The Daily - The First Major Cyberattack of the 2024 Election
Episode Date: August 27, 2024The U.S. authorities have repeatedly warned that foreign governments would seek to meddle in the upcoming presidential election. It now appears they were right.David E. Sanger, a White House and natio...nal security correspondent for The New York Times, tells the story of the first major cyberattack of the 2024 campaign.Guest: David E. Sanger, a White House and national security correspondent for The New York Times.Background reading: The hacking of presidential campaigns has started, with the usual fog of motives.The finding that Iran had breached the campaign of former President Donald J. Trump was widely expected.For more information on today’s episode, visit nytimes.com/thedaily. Transcripts of each episode will be made available by the next workday.
Transcript
Discussion (0)
From the New York Times, I'm Michael Bobarro. This is The Daily.
Today, U.S. authorities have repeatedly warned that foreign governments would seek to meddle
in this year's presidential race. It now appears that they were right.
My colleague, White House and National Security Correspondent David Sanger,
brings us the story of the first major cyberattack of the 2024 campaign.
It's Tuesday, August 27th.
David, a few weeks ago, just after the Republican National Convention, when the presidential
race is entering its most intensive phase, the Trump campaign comes out and it says,
we have been hacked.
And it doesn't get a ton of attention at the time,
but you have been trying to understand
what actually happened.
So tell us what you have learned.
It started the Friday before President Trump
and his campaign made that announcement.
A major warning from Microsoft about foreign interference
in the upcoming U.S. presidential election.
There was a report that came out from Microsoft.
And Microsoft, of course, has an incredible view
across the internet because people are using
so many different Microsoft products.
So they're usually among the first to see hacker activity.
Microsoft outlining what it says
was an Iranian cyber attack
on an active presidential campaign.
And so before Trump made his statement,
they released a report that declared
that there was a hacking group run by Iran.
Iran sent fake emails from a compromised email account of a former senior advisor.
And then it had successfully breached the account of what they called a former
senior advisor to a presidential campaign.
Very tantalizing, but also very mysterious.
Exactly, Michael.
mysterious. Exactly, Michael.
Over the weekend, former President Donald Trump said his campaign was hacked and he
blamed Iran.
And then the next day, President Trump came out and his campaign and said that they had
been informed by Microsoft several weeks before that they had in fact been hacked. Unsurprisingly, Iran is now trying to tilt the election in Kamala's favor very strongly.
They're trying to, they're openly fighting for it.
But Mr. Trump in his usual way kind of fogged it up by saying, don't worry, they didn't
get anything you couldn't get from our website.
You know, it wasn't terribly important, but he wanted to make the point that a foreign intelligence
operation was trying to interfere in his campaign.
Got it.
And between these twin announcements, the first from Microsoft, the second from the
Trump campaign, what do you end up learning has actually occurred here?
Well, this was a strange enough set of events that a group of us all began to dig in.
I talked to Microsoft investigators and they described in a little more detail what they had learned.
Then we also talked to federal investigators because we had every reason to believe that the FBI was on to this as well.
And from our sources, we learned Iran also targeted the Biden Harris campaign.
The bigger surprise, Michael, would have been if they hadn't.
But we don't know if it had any real effects.
And then my colleagues Maggie Haberman and Adam Goldman and Glenn Thrush began to dig around with the campaigns.
And they spoke to Roger Stone, who you'll remember was a long time and very close advisor
to former President Trump.
He was deeply involved in the effort to alter the results of the 2020 election.
But it turns out that he had received a warning, also from Microsoft and
from federal investigators, that both his Hotmail and Gmail accounts had been compromised.
So piecing that all together, it appears that here's what happened.
The Iranians ran what's called a spearfishing campaign on Roger Stone, got him to answer
an email and basically give them access to his email accounts.
And then they leveraged that to send out emails that appeared to come from Stone, right, a
trusted old friend of the Trump campaign, to senior members of the current campaign.
And so it was a pretty sophisticated, socially engineered hack by the Iranians to gain access
to the Trump campaign by pretending to be Roger Stone.
David, I want to get to whether or not this fishing expedition got Iran anything that
it was looking for.
But let's start with Iran's motivation for trying to get inside the Trump campaign in
the first place.
Why try to hack this campaign?
Well, the key to this, Michael, was the fact that Microsoft left no doubt
about who they thought this was. It wasn't some mysterious organization out there someplace.
It was the military, the Islamic Revolutionary Guard Corps, the IRGC, which is the most elite
part of the Iranian military, and historically, some of their most successful
and aggressive group of hackers.
They've got a lot of motivations
to try to derail a Trump presidency.
It's not simply that Trump is anti-Iran.
He's the one who killed off the 2015 Iran nuclear deal and reimposed sanctions on the
country just when they thought they had reached an agreement with the United States that basically
traded progress in their nuclear program for re-entering the world economy.
Not only that, he was singularly responsible for the death of Qasem Soleimani, who was
a revered general, rose through the IRGC ranks, ultimately ran the Quds Force, which is one
of their most powerful units, and he was killed in January of 2020.
Right.
And Trump personally, as I remember it, authorized his assassination.
That's exactly right. I want to ask you, when it comes to this hack, do we know what Iran
actually obtained from this attempted hacking effort?
Well, it's a complicated question, Michael, because we don't know whether the senior members of Trump's campaign
fell for the same phishing attempt
that Roger Stone fell for.
And we don't know whether or not the Iranians, as a result,
were able to get inside the campaign's systems and networks.
What we do know is that around the same time
that the Trump campaign announced this hack, a number of
news organizations, including the Times, reported that they had received some documents, largely
vetting documents that would be used to go assess potential candidates for vice president,
who were about 200 pages or so. And they appear to be internal from the Trump campaign.
So people jump to the conclusion that it must have come from the Iranian hack.
I mean, that would be a very logical conclusion.
And I think for most of us who've covered politics over the past decade, that was the
moment where we said to ourselves, uh-oh, this is 2016 all over again.
A foreign government with a stake in the election, stealing emails from a campaign to try to embarrass a candidate and prevent that candidate from becoming president.
In 2016, it was when Russia stole emails from Hillary Clinton, gave them to reporters. And now this time around, it appeared Iran was doing the same thing, trying
to steal emails from the Trump campaign
to embarrass him by giving those emails to reporters.
Michael, that's exactly what everyone thought
was happening initially.
But I've covered cyber issues long enough
to know that it's really easy to leap to a conclusion that a
certain set of documents came from a certain hack. And I've been wrong plenty of times before.
And the more we looked at these, we just weren't sure. Because the nature of the documents,
which were not immensely revealing, could have come from the Iranian hack, but you'd expect that they'd have a lot more
if they had free range inside the Trump campaign.
Instead, they could just as easily
have come from a disgruntled insider.
They weren't particularly confidential.
Most of these 200 pages were filled up
with statements that were excerpts of lines that Vance had used
about how much he disliked or distrusted Trump in the past.
Frankly there was nothing there that couldn't have been assembled by a
bright college intern who spent a day making their way through Google to just
try to put together a dossier of nasty public things Vance had already said.
Understood.
You're saying that the 2016 analogy isn't really a good one.
But I think we should explain that for just a moment because I think a lot of people who
learned about this Iranian hack wondered, why aren't we seeing news outlets publishing
stories based on what they presumed Iran had stolen and that our journalists had
in their possession that might embarrass Trump and why weren't they
publishing these emails in the same way that they had when Russia stole
embarrassing emails about Hillary Clinton and I hear you saying that we
aren't sitting on embarrassing emails from the Trump campaign if anything
we're sitting on publicly available
information that, as you said, a bright young intern could find from Google searches about
JD Vance and that we don't even know where these emails came from, who took them, which
is why the New York Times, among other news agencies, hasn't really published any of this
so far.
Yeah, that's exactly right. And I mean, it's not my call,
that's for senior editors of the paper.
And there was certainly a live discussion of the question,
but it was very different from what we saw in 2016,
which were clearly emails from inside a campaign.
Right.
Some of them came from John Podesta's account,
a senior campaign official. Those
emails gave you a sense of the internal dissonance within Clinton's campaign. It was an email,
for instance, in which Podesta and his aides criticized Clinton for what they thought were
her terrible instincts as a candidate. We learned about the contents of paid speeches
that Clinton had given that became the subject
of controversy in the campaign
because she had declined to publicly release them.
And while the publication of these emails
has always upset some of Hillary Clinton's supporters,
the journalistic explanation was that they revealed things
we previously didn't know.
Now, the documents
we got this month, ostensibly from inside the Trump campaign, they
fundamentally didn't have any news in them. Now Michael, it's also possible we're
just at the beginning of this and that at some point we'll see more documents
and maybe they'll be revealing of what's happening inside the Trump campaign. But
we'd have to have a pretty active
journalistic discussion at that time
about whether any new documents were newsworthy.
And of course, there's always the question
of whether you're doing the bidding
of a foreign government by publishing them.
So that conversation aside for just a moment,
it very much feels like Iran's attempted hack
of the Trump campaign is our first real warning that this election 2024 is going to be another
election in which foreign governments try to put their finger on the scale, try to influence
the course of and the outcome of our presidential election.
You know, four years is a lifetime in the technological advancement of hacking techniques,
of the sophistication of information operations. And now, of course, we have a whole new factor,
far more sophisticated artificial intelligence tools that can be used to fool voters and so forth.
that can be used to fool voters and so forth.
And of course, the number of countries that are interested in influencing the US election is growing
and they've got capabilities of their own to interfere.
And so when you add all of this together
and you compress the problem into a pretty short cycle
until election day,
it could be a more potent threat to interfere in the election process than we've seen in past years. We'll be right back.
David, let's talk about these threats to the 2024 election that you just raised, this growing
cast of players that are a threat to our system, and
what they might do to influence this election?
Well, Michael, the primary actors that the U.S. intelligence community is concerned about
is the old set of actors.
It's Russia, it's China, and it's obviously Iran Iran as we've been discussing.
So in early July, ahead of all of this news
about the Trump campaign and Roger Stone
and Microsoft and all that,
the US intelligence community issued a public alert
and said, here's what they're worried about.
Obviously their first and biggest concern was Russia.
And they were saying that they were beginning
to see the Russians identify specific voter demographics
and go amplify those divisive narratives
that they use so well in 2016.
When you'll recall, they grabbed on social divisions,
whether it was abortion or gun control
or something like that.
And they used it to go try to influence that election.
Right, the idea was that they were gonna inflame
existing partisan divisions in our country.
That's right, because that's far more effective
than trying to create something new.
Now for the Russians, it was pretty clear what their desired outcome was.
They are very pro-Trump.
The Iranians, as we've discussed, are very anti-Trump.
And then in the middle of this are the Chinese, who have been a lot more cautious.
The intelligence agencies doubt they're really planning to try to influence the
outcome here because they're really not sure which candidate they dislike the most. Trump obviously
blamed China for COVID, has threatened huge tariffs on their goods, but it was Joe Biden
who actually put export restrictions on the most high-end
chips that the Chinese need to develop a large language models for artificial intelligence.
So just to summarize, Russia, when it thinks about meddling in our election,
wants to do whatever it can to help Trump. Iran wants to do everything it can to hurt Trump, which we presume means they'd like to see Kamala Harris win.
And when it comes to China, we don't really know which side China has picked.
I'm curious when the US officials you talk to think about meddling in 2024,
what precise scenario they most fear from these three countries?
Well, it's a great question because there are different techniques and they fear them
for different reasons. So we've already talked about one of them, which is you fish into a
campaign, you get some embarrassing memos, you release them. Okay. So we're up on that.
Then there's the disinformation stuff.
You go and you create bots or fake news.
And then there's the third one,
which some US officials are most concerned about,
and frankly, it's the one that concerns me the most
about trying to tamper with the election itself.
On election day, to create doubts about whether this was truly a fairly
run vote.
What would election tampering from a foreign government look like?
Exactly.
Well, you know, we focused a lot in 2016 on the question of whether or not you could actually
play with the voting numbers and the election machines.
And what we learned is that that's really hard.
And it's hard because our system is so disparate, right?
Every state uses a different method.
Some places use paper ballots.
Some places use ballots where you mark something electronically, but there's a paper backup. Some use all paper ballots. Some places use ballots where you mark something
electronically, but there's a paper backup.
Some use all electronic systems and so forth.
And what we've discovered is that our system
is so discombobulated, unlike the Europeans
who basically have one system used throughout
an entire country, that it's actually hard to hack.
Okay, this is one of the rare moments.
Fascinating.
Where the differences among the states is actually a cyber safety device for us.
Right, too messy to interfere with.
That doesn't mean it's impossible, but what worries me the most is less the voting machines
than the state voter registration rolls.
And just to explain what you're referring to,
this is the, when you vote, long ream of names
and signatures that contain the identities
of everyone who wants to vote.
That's right, and usually in most places,
you have to register well ahead of election day,
or you have to have been living in a state
for a certain period of time.
So what worries me about the registration roles
is that in the past couple of years,
we have seen a huge explosion in ransomware, right?
This is the software that is used
to lock up an entire city.
You'll remember it happened to Baltimore.
It happened to Atlanta.
It's happened to many companies.
But it's not hard to imagine a ransomware attack
that was aimed at locking up a state's ability
to go sign up new voters.
And that then raises the question,
did something happen to the registration
during that hack or around it?
So that when you go to vote, Michael,
they look and say, well, this is very interesting
because you're voting in New York,
but our system shows you moved to Arizona
a few months ago, right?
Or we think you're double registered someplace.
And there is the possibility of creating just enough data
manipulation to make people question
the accuracy and quality of the voter registration rolls.
Got it.
So the nightmare scenario is that foreign country basically hacks into making this up,
but a swing district somewhere in Wisconsin takes over the voter rolls, manipulates those
voter rolls in the direction they want the election to go in that state. And we wouldn't
know what happened until they released the voter rolls, perhaps after a ransom is paid, and suddenly people show up to vote and they find out, uh-oh, I can't
because my name's been deleted, I've been moved to Idaho, and suddenly it's a real mess.
What you've described is the outside scenario where they lock things up and they manipulate
the data.
But, you know, they can do a lot of damage just by locking things up,
because it creates the fog about whether or not
they did do anything.
And if you're trying to manipulate the election,
you may have done as much damage
by creating the fear that data was altered
than by actually altering it.
And there's very little question
who would seize on that doubt.
It would be Donald Trump,
who with almost every campaign appearance
is throwing in the line that someone is trying
to go influence the election
to keep him from regaining office.
Sometimes he blames the Biden administration. Sometimes he blames the Biden administration.
Sometimes he blames the FBI.
Sometimes he blames CISA,
the group within the Department of Homeland Security
that oversees cybersecurity in the United States
that's providing election help
to states and towns and cities.
So Trump is seeding the clouds out here now
for the rainstorm that he might want to have happen if he lost the election.
Right, and as we've explained on the show, actually within the past week, he
hasn't just seeded the clouds, he has seeded local election boards with
people who anticipate that there might be interference and problems
and seem very ready to raise objections to certifying the results of this 2024 election.
That's exactly right.
And, you know, in that episode that you ran last week, what you discovered was that these election workers would have some vaguely
defined right to hold up the certification of the election if there were reasonable doubts
about the election outcome.
So the perfect storm that people who worry about this kind of thing could imagine coming is enough foreign interference to create
that doubt.
And then these presumably pro-Trump newly appointed election officials using that fog
of uncertainty to declare that they can't certify the results and have them reported to Congress.
Well, given that, David, it strikes me that even if a foreign country trying to interfere in our elections
were trying to help Kamala Harris, let's say Iran, that the doubts that they would raise through their hacking efforts,
their cyber attacks, would probably end up benefiting Trump more because
of the doubts he has seeded and the supporters he has gotten onto these local election boards.
You have to think that that's right. And of course, if he comes out ahead,
he's not going to mention that fog at all. David, it feels worth posing a devil's advocates question here at the end about our
fears of election interference, because you have raised a lot of very worrisome scenarios
in our conversation. But if we think back to 2016, we think back to 2020, I wonder if
our fears of interference were greater than the reality of what foreign countries were trying
to do, especially when it comes to actually tampering with results.
So is it possible that we have gotten a little too worried about all of this and the way
we talk to America?
And maybe we should take this down a notch or two.
2016 and 2020 give you very different answers
to that question.
In 2016, we knew before the election happened
that the Russians were trying to get into
the election rolls.
And it was only after the election
that we really understood the scope
of the information operations they were running.
In 2020, we were much better prepared, election that we really understood the scope of the information operations they were running.
In 2020, we were much better prepared.
And it turned out the Russians did relatively little in that election of note.
And we saw for the first time some awkward Iranian interventions.
So what's that tell you about 2024?
Well, the first thing it tells you is that,
yes, we can overhype the threat,
but as in all threats, the threat of nuclear war,
the threat of biological attack,
all the other parade of horribles
that you and I discuss at various moments,
you can overhype the concern, but that's probably
the only way to get attention focused on the possibilities and think about the preventatives.
In other words, the price of vigilance against election interference may be that we end up
feeding a narrative about election interference.
We don't mean to, but that may just be the cost of making sure we're prepared.
That's absolutely right. But let's remember here what we have at stake.
This is one of the most consequential elections in American history.
It comes after two election cycles in which we have worried about
foreign interference and one in which a large part of the population has denied that the election
turned out the way it really turned out. Because in just two and a half months, Michael, there's
going to be no more important question than whether or not this
election was fairly run. There's no more important single issue for retaining confidence in our
democracy and in our election system. And the two are so inextricably intertwined that we have to get this right.
[♪ music playing. V.O.]
Well, David, thank you very much.
Thank you.
[♪ music playing. V.O.]
We'll be right back.
Here's what else you need to know day.
On Monday, Democrats sued the Georgia State Election Board, arguing that its efforts to
alter the state's election certification process were illegal and could create chaos
on Election Day.
The board's actions give local election officials the authority to conduct investigations
into voting before certifying their results, a power that Democrats fear will lead to delays
and missed deadlines
in a key swing state.
And, prosecutors in France said they have arrested the founder of Telegram in connection
with an investigation into criminal activity on the popular messaging app.
The investigation, prosecutors say, includes complicity in the distribution of child pornography,
drug sales, money laundering, and the refusal by telegrams leaders to cooperate with law
enforcement.
If you want more news, and I suspect you do, check out our other daily news show.
It's called The Headlines.
It brings you the day's top stories, along with
analysis from Times reporters, all in about 10 minutes or less. And you can subscribe to it
wherever you get your podcasts. Today's episode was produced by Claire Tennis-Sketter and Michael
Simon-Johnson with help from Shannon Lin. It was edited by Lexi Diao and Michael Benoit,
contains original music by Marion Lozano,
Pat McCusker and Dan Powell, and was engineered by Chris Wood.
Our theme music is by Jim Brunberg and Ben Landsberg of Wonderly. That's it for the daily.
I'm Michael Bobarro.
See you tomorrow.