Government-backed Iranian hackers reportedly attempted to crack President Donald Trump’s re-election campaign website Friday, reminiscent of Russian cyber interference in the 2016 election because I guess we’re just stuck in the Groundhog Day of American politics at this point.
Microsoft issued a warning Friday that it detected “significant cyber activity” aimed at a then-unnamed 2020 presidential bid believed to be the work of a hacking group that “originates from Iran and is linked to the Iranian government.” Since then, reports from Reuters and the New York Times have identified that campaign as Trump’s own, according to sources with knowledge of the hacking. Unsurprisingly, the campaign’s director of communications, Tim Murtaugh, has a different take. “We have no indication that any of our campaign infrastructure was targeted,” he said in a public statement Friday.
The group of hackers, which Microsoft has dubbed Phosphorus, made more than 2,700 attempts in a 30-day period between August and September to identify email accounts linked to Trump’s campaign as well as those of current and former government officials and journalists. According to the company’s blog post:
Four accounts were compromised as a result of these attempts; these four accounts were not associated with the U.S. presidential campaign or current and former U.S. government officials.
Three Republicans and 19 Democrats have announced plans to run in the 2020 election so far. According to Reuters’ report, Trump is the only major contender whose official campaign site is linked to Microsoft’s cloud email service.
Microsoft described the hackers’ methods as “not technically sophisticated,” though the attack was “highly motivated” and used “a significant amount of personal information” Phosphorus gathered on its targets via research and hacking secondary, linked email accounts. They then used this intel to attempt gaming password reset or account recovery features in order to break into a target’s Microsoft account.
Perhaps not uncoincidentally, the attack’s timing corresponds with Trump announcing a new round of U.S. sanctions against Iran that’s put significant pressure on the country’s banks and oil trade. Maybe now the president regrets describing them in his typical overblown language as “the highest sanctions ever imposed on a country,” per Reuters. (Eh, probably not.) As of yet, the Iranian government has not issued any kind of official public response to Microsoft’s statement or subsequent reports about the hacking.
Apparently Iran’s not the only one reportedly trying to rig the 2020 election this soon into the race either. Intelligence officials say Russia and North Korea have also launched cyberattacks targeting organisations that work with presidential candidates, the New York Times reported. Oren Falkowitz, the chief executive of a cybersecurity company called Area 1, told the Times, “We’ve already seen attacks on several campaigns and believe the volume and intensity of these attacks will only increase as the election cycle advances toward Election Day.”
Now, say you’re a politician up for re-election in the next 13 months who wants to know, for a friend of course, how to help protect your account. Two-factor authentification, while not fool-proof, is the way to go according to Microsoft’s recommendation. Though instead of using potentially insecure SMS messages to deliver the authentification code, opt for a physical security key or authentification app like Authy or Google Authenticator. Case and point, Microsoft said part of Phosphorus cyberattack involved gathering the phone number of targets and using them to authenticate password resets. Microsoft’s security service AccountGuard is also an option for eligible users.
As much as I hoped to never experience this particular case of déjà vu, at the same time it’s hardly a shock. President Trump has repeatedly given foreign entities his personal blessing to interfere in U.S. elections, and even with 13 months left before the next election, they’re already responding to the invitation.