Russian hackers targeting state and local governments have stolen data, US officials say
Posted October 22, 2020 7:24 p.m. EDT
Updated October 22, 2020 11:51 p.m. EDT
CNN — Russian state-sponsored hackers have targeted state and local governments and in at least two instances have successfully stolen data, US national security officials said Thursday, one day after the top US intelligence officials said Russia and Iran obtained voter registration information.
The warnings issued Thursday indicate the heightened security posture of the US government days ahead of the presidential election. Ratcliffe announced at a hastily arranged news conference on Wednesday that Iran and Russia were interfering in the election and both countries had obtained some voter registration information, though Ratcliffe did not specify what information they had and whether it was publicly available.
In addition, Iranian-based hackers appear intent on influencing and disrupting the election, US officials said. The Treasury Department responded on Thursday by issuing sanctions against five Iranian entities "for attempting to influence elections in the United States," including the Islamic Revolutionary Guard Corps.
Ratcliffe said Iran was responsible for spoofed emails that appeared to come from a far-right group and threatened Democratic voters, adding that they were intended to damage President Donald Trump -- an assertion that drew criticisms from Democrats, who accused the Trump administration of trying to conflate the interference threat posed by Russia and Iran.
CNN reported Wednesday that the government assessed that some of the data the Iranians obtained came from vendor and state systems, and was not just publicly available voter registration information, according to a source familiar with the matter. There is concern that Russia similarly accessed data but it is not clear what its intention is, the source said. Iran and Russia have denied interfering in the US election.
The federal warnings about the stolen data were published in two separate alerts Thursday written jointly by the FBI and the Cybersecurity and Infrastructure Security Agency and provided more detail on what Ratcliffe and FBI Director Christopher Wray had referred to on Wednesday.
Neither of the warnings issued by the Cybersecurity and Infrastructure Security Agency suggested that Russian or Iranian hackers have compromised US election systems. But past attacks should have the public on alert, officials said. Iranian attackers have previously impersonated legitimate media to spread anti-American propaganda meant to disrupt the election, the warnings said. Iranians have also allegedly used distributed denial-of-service attacks, database attacks and phishing campaigns to sow chaos.
Russian state-sponsored attackers, meanwhile, have attempted to penetrate "dozens" of state and local government and aviation networks, the warnings said.
"As of October 1, 2020, [Russian attackers] exfiltrated data from at least two victim servers," the alert said.
Ratcliffe said at his news conference that the intelligence community was alerting the public to the actions Iran and Russia had taken to interfere in the election.
"We have already seen Iran sending spoofed emails designed to intimidate voters, incite social unrest and damage President Trump," Ratcliffe said, adding that the US government had not seen the same actions from Russia but was "aware that they have obtained some voter information just as they did in 2016."
Democrats criticize Ratcliffe
Ratcliffe's statement that the emails, which purported to be from the far-right group the Proud Boys, were trying to damage Trump drew a rebuke from multiple Democrats, including House Speaker Nancy Pelosi of California, who was briefed on the matter on Thursday.
"I think we have to be very careful about any statements coming out about the election from the intelligence community at this time," she told reporters as she left the House Intelligence Committee spaces.
House Intelligence Chairman Adam Schiff, a California Democrat, said in an MSNBC interview Wednesday evening that the public ""cannot rely on what they hear from the director of national intelligence without proof on the table."
Democrats have accused Ratcliffe of selectively declassifying intelligence for political purposes to help Trump, most notably the recent release of unverified Russian intelligence about Hillary Clinton and Russia in 2016.
A spokesperson for the Office of the Director of National Intelligence on Thursday responded to the criticism of Ratcliffe, arguing that his comments were consistent with the intelligence community's previous assessments about Tehran's intentions when it comes to interference in the 2020 race.
"As NCSC Director Bill Evanina said on August 7th, the IC assesses 'that Iran seeks to undermine U.S. democratic institutions, President Trump, and to divide the country in advance of the 2020 elections.' What the DNI made clear last night is that Iran is executing activities to influence the U.S. election," ODNI spokesperson Amanda Schoch said in a statement to CNN, responding specifically to questions that have been raised about Ratcliffe's comments since the Wednesday night announcement.
Evanina, the intelligence community's top election security official, had said in August that Russia, Iran and China were all aiming to interfere in the 2020 election.
"The IC has not changed our assessment on Iran's intent," Schoch added.
Not all Democrats were critical of Ratcliffe. Sen. Mark Warner of Virginia, the top Democrat on the Senate Intelligence Committee, told reporters Thursday that he understood why Ratcliffe made the comments he did about the effort being intended to hurt Trump.
"I have consistently called upon the intelligence community to be forward leaning on informing the American public on foreign intervention, so on that basis the announcement last night was a good one," Warner said. "It is extraordinarily important the intelligence community speaks truth to power, and if you don't have that practice on a regular basis you get these kind of questions, but I understand why Director Ratcliffe made the comments he made."
Members of Congress from both parties issued letters and statements on Thursday seeking a briefing from Ratcliffe on the matter.
The emails the intelligence community attributed to Tehran were sent to registered voters from the email address "firstname.lastname@example.org" and warned recipients to "Vote for Trump or else!"
Thousands of emails were sent to people in the United States as part of the suspected Iranian campaign, Google said late Wednesday following the intelligence community announcement. Google said approximately 25,000 emails were sent to Gmail users -- 90% of those emails were stopped by Gmail's spam filters, meaning 2,500 American Gmail users may have received the messages.
A Google spokesperson said the company is cooperating with the FBI. Google is only one of the major providers of email services. Microsoft and Yahoo (owned by Verizon Media), which both run large email platforms, did not respond to CNN's request for comment.
Iran sanctioned but none on Russia
The Treasury Department's sanctions were issued to the Iranian Revolutionary Guard Corps, the Guard's Qods Force, the Bayan Rasaneh Gostar Institute, the Iranian Islamic Radio and Television Union, and International Union of Virtual Media.
"The Iranian regime's disinformation efforts have targeted a global audience through a variety of covert media organizations," Treasury said in a statement. "Disinformation campaigns run by the Iranian regime focus on sowing discord among readers via social media platforms and messaging applications, and frequently involve mischaracterizing information."
The agency said that "in the months leading up to the 2020 U.S. presidential election, Bayan Gostar personnel have planned to influence the election by exploiting social issues within the United States, including the COVID-19 pandemic, and denigrating U.S. political figures."
"As recently as summer 2020, Bayan Gostar was prepared to execute a series of influence operations directed at the U.S. populace ahead of the presidential election," it said.
The Treasury Department did not issue any new sanctions Thursday against Russia, which also had been cited by the intelligence community the day prior. The Treasury Department sanctioned Ukrainian lawmaker Andrii Derkach last month, accusing him of being an "active Russian agent" working to denigrate Joe Biden's campaign as part of Moscow's election interference efforts.
CORRECTION: This story and headline have been corrected to specify that Russian hackers targeted data from state and local governments, but unlike Wednesday's FBI announcement the officials did not say it was election data.