United States Indicts Iranian Hackers in Voter Intimidation Effort



WASHINGTON — The Justice Department indicted two Iranian hackers on Thursday for seeking to influence the 2020 election with a clumsy effort to intimidate voters, just a day after the nation’s cyberdefense authorities warned of an escalating Iranian effort to insert malicious code into the computer networks of hospitals and other critical infrastructure.

The hackers, identified in a grand jury indictment handed up in New York as Seyyed Kazemi, 24, and Sajjad Kashian, 27, are accused of sending threatening messages to several thousand voters, after breaking into some voter registration systems and at least one media company. Many of the messages sent by the Iranians were designed to look like they were from the Proud Boys, the right-wing extremist group.

Law enforcement officials said Facebook messages and emails from the Iranians to Republicans falsely claimed the Democrats were planning to exploit security vulnerabilities in state voter databases to register nonexistent voters. But the hackers also sent tens of thousands of emails to Democrats. They demanded recipients change their party affiliation and vote for President Donald J. Trump.

The emails were so badly written, however, that they immediately seemed suspect, and the effort was quickly exposed by Mr. Trump’s own administration. Intelligence officials have long considered the emails to Democrats to be a bit of ham-handed reverse psychology, meant to make the recipients more likely to turn out to vote against Mr. Trump.

Law enforcement officials also revealed Thursday that the Iranians had hacked into a media company that provides a content management system for dozens of newspapers, although officials did not reveal the name of the organization.

Had they kept access, they might have been able to post fake stories to undermine the election, law enforcement officials said. But the F.B.I. detected the intrusion and notified the company. When the Iranians tried to enter the system the day after the election, they discovered their access was blocked.

While the timing seemed coincidental, the indictment was announced after the Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security, issued a bulletin on Wednesday warning of a broad, state-sponsored Iranian campaign to get into American computer networks, including hospitals. The warning was a rare one: The governments of Australia and Britain joined in issuing it, and said that a number of ransomware attacks were being organized by the Iranian government, not just criminal groups.

Taken together, the indictment and the warning suggest that the Iranian government is making broader use of its offensive cyber-units, and learning from techniques it is picking up from Russia and elsewhere. The warning did not name which American hospitals or transportation systems were the focus of Iranian attacks.

“Our intelligence officials have continually warned that other countries would seek to follow Russia’s 2016 playbook,’’ Senator Mark Warner, the Virginia Democrat and chairman of the Senate Intelligence Committee, said in a statement after the indictment was announced. “Today’s charges and sanctions against several Iranians believed to be behind a cyber campaign to intimidate and influence American voters in the 2020 election are further evidence that attempts to interfere in our elections will continue, and we must all be on guard against them.”

The indictment Thursday did not directly state that the two men were working for the Iranian government. Instead, they were employed by a cybersecurity firm that claims to do defensive work for the Iranian government. But U.S. officials have long contended that several such companies focus on offensive cyber activities — from theft of data to sabotaging of networks, often directed at the U.S.

In the election case, previously declassified intelligence reports have linked the efforts to Tehran’s government ministries, and suggested that Iran was attempting to use variations of the playbook designed by Russia in its efforts to influence the 2016 election.

In 2016 and in 2020, intelligence officials concluded Russia was trying to influence the election to benefit Mr. Trump. And while Thursday’s indictment did not specify the goal of the Iranian hackers — beyond sowing divisions among Americans — intelligence officials have repeatedly said that Iranian influence efforts were aimed at hurting Mr. Trump’s re-election efforts.

“This indictment details how two Iran-based actors waged a targeted, coordinated campaign to erode confidence in the integrity of the U.S. electoral system and to sow discord among Americans,” Matthew G. Olsen, who recently took over as head of the National Security Division of the Justice Department, said. “The allegations illustrate how foreign disinformation campaigns operate and seek to influence the American public.”

Officials said that the Treasury Department would impose sanctions related to the charges, and rewards would likely be set up for information that would enable the U.S. to arrest the two indicted hackers. But the men are in Iran, and the best officials can hope for is to get them arrested and extradited if they travel outside the country.

In a speech earlier this week, Gen. Paul M. Nakasone, the head of U.S. Cyber Command and director of the National Security Agency, said one of the main lessons of the government’s 2020 election defense efforts was that multiple foreign governments had tried to influence the outcome.

Intelligence officials have said that Russia, Iran and China mounted the biggest efforts to influence American politics in 2020, although Cuba also pushed narratives to denigrate Mr. Trump, the March intelligence report found.

“What did we learn? That we had more adversaries. We had more committed adversaries,” General Nakasone said.

Other intelligence officials have noted that Russia appeared to hold back from the kind of tactics it used in 2016; instead, the SVR, one of Russia’s premier intelligence agencies, focused on the SolarWinds infiltration, altering a type of software used by thousands of companies and government agencies. That gave them access to a far larger group of targets — a technique that China and other countries are also using.