Cybersecurity

Iranian attacks expose vulnerability of campaign email accounts

A recent hacking attempt by Iran targeting a U.S. presidential campaign highlighted the vulnerability of email accounts heading into the 2020 elections.

Microsoft revealed last week that it had tracked an Iranian group named “Phosphorus” attempting to access the email accounts of an unnamed presidential campaign, along with accounts tied to journalists and former and current U.S. officials.

{mosads}While the group compromised only four accounts, it identified 2,700 accounts for targeting and attacked 241 of them. The accounts associated with the unnamed presidential campaign, which Reuters identified as the Trump campaign, were not successfully compromised. 

The Trump campaign told The Hill they had “no indication that any of our campaign infrastructure was targeted.”

Tom Kellermann, who served on a presidential cybersecurity commission during the Obama administration, said campaigns should ensure “modern cybersecurity technologies” are being used to insulate endpoints, and that “websites and mobile apps should be tested for vulnerabilities and hardened accordingly.”

But even if campaigns take those steps, Kellermann said, rising tensions between the U.S. and Iran could lead to attacks on other aspects of campaigns and elections.

“Iran has dramatically increased their capability sets, and the number of attacks against the U.S. over the last year,” said Kellerman, who’s now chief cybersecurity officer for the firm Carbon Black, adding that Iran’s cyber “capabilities have been dramatically improved thanks to transfers from Russia.” 

“Iranians come in third place of the axis of evil in cyber, they don’t have as many hackers as the Chinese and Russians do, but they have a handful of very elite crews who have benefited dramatically from Russian tech transfer,” Kellermann said. “They are contenders, and they are to be respected.” 

Iran has been counted among the major nations posing cyber threats to the U.S. for several years, alongside China, Russia and North Korea.

In the 2019 Worldwide Threat Assessment published earlier this year by now-former Director of National Intelligence Daniel Coats wrote that Iran “continues to present a cyber espionage and attack threat,” and that Iranian actors were specifically “targeting US Government officials, government organizations, and companies to gain intelligence and position themselves for future cyber operations.”

Sen. Mark Warner (Va.), the top Democrat on the Senate Intelligence Committee, told The Hill that Iran and other adversaries are using Russia’s “hacking and disinformation tactics.”

“Everyone — whether in the public sector, private industry, or on campaigns — will need to be on guard against future interference efforts,” Warner said in a statement.

U.S. political campaigns are seen as particularly vulnerable to cyberattacks due to attention and resources being focused elsewhere.

In addition to the high-profile hacking of Democratic National Committee emails in 2016, hackers unsuccessfully attempted to access the systems of former Sen. Claire McCaskill (D-Mo.) ahead of the 2018 midterms.

The attacks came amid heightened tensions between Washington and Tehran, after the U.S. blamed Iran for striking two Saudi Arabian oil facilities last month.

They also followed a U.S. Cyber Command cyberattack against Iran in June that disabled Tehran’s ability to target oil tankers, which occurred in response to Iran shooting down an American drone and attacks on American tankers.

Christopher Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), told The Hill on Monday that CISA is “aware of the report from Microsoft about Iranian actors targeting U.S. accounts and we are working with the company to assess and mitigate impacts.”

“We encourage all Americans to be vigilant and on guard against this and other cyber threats — scrutinize emails, reset passwords routinely, maintain up-to-date antivirus and operating system patches, and enable multi-factor authentication,” Krebs said.

Mark Orlando, the chief technology officer of Cyber Protection Solutions at Raytheon Intelligence, encouraged similar techniques to rebuff cyberattacks from Iranians and other sources, and emphasized the severity of cyber threats to email accounts headed into the 2020 election cycle.

“It’s a significant threat, and it’s a threat from lots of different groups, foreign and domestic, it’s relatively unsophisticated, so it doesn’t take a lot to be successful,” Orlando told The Hill on Monday.