actually change the course of an election are very low, but bad actors are certainly using social media and fake news sites to sow discord among the American public.

YODER: People are the biggest vulnerability, both in cybersecurity and in politics. If you can influence the people and get them to make a decision or be as upset and angry and violent about whatever decision gets made as possible, that plays right into the enemy's hands.

Reporting for WORLD, I’m Mary Muncy.

Editor’s note: A previous version of this podcast segment reported that the FBI had not yet confirmed Iran’s attempted hack of presidential campaigns.

WORLD Radio transcripts are created on a rush deadline. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of WORLD Radio programming is the audio record.