Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

Trump Leak Likely a Harbinger of More Interference to Come

Current Foreign Disinformation Attempt Using Leaked Documents Branded 'Incompetent'
Trump Leak Likely a Harbinger of More Interference to Come
Foreign hack-and-leak operations seek to influence the outcome of U.S. elections. (Image: Shutterstock)

Update Aug. 12, 21:46 UTC: The FBI said in a brief statement that it is investigating the Trump campaign hack. “We can confirm the FBI is investigating this matter," a spokesperson said in a statement sent to reporters.

See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk

Update 2 Aug. 12, 23:05 UTC: The Washington Post cited "people familiar with the matter" to report the FBI is also investigating spear phishing emails sent to three staffers on the Biden-Harris campaign. Sources told the paper the attacks do not appear to have been successful and that the Iranian government is the suspected perpetrator.

Cybersecurity experts are urging election campaign officials and policymakers to revisit their defenses in the wake of the Trump campaign confirming it was breached and that internal documents were stolen and leaked as part of an apparent foreign disinformation campaign. They're also urging voters to not fall for such "active measures," designed to covertly sow doubt and discord over the 2024 U.S. presidential election.

The warnings follow the campaign of Republican presidential candidate Donald Trump on Saturday confirming it was hacked and that multiple documents were stolen, including a 271-page vetting report into Trump's vice presidential running mate, JD Vance, a senator from Ohio.

Chris Krebs, former head of the U.S. Cybersecurity and Infrastructure Security Agency, said the leak is likely a harbinger of more disinformation attempts to come. "Keep in mind that you're part of the playbook, they want you to either amplify it or doubt it," he said via X, urging Americans to not fall for the ruse.

"Take a beat, touch grass as the kids say, & just vote," he said. "American voters decide American elections. Let's keep it that way."

Politico first reported on the hack-and-leak campaign Saturday, saying a source who used an AOL email account and the name "Robert" began sending it documents on July 22. "I suggest you don't be curious about where I got them from. Any answer to this question, will compromise me and also legally restricts you from publishing them," Robert told Politico.

The Washington Post said on Saturday that Robert also emailed Vance's vetting report on Thursday and that two sources confirmed it was genuine. Neither the Post nor Politico have published the leaked documents.

Thomas Rid, professor of strategic studies at Johns Hopkins University, branded the leaking effort thus far as "incompetent" and warned against overstating the effectiveness of "weak adversaries," lest that give them "more oxygen."

"Hard to say for now if this operation has already fizzled, or if more campaign files could get leaked publicly, for example, possibly doctored," Rid said in a post to social network X. "If so, it is crucial for reporters to fact check everything in there, even if documents appear authentic."

He also lauded Politico for reporting on the disinformation attempt rather than simply detailing the contents of the leaked documents - as Robert demanded.

Anyone handling such allegedly stolen information should not assume it's genuine, said Rep. Adam Schiff, D-Calif., a former chair of the House Intelligence Committee. "I have consistently warned that foreign adversaries can insert misinformation into real documents to sow chaos," he said in a post to X.

"The press needs to treat any information hacked and dumped through foreign interference operations with great skepticism and always disclose the provenance of the materials they report on - so the public knows where the information comes from and understands the motivation behind it," he said.

Trump Campaign Confirms Breach

The Trump campaign first confirmed Saturday it suffered a hack attack leading to documents being stolen. "These documents were obtained illegally from foreign sources hostile to the United States, intended to interfere with the 2024 election and sow chaos throughout our Democratic process," Steven Cheung, a campaign spokesman, said in a statement.

While the breach occurred earlier this summer and was separately detected by the Trump campaign, the campaign chose to not disclose that fact publicly or to law enforcement, The Washington Post reported.

The Trump campaign has blamed the hack on Iran and cited Microsoft last week reporting that the Iranian government, based in Tehran, has increased the tempo of its election-focused disinformation operations (see: Iran Amplifies US Election Influence Campaign).

"We expect Iranian actors will employ cyberattacks against institutions and candidates while simultaneously intensifying their efforts to amplify existing divisive issues within the U.S., like racial tensions, economic disparities and gender-related issues," Microsoft said in its report.

In the past four years, Iranian hackers have targeted elections not only the U.S. but also in Bahrain and Israel, seeking to sow discord, reduce voter turnout and undermine the integrity of the election results, it said.

Microsoft said a group it tracks as Mint Sandstorm, aka Charming Kitten, which is run by the intelligence unit of the Islamic Revolutionary Guard Corps, is part of those efforts. In June, it said, the group used the hacked email account for "a former senior adviser" to a presidential campaign to send "a spear-phishing email to a high-ranking official" inside the campaign. The report doesn't state if that hack attempt was successful.

While Microsoft didn't name the targeted organization, "a person familiar with Microsoft's work confirmed the report's reference was to the Trump campaign," The Washington Post reported.

Highlighting Influence Campaigns

Earlier this year, CISA warned that foreign election interference efforts have been intensifying as part of "broader efforts to undermine U.S. global standing, sow discord inside the United States, and influence U.S. voters and decision-making."

Microsoft said the recent attack attempt is a reminder that U.S. campaigns and election officials are at risk from multiple unfriendly nation-states (see: China Is Using AI to Influence Elections, Microsoft Warns).

"This targeting is a reminder that senior policymakers should be cognizant of monitoring and following cybersecurity best practices even for legacy or archived infrastructure, as they can be ripe targets for threat actors seeking to collect intelligence, run cyber-enabled influence operations, or both," it said.

Clint Watts, head of the Microsoft Threat Analysis Center, said in a blog post: "We share intelligence like this so voters, government institutions, candidates, parties and others can be aware of influence campaigns and protect themselves from threats."


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.