The U.S. National Security Agency (NSA) and U.S. Cyber Command (CYBERCOM), the military command tasked with cyber-related operations, took action to counteract Iranian hackers who had obtained U.S. voter data and sent threatening emails to voters.
Voice of America reporter Jeff Seldin tweeted, “NEW: @US_CYBERCOM hit back at #Iran following its #disinformation / intimidation email campaign late last month, using hacked voter registration data. @CYBERCOM_DIRNSA Gen Paul Nakasone revealed the op in briefing w/a small group of reporters.”
— Jeff Seldin (@jseldin) November 3, 2020
In another tweet, Seldin said, Both @US_CYBERCOM & @NSAGoV out “hunting forward” to eliminate #Election2020 threats, per CYBERCOM’s Gen. Paul Nakasone.”
“Hunting forward,” appears to refer to “hunt forward operations,” a type of cybersecurity action recently described by CYBERCOM as an effort to identify and preemptively stop cyberattacks.
CNN reported a U.S. official told them on Tuesday that the NSA and CYBERCOM had taken action within the last two weeks against Iranian hackers working for the Islamic Revolutionary Guard Corps, in response to election interference efforts observed by U.S. officials.
The official provided few details for what actions the NSA and CYBERCOM took against the Iranian hackers, but CNN reported the actions came in response to Iranian hackers who last month posed as members of the right-wing Proud Boys group and sent threatening emails to American voters.
The Washington Post similarly reported Tuesday that the NSA and CYBERCOM had taken action against Iranian hackers, after they posed as members of a right-wing group in the U.S. and sent threatening emails to voters.
Gen. Paul Nakasone, who leads both the NSA and CYBERCOM did not provide specific details about U.S. cyber operations when asked for comment by CNN or the Washington Post, but he told the Washington Post he was “very confident in actions” his team had taken against adversaries “over the past several weeks and the past several months to make sure that they’re not going to interfere in our elections.”
Nakasone said the NSA had been monitoring Iranian actions for some time and his team was not surprised by Iran’s actions.
“We had a very, very good bead on what a number of actors were trying to do,” he said. “We provided early warning and followed [them very closely]. We weren’t surprised by their actions.”
On Monday, the New York Times also reported on CYBERCOM’s “hunt forward operations” to premptively identify potential foreign hacking groups and to counteract their hacking operations. The New York Times reported the “hunt forward operations” were employed in the 2018 elections and CYBERCOM issued preemptive warnings to potential foreign hackers and worked to disrupt at least one Russian troll-farm through the election day in 2018. The “hunt forward operations” were reportedly expanded since 2018, in anticipation of the 2020 election.
The actions, reported by CNN and the Washington Post, to counteract Iranian hackers come after an August U.S. intelligence report assessed Iran “seeks to undermine U.S. democratic institutions, President Trump, and to divide the country in advance of the 2020 elections.” The intelligence assessment also described Chinese interests in undermining Trump and Russian interests in denigrating Democratic presidential candidate Joe Biden.
The U.S. Director of National Intelligence John Ratcliffe described the Iranian election interference efforts in a press conference shortly after reports first emerged of the voter intimidation emails. Ratcliffe said the Iranian efforts meant to “intimidate voters, incite social unrest and damage President Trump.”
Nakasone told the Washington Post that levels of foreign election interference appeared lower than they did during the 2018 U.S. midterm elections. Nakasone said, “I just don’t see the levels that we had seen” in 2018.
Nakasone did tell the Washington Post there were more foreign actors with the capability and intent to influence the election, “so we have broadened our partnerships and our operations.”
CNN also reported that beyond the NSA and CYBERCOM actions, U.S. cyber security officials saw relatively few signs of election interference on Election Day. A senior election security official from the Cybersecurity and Infrastructure Security Agency (CISA) reportedly said, “it has been quiet” as far as foreign interference and malicious cyber activity were concerned but said “we’re not out of the woods yet.”
Another senior CISA official reportedly said federal officials will remain watchful of potential foreign interference following the election.
“The attack surface particularly for disinformation and foreign interference extends well into the next month or two,” the senior CISA official told CNN. “So there is no spiking the football here. We are acutely focused on the mission at hand.”