Iranian hackers accused of exclusivity successfully sell stolen emails to Trump

WASHINGTON: The Iranian hacking group accused of intercepting US Republican presidential candidate Donald Trump’s campaign emails has finally found some success in releasing its stolen material after initially failing to interest the media. mediate.

In recent weeks, hackers began selling more of Trump’s emails to a Democratic political operative, who posted a trove of the material on the website of his political action committee, American Muckrakers, and to independent journalists, including at least one posted them on the Substack writing platform. The latest material shows communications from the Trump campaign with foreign advisers and other allies, discussing a range of topics leading up to the 2024 election.

The activities of hackers tracked by Reuters provide a rare glimpse into the operations of an election interference effort. They also demonstrate that Iran remains determined to meddle in the election, despite a US Justice Department indictment in September accusing the linkers of working for Tehran and using a false persona.

The indictment alleged that a hacking group linked to the Iranian government, known as Mint Sandstorm, or APT42, compromised several members of the Trump campaign between May and June, stealing their passwords. In a homeland security advisory released earlier this month, the agency warned that hackers continue to target campaign staff. If found guilty, they face jail time and fines.

The Justice Department’s indictment said the leakers were three Iranian hackers working with Iran’s Basij paramilitary force whose volunteer members help the regime enforce its strict rules and project influence. Attempts to reach the hackers identified by name in the indictment by email and text message were unsuccessful.

In conversations with Reuters, the whistleblowers – who collectively use the fake persona “Robert” – did not directly address the US allegations, with one saying “Do you really expect me to respond?!”

“Robert” is the same fake person referred to in the US indictment, according to FBI emails sent to journalists and reviewed by Reuters.

Iran’s mission to the United Nations said in a statement that reports of the country’s involvement in hacking against the US election were “fundamentally unfounded and completely inadmissible”, adding that it “categorically rejects such allegations”. The FBI, which is investigating Iran’s hacking activity against both presidential campaigns in this election, declined to comment.

David Wheeler, founder of American Muckrakers, said the documents he shared were genuine and in the public interest. Wheeler said his goal was to “expose how desperate the Trump campaign is to try to win” and provide the public with factual information. He declined to discuss the origin of the material.

Without giving specifics, the Trump campaign said earlier this month that Iran’s hacking operation was “intended to interfere with the 2024 election and sow chaos throughout our democratic process,” adding that any journalists who reprint the stolen documents ” I am fulfilling the request of America’s enemies.” .”

In 2016, Trump took a different stance when he encouraged Russia to hack Hillary Clinton’s emails and release them to the media.

SHORT RUNNING

The leak operation began around July when an anonymous email account, swamp (to) aol.combegan communicating with reporters from several media outlets using the name Robert, according to two people familiar with the matter. They initially reached out to Politico, the Washington Post and the New York Times, promising damning inside information about the Trump campaign.

In early September, the accused Iranian hackers used a second email address, bobibobi.007 (to) aol.comin a new round of disclosures, including to Reuters and at least two other news outlets, the two people familiar with the matter said.

At the time, they provided research compiled with public information by the Trump campaign on Republican politicians JD Vance, Marco Rubio, and Doug Burgum, all of whom were considered Trump candidates.

The vice presidential reports were genuine, a person familiar with the Trump campaign told Reuters. Neither Politico, Washington Post, New York Times, nor Reuters published articles based on these reports.

New York Times spokeswoman Danielle Rhoades Ha said the paper published stories based on hacked material only “if we find newsworthy information in the material and can verify it.”

In an email, the Washington Post referred Reuters to earlier comments made by its executive editor, Matt Murray, who said the episode reflected that news organizations “will not attack any hack” provided to them. . A Politico spokesperson said the origin of the documents was more newsworthy than the leaked material. Reuters did not publish the material because the news agency did not believe it was newsworthy, a spokesman said.

Both AOL email accounts identified by Reuters were taken offline in September by its owner Yahoo, which worked with the FBI before the indictment to trace them to the Iranian hacking group, according to two people familiar with the investigation. Yahoo did not respond to a request for comment.

Before losing access to the email, Robert suggested that reporters might need an alternate contact and provided a phone number on the encrypted chat app Signal. Signal, which is harder for law enforcement to monitor, did not return messages seeking comment.

Some senior U.S. intelligence and law enforcement officials have said Iran’s interference efforts this election cycle are focused on smearing Trump because it holds him responsible for the 2020 U.S. drone assassination of former Iranian military general Qassem Soleimani.

So far, the already published leaks do not appear to have changed the public dynamics of the Trump campaign.

MUCKRAKERS

On September 26, North Carolina-based American Muckrakers began publishing internal Trump campaign emails. Active since 2021, the PAC has a history of promoting unflattering material about high-profile Republicans. According to public disclosure reports, it is funded by individual, small-dollar donors from around the country.

On its website, American Muckrakers said the leaks came from “one source,” but before last month’s publication, the group publicly asked Robert to get in touch. “HACKER ROBERT, WHY THE F DO YOU KEEP SENDING TRUMP INFORMATION TO THE CORPORATE MEDIA?” the group said in a post to X. “Send it to us and we’ll get it out.”

When asked if his source was the supposed Iranian character Robert, Wheeler said “that’s confidential” and that he had “no confirmation of the source’s location”. He also declined to comment on whether the FBI had warned him that the communication was the product of a foreign influence operation.

In one example, Muckrakers published material on Oct. 4 purporting to show an unspecified financial arrangement with lawyers representing former presidential candidate Robert F. Kennedy Jr. and Trump. RFK Jr.’s lawyer, Scott Street, said in an email to Reuters that he could not speak publicly about the incident. Reuters confirmed the authenticity of the material.

Muckrakers later published documents from Robert on two high-profile races. It included alleged campaign communication about North Carolina Republican gubernatorial candidate Mark Robinson and Florida Republican Rep. Anna Paulina Luna, both of whom are endorsed by Trump.

The exchange about Robinson centered on an attempt by Republican adviser W. Kirk Bell to seek guidance from the Trump camp after the scandal over comments attributed to Robinson on a pornography forum. Robinson previously denied the comments. The other message came from a Republican aide who shares information with the campaign about Luna’s personal life.

Robinson and Luna’s campaigns did not return messages seeking comment.

One of the few journalists contacted by Robert who released material was freelance national security reporter Ken Klippenstein, who posted the vice presidential investigative documents on Substack late last month. Robert confirmed to Reuters that they gave the material to Klippenstein.

Substack did not respond to a question about its policies on pirated material.

After the story, Klippenstein said FBI agents contacted him about his communication with Robert, warning they were part of a “malign foreign influence operation.” In a post, Klippenstein said the material was newsworthy and chose to publish it because he believed the media should not be “a gatekeeper of what the public should know.”

A spokesman for Reuters, which received similar notices from the FBI, said: “We cannot comment on our interactions, if any, with law enforcement.” An FBI spokesman declined to comment on its media notification effort.

Wheeler said he has new leaks in store “soon” and will continue to publish similar documents as long as they are “authentic and relevant.”