Iranian hackers accessed a US municipal website for reporting unofficial election results in 2020 but were kicked off the network by US military hackers and didn’t have any impact on voting, a top US general said Monday.
There was never a risk that vote counts could have been altered because such election night websites report preliminary data rather than certified ballot results. Instead, US officials were concerned that the hackers might use their access to the website to mislead the public by posting fake results.
“Our concern is always that some type of web defacement … on the night of the election could make it look like the vote had been tampered with when that’s absolutely not true,” Maj. Gen. William Hartman, head of US Cyber Command’s Cyber National Mission Force, said at the RSA cybersecurity conference in San Francisco.
Cyber Command – the military’s offensive and defensive hacking unit – discovered the Iranian intrusion during a mission in foreign cyberspace, Hartman said. The US military then executed its own cyber operation to kick the Iranians off of the network of the US city to ensure the Iranian hackers were “unable to come back into the network” in the runup to the 2020 election, Hartman said.
He did not name the US city network that was affected.
The episode illustrates how cyberspace has become a key frontier in various governments’ efforts to shape, influence and defend elections. Since 2016, when alleged Russian military intelligence agents hacked and leaked the emails of the Democratic National Committee in a bid to sow chaos in the US election, US military hackers have grown much more evolved in defending election infrastructure.
Hartman’s comments provide additional insight to what the US government has previously said about foreign interference efforts in the 2020 election.
Broad Russian and Iranian hacking campaigns against multiple sectors “did compromise the security of several networks that managed some election functions,” the departments of Homeland Security and Justice said in a 2021 report, “but they did not materially affect the integrity of voter data, the ability to vote, the tabulation of votes, or the timely transmission of election results.”
The 2020 eviction of Iranian hackers was one of multiple examples that Hartman and a senior US Cybersecurity and Infrastructure Security Agency, Eric Goldstein, revealed at the RSA conference that were meant to illustrate how US offensive defensive cyber officials work together to protect key computer networks.
In the weeks after the US government was caught flat-footed in late 2020 by an alleged Russian cyber espionage campaign that compromised nine federal agencies, CISA took a forensic image of the hacked servers and handed them off to Cyber Command, according to Goldstein.
After a tip from US intelligence, Cyber Command personnel went overseas to an unnamed “foreign partner” that the same Russian hackers had also breached, according to Hartman, and analyzed malicious code use by the hackers. The US government then published a report based on the intelligence to try to warn private companies of the novel tactics the Russian hackers were using.
“Because of the relationship and because of the preparation, not only were we able to gain access to the adversary, but we were able to do so in a manner that the adversary didn’t know we were there,” Hartman said of the Cyber Command operation.
The US government has blamed the hack on Russia’s foreign intelligence services. Moscow has denied the accusation.
Cyber Command has conducted dozens of similar operations overseas in recent years to collect intelligence on hackers from Russia, China, Iran or elsewhere.
That includes an operation in 2021 to evict Chinese hackers from overseas computer servers that the hackers were allegedly using in widespread attacks against popular Microsoft email software, Hartman said.
Source: www.cnn.com