As the U.S. presidential election scheduled for November 5, 2024, draws near, the world’s attention is focused on internal American affairs to monitor the developments of the presidential race. Alongside this, there is renewed concern about cyber threats targeting both the Democratic and Republican campaigns, highlighting the potential impact of these threats on the current U.S. election amid accusations of international interference aiming to influence the results.
Campaign Breaches:
In June 2024, around the time former President and current Republican candidate Donald Trump chose his running mate, Microsoft reported that a hacking group operated by an intelligence unit affiliated with Iran’s Revolutionary Guard had breached the email account of Roger Stone, a prominent public figure and former senior adviser to Trump’s 2020 campaign. Stone had previously worked to amplify the damage to the campaign of former presidential candidate Hillary Clinton. From his email, fake emails, known as “spear phishing,” were sent to a senior official in Trump’s current presidential campaign as part of an ongoing effort to access the campaign’s networks and databases.
According to Microsoft, the hacking group known as “Mint Sandstorm” was behind the attempted breach, using fake emails to infiltrate the Trump campaign’s accounts and databases. The goal was to successfully access internal communications and disrupt the democratic process, casting doubt on its legitimacy. Microsoft and the FBI informed Stone that his email had been hacked. Trump later stated that Microsoft had notified him that the Iranian government had targeted his campaign but failed to acquire any confidential information, blaming the breach on President Joe Biden’s administration, which he described as weak.
Following this incident, Trump’s campaign faced another cyberattack. An anonymous AOL account using the alias “Robert” leaked internal campaign documents to American media outlets. One of the leaked documents included background research on J.D. Vance, Trump’s Republican vice-presidential candidate, allegedly prepared long before Trump chose him, specifically on February 23. The political news site Politico began receiving the first emails containing several documents on July 22, and The Washington Post received the Vance file on August 8.
U.S. intelligence agencies attributed the breach to Iran, citing similarities between the hackers’ techniques and those used by a group linked to the Revolutionary Guard. Confirming this, Trump campaign spokesperson Steven Cheung said on August 10 that hostile foreign sources had obtained several documents to interfere with the upcoming presidential election and create chaos in the American democratic process. He explicitly pointed to Iranian agents intensifying their efforts to influence and monitor the U.S. election by creating fake news outlets targeting both liberal and conservative voters. The campaign emphasized to journalists that publishing these documents or internal communications would mean complying with the orders of America’s enemies and doing exactly what they wanted.
Notably, American media outlets that received the documents decided not to publish them, instead focusing on the breach itself, its motives, and the perpetrators. None of them treated the leaked documents as exclusive content “for publication.” Kelly McBride, the public editor of National Public Radio (NPR), noted that journalists’ primary loyalty is to their audience, providing them with the information they need without undermining the stability of the entire country. The Washington Post compared the leak to the Russian hacks of the Democratic campaign emails in 2016, putting media organizations to the test in determining the best way to cover the alleged breach.
On the other hand, the campaign of Democratic presidential candidate Kamala Harris was also targeted by foreign hackers. According to The Washington Post, three staff members of the Biden-Harris campaign received phishing emails, with the hackers attempting to gain broad access to their emails. However, the Harris campaign insisted that its cybersecurity measures had prevented any breaches of its systems, particularly due to the robust security protocols in place.
The FBI investigated the efforts to breach the Biden-Harris campaign before Biden withdrew from the presidential race. On August 12, the FBI, the Office of the Director of National Intelligence (ODNI), and the Cybersecurity and Infrastructure Security Agency (CISA) announced that the Iranian government had attempted to damage the Harris-Biden campaign, providing strong evidence of Tehran’s efforts to influence the current election. This approach by Iran was not new.
Further evidence of Iranian involvement came in a Google report released on August 14, which indicated that Iranian attempts to hack U.S. presidential campaigns were ongoing on a wide scale. The hacking group known as APT42, linked to Iran’s Revolutionary Guard, attempted to breach both presidential campaigns and infiltrate the email accounts of high-profile individuals and organizations, including current and former government officials, political campaigns, diplomats, think tanks, NGOs, and academic institutions. The group targeted 12 individuals connected to both Biden and Trump. The report noted that the Iranian group had compiled a list of current and former government officials to target, having already demonstrated the capability to conduct multiple simultaneous phishing campaigns.
On August 23, Meta announced that the hacking group APT42, allegedly tied to the Iranian government and believed to have targeted both current presidential campaigns, attempted to hack the WhatsApp accounts of individuals associated with both Biden and Trump. Meta discovered that the hackers posed as tech support agents from major companies, including Microsoft and Google, after individuals reported suspicious messages on WhatsApp. Meta subsequently banned some accounts and shared the findings of its investigation with law enforcement agencies.
For its part, Iran denied the allegations of its involvement in hacking the U.S. presidential campaigns, asserting that the Iranian government had no intention or motive to interfere in the U.S. election, according to a statement by the Iranian news agency IRNA on August 11.
Increasing Threats:
In addition to the above, several indicators point to the growing cyber threats to the 2024 U.S. presidential elections. These indicators can be understood through the following key observations:
Targeting the Primaries:
Several U.S. state primaries have faced multiple threats. For example, in April, the local election office in Georgia experienced a cyberattack, forcing them to disconnect from the state’s voter registration system as a precaution. In New Hampshire, prior to the state’s presidential primary, AI-generated robocalls surfaced, mimicking President Biden’s voice, saying: “Your votes are important for the Democratic Party, don’t go to the polls next Tuesday (primary elections), save your energy for voting at the end of November.” This prompted the Federal Communications Commission (FCC) and investigators to intervene and issue orders to halt some implicated telecom companies. This incident highlighted the dangers of using AI to spread disinformation and undermine voting rights.
Multiple Sources of Threat:
According to the Cybersecurity and Infrastructure Security Agency (CISA), the exceptional advancements made by U.S. adversaries raise concerns about potential attacks on election systems. These include voter databases, which are vulnerable to hacking and manipulation, government and local websites prone to denial-of-service attacks, phishing, ransomware, and email systems of local government election offices. The U.S. presidential elections face numerous security challenges, such as potential cyberattacks by foreign governments, criminal ransomware gangs, electoral misinformation that could erode public trust, phishing scams leading to increased absentee ballots, hacking, and even bribery or extortion of election officials.
Testing Voter Sentiments:
In April, Clint Watts, General Manager of the Threat Analysis Center at Microsoft, argued that China is using fake social media accounts to gauge American voters’ opinions on divisive issues to influence the upcoming elections in its favor. These deceptive accounts, allegedly managed by affiliates of the Chinese Communist Party, began posting provocative questions on issues like the November 2023 train derailment in Kentucky, wildfires in Maui in August 2023, drug abuse in the U.S., immigration policies, and racial tensions. The goal is to gather intelligence on demographic trends and potential voting behavior in the presidential elections.
Proliferation of AI-Generated Fake Videos:
The use of AI voice cloning to mimic Vice President Kamala Harris in a satirical video raised questions about how AI can be used to spread disinformation about elections. The video gained widespread attention after billionaire Elon Musk shared it on his platform, “X,” on July 26, without labeling it as misleading. This incident underscores how deepfakes and AI-modified images and videos are becoming growing concerns in the current election cycle.
Fear of Foreign Interference:
The FBI has repeatedly warned of foreign interference in U.S. presidential elections. Microsoft has reported attempts by both China and Russia to influence the current elections. While Beijing employs social media to stir debates on sensitive topics, Russia’s efforts focus heavily on spreading misinformation about Ukraine and its ties to U.S. intelligence agencies. In February, cybersecurity firm CrowdStrike issued a warning about potential international meddling in the U.S. elections, specifically pointing to Iranian hackers. The company’s annual report forecasted possible Iranian interference, similar to operations carried out by Tehran-backed hackers in late October 2020, weeks before the last U.S. presidential elections, when they sent emails falsely claiming to represent a far-right American political group, urging voters to support a specific candidate.
Between Alarm and Dismissal:
Two divergent views have emerged regarding cybersecurity for the current U.S. presidential elections:
The First View:
Advocates of this perspective link the previously mentioned cyber breaches/threats to U.S. national security, arguing that election systems are classified as critical infrastructure, demanding priority protection. They cite the growing strategic threats in the digital age, warning of a possible repeat of previous methods or the employment of new tactics that could lead to more covert and destructive attacks on election infrastructure. Techniques like fake emails, voter registration database breaches, and more are seen as imminent threats.
Supporters of this view raise the specter of “cyberwarfare” by hostile state actors. Given that the U.S. presidential elections are one of the most significant strategic targets this year, hacking groups, both amateur and professional, as well as international intelligence agencies, are expected to focus on them due to the United States’ global influence and economic size.
Despite employing top-tier cybersecurity systems, human error remains a rising threat to the U.S. elections, considering the vast network of election officials, volunteers, and campaign participants. One election official might fall victim to an organized information-stealing campaign, ransomware, phishing, or other social engineering tactics. This could compromise voter databases if they are hacked or leaked through unsecured networks, regardless of the strength of security measures.
U.S. elections are not immune to global threats that have affected other nations’ elections, such as the rise in cyberattacks in Poland following the election of a pro-Ukraine government in 2023, a 2018 cyberattack on a Mexican political party’s website following a televised debate, and the leak of millions of U.K. voter records to China. These examples demonstrate that election interference is a growing threat, making elections a global target, even for the most advanced democratic nations.
In the U.S. case, unauthorized access to election infrastructure, campaign data breaches, disinformation, and the leaking of emails to the media pose a growing danger. Recently, Iran was accused of hacking the accounts of presidential campaign advisors, resulting in the dissemination of confidential information that highlighted internal campaign dynamics. This incident underscores the need to “securitize” both campaigns, particularly after Russian interference in the 2016 elections led to unprecedented security measures. The current campaigns have faced several cyber threats and international interventions, pointing to potential future security risks.
The aforementioned breaches and threats may be just the beginning of more significant cyberattacks, which could intensify as the presidential election date nears. This raises concerns about the integrity of the election process if sensitive information is leaked or further international interventions occur. Some U.S. officials have hinted at this possibility, such as former CISA director Chris Krebs, who tweeted, “Threat level… buckle up.” With each presidential election, the specter of foreign interference looms, especially with the actual use of AI technologies in online disinformation campaigns. As tech companies and social media platforms continue to reveal cyber threats to the campaigns, the mere circulation of news about campaign breaches is enough to sow doubts in the minds of voters and influence their political views.
The Second View:
Proponents of this perspective downplay the recent cyber breaches and threats to the presidential campaigns for several reasons. First, foreign interference in U.S. elections is not new, nor is it unique to the U.S. Furthermore, the country remains capable of protecting its digital democratic processes as it enhances its overall cybersecurity and election security measures. Multiple mechanisms and strategies exist to safeguard election systems and prevent cyber intrusions from affecting the integrity of voting systems.
Kate Conley, Senior Advisor at CISA, emphasized that while ransomware remains a major cybersecurity concern, election security measures ensure that these incidents do not affect the security of vote casting or tallying systems.
Overall, the methods employed by CISA to support presidential election systems fall under three categories: information sharing to improve communication and coordination on potential and actual threats across federal and local levels, free training on best practices and the most complex threats, and voluntary services, including security assessments, incident management assistance, and scanning election systems for vulnerabilities. The FBI and CISA issued a joint statement confirming that ransomware attacks against local or state networks or election infrastructure would not compromise the security or accuracy of voting or tallying operations. They also affirmed that any successful ransomware attack on election infrastructure would be investigated.
Those who downplay the significance of the email breaches and leaks argue that while unfortunate, these incidents should not be exaggerated, as the real threat lies in the potential to undermine public trust in the electoral process. Recognizing this, the American media has handled the leaked materials cautiously, balancing their accuracy and newsworthiness with the risk of furthering the objectives of foreign adversaries. This “restraint policy” reflects the understanding that foreign actors rely on internal entities to amplify the disruptive effects, making this approach an essential part of the “denial deterrence” strategy by ignoring and not validating the adversary’s objectives.
If one of the main goals of U.S. adversaries is to manipulate public opinion, tarnish the election process, or erode trust in American democratic institutions, then this objective might be achieved through local media conflicts and partisan polarization, independent of the cyber domain. Trump’s skepticism of the 2020 election results illustrates this point. It remains unclear how foreign interference could sway voters in light of their entrenched political beliefs, suggesting that such interference may act as a distractor rather than a decisive factor.
The lessons learned from the 2016 presidential elections prompted U.S. officials to adopt a policy of transparency in addressing current cyber threats. In 2016, they released a brief statement a month before the election, acknowledging Russian efforts to interfere with voting. This year, they have responded more quickly and explicitly, naming Iran as a culprit and hoping that information disclosure will help thwart adversaries’ efforts. This approach also addresses the criticism officials faced for withholding sensitive information in the past, with a focus on better educating the American public about these threats.
In conclusion, the U.S. presidential race is increasingly fraught with AI-generated videos, cyber breaches, and press leaks, prompting intelligence agencies, tech experts, and tech companies to intensify efforts to analyze actual and potential threats. The U.S. remains concerned about international interference, especially from Russia, China, and Iran, which may undermine the credibility of the elections. The ongoing technological advancements, particularly in AI, alongside the complex nature of cyber threats, add another layer of complexity to an already intricate 2024 presidential election scene.