Two suspected Iranian computer hackers have been charged in a broad campaign of election interference aimed at intimidating American voters during last year’s presidential race and undermining confidence that the results of the contest could be trusted.
The activities, prosecutors say, exploited not only computer vulnerabilities but also existing social divisions to sow discord and confusion among voters. The Iranian cyber campaign included bogus emails that targeted Democratic and Republican voters with different messages, the distribution of a fabricated video that purported to show acts of election fraud and an unsuccessful effort the day after the election to gain access to an American media company’s network.
The overall effort attracted publicity in the run-up to the November 2020 election, when law enforcement and intelligence officials held an unusual evening news conference to accuse Iran of orchestrating an email campaign aimed at intimidating Democratic voters in battleground states so they would vote for Trump.
The indictment makes clear that even as much of the public concern about foreign interference in last year’s election centered on Russian efforts to disparage Trump’s challenger, Joe Biden, Iranian hackers were engaged in a wide-ranging influence campaign of their own.
U.S. intelligence officials said in a March assessment that Iran’s efforts were aimed at harming Trump’s reelection bid, and probably authorized by Supreme Leader Ali Khamenei, but that there was no evidence that Tehran or any other foreign actor had done anything to change the vote totals.
The indictment, filed in federal court in Manhattan and unsealed Thursday, accuses Iranian nationals Seyyed Mohammad Hosein Musa Kazemi and Sajjad Kashian of helping carry out the scheme. The Treasury Department also announced sanctions against the men, some of their colleagues and the company they worked for.
The defendants, described in the indictment as experienced hackers who worked as contractors for a cybersecurity firm, are not in custody and are believed to be in Iran still. But officials hope at minimum that the indictment and accompanying sanctions will restrict their ability to travel. Each faces a broad array of charges, including voter intimidation, transmission of interstate threats and computer crimes.
Asked Thursday whether the defendants’ activities were endorsed by the Iranian government, a Justice Department official who briefed reporters on a conference call noted that the indictment alleges that the company the men worked for — formerly known as Eeleyanet Gostar — provided services to the government. But the indictment does not directly implicate the government because the Justice Department can rely only on unclassified, admissible evidence that it can bring to court, the official said.
Court documents allege vast efforts to spread disinformation about the presidential contest and to intimidate and pressure voters. Some of the activities persisted even after the election.
As part of the cyber campaign, officials say, the hackers attempted in the weeks before the election to compromise voter websites in 11 states, and successfully downloaded voter information related to more than 100,000 people in one state.
While the defendants did not use that information to attempt to change vote totals, officials say, they created the appearance that the election results could not be trusted by leaving the false impression that it was possible to submit fraudulent ballots.
They also sent Americans what officials describe as carefully curated messages, specifically tailored to appeal to — and divide — members of both major political parties.
That included messages that purported to be from a far-right group, the Proud Boys, that threatened Democratic voters with physical harm if they didn’t change their party affiliation and vote for Trump.
“You will vote for Trump on Election Day or we will come after you,” the email said, according to prosecutors.
Though the messages pressured voters to support Trump, they may have been designed to actually harm his campaign by aligning him in the minds of voters with the Proud Boys after he was criticized for failing to unequivocally denounce the group during the first presidential debate.
To Republican officials and people associated with the Trump campaign, meanwhile, the hackers crafted Facebook messages that falsely claimed that Democrats were planning to exploit security vulnerabilities in state voter registration websites and commit voter fraud, the indictment says.
Another tool was a fake video spread through social media platforms that purported to show an individual hacking into state voting websites and creating fraudulent absentee ballots, according to the indictment.
In September and October 2020, prosecutors say, the hackers gained unauthorized access to the computer network of an American media company — prosecutors would not say which one — that provided a content management system for dozens of publications. They tested the capability to modify and create content on the system, which the indictment says “would have provided them another vehicle for further disseminating false claims concerning the election.”
On Nov. 4, 2020, the day after the election, hackers attempted to access the system through stolen credentials, but by that point, the company had fixed the issue and the hackers’ log-in attempt failed, the indictment says.