close
close

Accused Iranian hackers successfully distribute stolen Trump emails

Posted on by Larry
Accused Iranian hackers successfully distribute stolen Trump emails

Christopher Bing, Raphael Satter, Gram Slattery
| Reuters

play

WASHINGTON, Oct 25 (Reuters) – The accused Iranian hacking group that intercepted Republican U.S. presidential candidate Donald Trump’s campaign emails has finally achieved some success in publishing their stolen material after initially failing to mainstream media.

In recent weeks, the hackers began distributing emails from Trump more widely to a Democratic political operative, who posted a trove of material on the website of his political action committee, American Muckrakers, and to independent journalists, some of whom at least one posted this on the writing platform Substack. The latest material shows Trump’s campaign communications with outside advisers and other allies, discussing a range of topics ahead of the 2024 election.

The hackers’ activities, tracked by Reuters, provide a rare glimpse into the activities of an election meddler. They also show that Iran remains determined to interfere in the elections, despite a US Justice Department indictment in September accusatory the leaks of working for Tehran and the use of a fake persona.

The indictment alleged that an Iranian government-affiliated hacking group known as Coin Sandstorm or APT42compromised several Trump campaign officials between May and June by stealing their passwords. In a Homeland Security advisory published earlier this month, the agency warned that hackers continue to target campaign staff. If found guilty, they face jail time and fines.

The Justice Department indictment said the leakers involved three Iranian hackers working with Iran’s Basij paramilitary force, whose volunteer members help the regime enforce its strict rules and exert influence. Attempts to reach the hackers named in the indictment via email and text message were unsuccessful.

In conversations with Reuters, the speakers – who collectively use the fake persona ‘Robert’ – did not directly address the US accusations, with one saying: “Do you really expect me to answer?!”

“Robert” is the same fake person referred to in the U.S. indictment, according to FBI emails sent to journalists and reviewed by Reuters.

Iran’s mission to the United Nations said in a statement that reports of the country’s involvement in hacking the US elections were “fundamentally unfounded and completely inadmissible”, adding that it “categorically rejects such allegations”. The FBI, which is investigating Iran’s hacking activities against both presidential campaigns during this election, declined to comment.

David Wheeler, the founder of American Muckrakers, said the documents he shared were authentic and in the public interest. Wheeler said his goal was to “demonstrate how desperate the Trump campaign is to try to win” and to provide the public with factual information. He declined to discuss the origins of the material.

Without making specific references, the Trump campaign said earlier this month that the Iranian hacking operation was “intended to disrupt the 2024 election and sow chaos in our democratic process,” adding that any journalists reprinting the stolen documents ” following the orders of America’s enemies. .”

In 2016, Trump took a different position when he encouraged Russia to hack Hillary Clinton’s emails and release them to the press.

Leakage operation

The leak operation began around July when an anonymous email account, [email protected]began communicating with reporters from several media outlets, using the name Robert, according to two people familiar with the matter. They initially contacted Politico, the Washington Post and the New York Times promising damning inside information about the Trump campaign.

In early September, the accused Iranian hackers used a second email address, [email protected]in a new round of overtures, including to Reuters and at least two other news outlets, the two people familiar with the matter said.

At the time, they offered research compiled from public information from the Trump campaign on Republican politicians JD Vance, Marco Rubio and Doug Burgum, all of whom were being considered as Trump’s running mate.

The vice presidential reports were authentic, a person familiar with the Trump campaign told Reuters. Neither Politico, the Washington Post, the New York Times nor Reuters published stories based on the reports.

New York Times spokesperson Danielle Rhoades Ha said the newspaper only published articles based on hacked materials “if we find newsworthy information in the materials and can verify it.”

In an email, the Washington Post referred to previous comments from editor-in-chief Matt Murray, who said the episode reflected the fact that news organizations “will not address any hack” provided to them. A spokesperson for Politico said the provenance of the documents was more newsworthy than the leaked material. Reuters did not publish this material because the news agency did not believe it was newsworthy, a spokesperson said.

Both AOL email accounts identified by Reuters were taken offline in September by owner Yahoo, which worked with the FBI before the indictment to trace them to the Iranian hacker group, according to two people familiar with the investigation. Yahoo did not respond to a request for comment.

Before losing email access, Robert suggested that reporters might need an alternative contact and offered a phone number on the encrypted chat application Signal. Signal, which is harder for law enforcement to monitor, did not return messages seeking comment.

Some senior U.S. intelligence and law enforcement officials have said Iran’s efforts this election cycle are aimed at denigrating Trump as they hold him responsible for the 2020 U.S. drone killing of former Iranian military general Qassem Soleimani.

So far, the leaks already published do not appear to have changed the public dynamics of the Trump campaign.

Muckrakers

On September 26, the North Carolina-based American Muckrakers began publishing internal Trump campaign emails. The PAC has been active since 2021 and has a history of publishing unflattering material about high-profile Republicans. According to public disclosure reportsit is funded by individual small-dollar donors from across the country.

On its website, US-based Muckrakers said the leaks came from “a source”, but prior to publication last month the group publicly asked Robert to make contact. “HACKER ROBERT, WHY DO YOU KEEP SENDING TRUMP INFORMATION TO CORPORATE MEDIA?” the group said in a message to X. “Send it to us and we will get it out.”

When asked if his source was alleged Iranian personality Robert, Wheeler said “that is confidential” and that he had “no confirmation of the source’s location.” He also declined to comment on whether the FBI had warned him that the communications were the product of a foreign influence operation.

In one example, Muckrakers published material on October 4 that purported to show an unspecified financial arrangement with lawyers representing former presidential candidate Robert F. Kennedy Jr. and represented Trump. RFK Jr. attorney Scott Street said in an email to Reuters that he could not speak publicly about the incident. Reuters confirmed the authenticity of the material.

Muckerkers subsequently published documents from Robert on two high-profile races. It contained purported campaign communications about Republican gubernatorial candidate Mark Robinson of North Carolina and Republican Rep. Anna Paulina Luna of Florida, both of whom were endorsed by Trump.

The exchange about Robinson involved an attempt by Republican consultant W. Kirk Bell to seek advice from the Trump camp following the scandal over comments attributed to Robinson in a pornographic forum. Robinson has previously denied the comments. The other message came from a Republican consultant who shared information with the campaign about Luna’s personal life.

Robinson and Luna’s campaigns did not return messages seeking comment.

One of the few journalists Robert contacted who did publish material was independent national security reporter Ken Klippenstein, who posted the vice presidential investigation documents on Substack late last month. Robert confirmed to Reuters that they had given the material to Klippenstein.

Substack did not respond to a question about its policy on hacked material.

After the story, Klippenstein said FBI agents contacted him about his communications with Robert, warning that they were part of a “foreign malign influence operation.” In a post, Klippenstein said the material was newsworthy and that he chose to publish it because he believed the news media should not be a “gatekeeper of what the public should know.”

A spokesperson for Reuters, which received similar reports from the FBI, said: “We cannot comment on our interactions, if any, with law enforcement.” An FBI spokesperson declined to comment on the media reports.

Wheeler said he had new leaks in store “soon” and that he would continue to publish similar documents as long as they were “authentic and relevant.”

(Reporting by Christopher Bing, Raphael Satter and Gram Slattery; Editing by Chris Sanders and Anna Driver)