US cyberwarriors thwarted 2020 Iran election hacking attempt

Apr 25, 2023, 1:16 PM

FILE - In this image provided by U.S. Cyber Command, Army Major Gen. William Hartman, commander of ...

FILE - In this image provided by U.S. Cyber Command, Army Major Gen. William Hartman, commander of U.S. Cyber Command's Cyber National Mission Force, speaks during a ceremony at U.S. Cyber Command headquarters at Fort George E. Meade, Md., on Dec. 19, 2022. Before the 2020 presidential election, Iranian hackers broke into to a system used by an unidentified local government to support its election night operations but were kicked out before any attack could be launched, according to U.S. military and cybersecurity officials. (U.S. Navy Chief Petty Officer Jon Dasbach/U.S. Cyber Command via AP)
Credit: ASSOCIATED PRESS

(U.S. Navy Chief Petty Officer Jon Dasbach/U.S. Cyber Command via AP)

Iranian hackers broke into to a system used by a U.S. municipal government to publish election results in 2020 but were discovered by cyber soldiers operating abroad and kicked out before an attack could be launched, according to U.S. military and cybersecurity officials.

The system involved in the previously undisclosed breach was not for casting or counting ballots, but rather was used to report unofficial election results on a public website. The breach was revealed during a presentation this week at the RSA Conference in San Francisco, which is focused on cybersecurity. Officials did not identify the local government that was targeted.

“This was not a system used in the conduct of the election, but we are of course also concerned with systems that could weigh on the perception of a potential compromise,” said Eric Goldstein, who leads the cybersecurity division at the U.S. Cybersecurity and Infrastructure Security Agency.

If not expelled from the site, the hackers could have altered or otherwise disrupted the public-facing results page — though without affecting ballot-counting.

“Our concern is always that some type of website defacement, some type of (denial of service) attack, something that took the website down or defaced the website say on the night of the election, could make it look like the vote had been tampered with when that’s absolutely not true,” Major Gen. William J. Hartman, commander of U.S. Cyber Command’s Cyber National Mission Force, told conference attendees Monday.

Hartman said his team identified the intrusion as part of what he termed a “hunt-forward” mission, which gathers intelligence on and surveils adversaries and criminals. The team quickly alerted officials at the U.S. cybersecurity agency, who then worked with the municipality to respond to the intrusion.

Hartman said his team then acted “to ensure the malicious cyber actor no longer had access to the network and was unable to come back into the network in direct support of the elections.”

No details were released on how or from what country the Iranian intrusion was detected.

Its successful thwarting highlights the stealthy, largely classified, efforts of U.S. military cyberwarriors to prevent a repeat of 2016, when a Russian hack-and-leak operation targeting Hillary Clinton’s campaign favored former President Donald Trump’s election.

Asked in a recent interview about his accomplishments since he was promoted to U.S. Cybercom and National Security Agency chief in 2018, Gen. Paul Nakasone pointed to election security.

“We said if you are going to come and try to influence or interfere in our elections, we’re going to take you on, and we did,” he said.

Election and national security officials have been increasingly focused on cybersecurity threats since the 2016 election. Locally, they have been trying to heighten protections for voting machines, vote tabulators, voter registration databases and electronic pollbooks, which are used to check in voters at polling locations.

Some of the non-voting systems present security challenges because they have internet connections. As the use of electronic systems has grown, they have proved an attractive target for those seeking to meddle in elections.

In 2016, Russian hackers scanned state voter registration systems looking for vulnerabilities and accessed the Iranian hackers obtained confidential voter data and used it to send misleading emails, seeking to spread misinformation and influence the election.

Beginning in 2018, the National Defense Authorization Act let the U.S. “take down infrastructure” and “take on adversaries” outside the country, Nakasone said. So by 2020, when Russian and Iranian actors attempted to interfere with the U.S. election, U.S. cyber operators were able to thwart them, he added.

Under Nakasone, Cybercom has sent small teams to 22 countries to help hunt on their networks — “to identify malware, tradecraft, techniques that adversaries are using and then broadly publicize that,” he said. That includes Ukraine, where he said a team arrived on Dec. 3, 2021, more than two months ahead of the Russian invasion.

In a March statement ahead of a congressional hearing, Nakasone said Cybercom had deployed its teams 40 times to work on 59 networks, generating insights and “imposing costs on common adversaries.” He said the missions “exposed malicious cyber activity by China, Russia, Iran and cyber criminals,” helped make other nation’s networks more secure and “led to the public release of more than 90 malware samples for analysis by the cybersecurity community.”

___

Cassidy reported from Atlanta. Bajak reported from Boston.

United States News

Associated Press

Born in a typhoon: Many, including newborns, remain without electricity as Guam recovers from storm

HONOLULU (AP) — About a week after Typhoon Mawar tore through Guam as the strongest typhoon to hit the U.S. Pacific territory in over two decades, most of the island remained without electricity and the governor appealed for patience during a recovery process expected to take at least a month. Even though Mawar caused no […]

16 hours ago

FILE - JPMorgan Chase & Company Chairman and CEO Jamie Dimon testifies at a Senate Banking Committe...

Associated Press

JPMorgan CEO Jamie Dimon says he never heard of Jeffrey Epstein until after his 2019 arrest

NEW YORK (AP) — JPMorgan CEO Jamie Dimon has testified that he never heard of Jeffrey Epstein and his crimes against teenage girls and young women until the financier was arrested in 2019, according to a transcript of the videotaped deposition released Wednesday. Dimon said he first heard about it “when the story blew wide […]

16 hours ago

FILE - Solomon Peña, center, a Republican candidate for New Mexico House District 14, is taken int...

Associated Press

Federal grand jury charges ex-GOP candidate with shootings on lawmakers’ homes

SANTA FE, N.M. (AP) — A failed political candidate has been indicted on federal charges including interference with the electoral process in connection with a series of drive-by shootings at the homes of state and local lawmakers in Albuquerque, according to a grand jury indictment that was unsealed Wednesday. The indictment filed in U.S. District […]

16 hours ago

Associated Press

Authorities identify 4 missing, 1 dead after Alaska charter boat found partially submerged

JUNEAU, Alaska (AP) — Authorities on Wednesday released the names of four people who remain missing after the charter fishing boat they were on was found partially submerged in southeast Alaska. The recovered body of a fifth person has also been identified. Alaska State Troopers identified those missing as Danielle Agcaoili, 53, of Waipahu, Hawaii; […]

16 hours ago

Associated Press

Court: No lawsuit immunity for Michigan official who had rifle during online meeting

DETROIT (AP) — A lawsuit can go forward against a Michigan official who flashed a rifle during a public meeting over video conference, a federal appeals court said Wednesday. Patricia MacIntosh is suing Ron Clous, alleging he tried to silence her right to free speech when he displayed the rifle during a 2021 meeting of […]

16 hours ago

In this still image captured by Las Vegas police officer Tierney Tomburo's body camera, 27-year-old...

Associated Press

Las Vegas police video shows moment officer was shot during traffic stop

LAS VEGAS (AP) — Las Vegas police lapel videos played Wednesday during a public review of evidence in a September 2022 shooting showed the moment an officer was shot and wounded during a pre-dawn traffic stop and the dramatic aftermath as her partner rushed to her side to apply a tourniquet. Officer Tierney Tomburo, 24 […]

16 hours ago

Sponsored Articles

...

DAY & NIGHT AIR CONDITIONING, HEATING AND PLUMBING

Here are the biggest tips to keep your AC bill low this summer

PHOENIX — In Arizona during the summer, having a working air conditioning unit is not just a pleasure, but a necessity. No one wants to walk from their sweltering car just to continue to be hot in their home. As the triple digits hit around the Valley and are here to stay, your AC bill […]

...

SANDERSON FORD

Thank you to Al McCoy for 51 years as voice of the Phoenix Suns

Sanderson Ford wants to share its thanks to Al McCoy for the impact he made in the Valley for more than a half-decade.

(Photo by Michael Matthey/picture alliance via Getty Images)...

Cox Communications

Valley Boys & Girls Club uses esports to help kids make healthy choices

KTAR’s Community Spotlight focuses on the Boys & Girls Club of the Valley and the work to incorporate esports into children's lives.

US cyberwarriors thwarted 2020 Iran election hacking attempt