Iranian Hackers Interfere in U.S. Election, Leak Stolen Trump Data

After initially failing to pique the interest of mainstream media, some materials released by an Iranian hacker group accused of intercepting emails from US Republican presidential candidate Trump (Trump) finally surfaced.

In recent weeks, these hackers began extensively selling Trump’s emails to a Democratic political operative, who then published a large amount of material on their political action committee’s website, “American Muckrakers,” and sent it to independent journalists, at least one of whom published the materials on the writing platform Substack.

The latest materials released reveal that Trump’s campaign team had communicated with external advisors and other allies to discuss a series of topics before the 2024 election.

Reuters tracked the hacker activity, offering insight into the workings of election interference operations. These interference actions indicate that despite the US Department of Justice’s indictment in September of these leakers working for Tehran and using false identities, Iran remains determined to interfere in US elections.

According to the Justice Department’s indictment, a hacker group associated with the Iranian government – known as “Mint Sandstorm” or APT42 – stole passwords from multiple Trump campaign staff members between May and June. The Department of Homeland Security warned in a report earlier this month that these hackers continue to target campaign staff. If convicted, these hackers could face imprisonment and fines.

The indictment states that the leakers are three Iranian hackers who cooperated with the Iranian “Basij” semi-military force, whose volunteers assist the Iranian regime in enforcing its mandates and exerting influence.

Attempts to reach the hackers listed in the indictment via email and text by Reuters went unanswered.

In conversations with Reuters, these leakers – collectively using the pseudonym “Robert” – did not directly respond to the accusations by the US Justice Department. One of them said, “Do you really expect me to answer?”

According to emails sent by the FBI to reporters and reviewed by Reuters, “Robert” is the alias mentioned in the Justice Department’s indictment.

The Iranian UN mission stated in a statement that reports of Iran’s involvement in invading the US election system are “unfounded and completely unacceptable,” adding that Iran “categorically denies such accusations.”

Currently, the FBI is investigating Iranian hacking activities in both sides’ election campaigns this year but declined to comment.

David Wheeler, the founder of “American Muckrakers,” stated that the documents he shared are genuine and serve the public interest. His goal is to “expose how Trump’s campaign team has tried to win at all costs,” providing factual information to the public, but he refused to discuss the materials’ source.

Trump’s campaign team earlier this month stated that Iran’s hacking actions “aim to disrupt the 2024 election and sow chaos in our democratic process,” adding that any journalist reposting stolen documents “is serving America’s enemies.”

The leak operation by the hackers began around July, as revealed by two insiders. At that time, an anonymous email account “noswamp@aol.com” started contacting journalists from several media outlets, using the alias “Robert.” They initially contacted Politico, The Washington Post, and The New York Times, promising to provide internal information about Trump’s campaign activities.

In early September, the accused Iranian hackers used a second email address, “bobibobi.007@aol.com,” to send out a new round of public invitations to Reuters and at least two other news outlets.

At that time, they provided information compiled by the Trump campaign team on Republican politicians JD Vance, Marco Rubio, and Doug Burgum, who were considered running mates. One source familiar with the Trump campaign team told Reuters that the information was authentic. None of the mentioned outlets based reports on this information.

A spokesperson for The New York Times, Danielle Rhoades Ha, said the publication would put out an article based on the hacked material only if they found newsworthy information in it that could be verified.

The Washington Post quoted their executive editor Matt Murray in an email statement to Reuters, indicating that the incident reflects that news organizations “are not surprised by any hacker attacks.”

A spokesperson for Politico stated that the source of these documents is more newsworthy than the leaked materials themselves.

A spokesperson for Reuters mentioned that they didn’t publish the materials because they believed they lacked newsworthiness.

Two AOL email accounts confirmed by Reuters had been offline as of September. Before the Justice Department’s indictment, Yahoo had collaborated with the FBI to track these accounts to determine their connection to the Iranian hacker group. Yahoo did not respond to Reuters’ request for comment.

Before losing access to email, “Robert” suggested reporters might need an alternative contact method and provided a phone number via the encrypted messaging app Signal. Signal is known for being less susceptible to law enforcement monitoring, and Signal Company did not respond to Reuters’ request for comment.

Some senior US intelligence and law enforcement officials stated that Iran’s primary goal in interfering in this election cycle is to discredit Trump because Iran holds him responsible for the 2020 US drone strike that killed Iranian military leader Qassem Soleimani.

As of now, the leaked information has not seemingly altered the public dynamics of Trump’s campaign activities.

On September 26, the “American Muckrakers” based in North Carolina began releasing internal emails from Trump’s campaign team leaked by hackers. The political action committee was founded in 2021 and has been delighting in negative materials about well-known Republicans. According to publicly disclosed reports, the organization is funded by individual small-dollar donors from across the US.

The “American Muckrakers” website claims the information comes from “a messaging source” and openly requested “Robert” to contact them before releasing the materials last month. The organization posted on X, saying, “Hacker Robert, why do you continue to send Trump’s information to corporate media? Send it to us, and we will publish it.”

When asked if his source was the so-called Iranian “Robert,” Wheeler said, “It’s confidential,” and he “cannot confirm the source’s location.” He also refused to comment on the FBI warning him if the communications were a product of foreign influence operations.

For example, on October 4, “American Muckrakers” released materials claiming to show an unclear financial arrangement between Robert F. Kennedy Jr.’s lawyer and Trump’s lawyer. Kennedy’s lawyer Scott Street stated in an email to Reuters that he could not discuss the matter. Reuters verified the authenticity of the materials.

Following this, “American Muckrakers” published documents provided by “Robert” concerning two high-profile campaigns, including supposed campaign communications regarding North Carolina Republican gubernatorial candidate Mark Robinson and Florida Republican representative Anna Paulina Luna, both backed by Trump.

Regarding Robinson, the exchange involved Republican consultant W. Kirk Bell seeking guidance from the Trump camp after a scandal involving Robinson’s remarks on a pornographic forum, which Robinson had denied previously. Another message came from a Republican consultant revealing personal information about Luna to the Trump campaign team.

Robinson and Luna’s campaign teams did not respond to Reuters’ requests for comment.

Among the few reporters contacted by “Robert,” only independent national security journalist Ken Klippenstein published the material. At the end of last month, he released Trump’s campaign team’s vice-presidential research document on Substack. “Robert” confirmed to Reuters that they handed over the materials to Klippenstein.

Substack did not respond to Reuters about their policies regarding handling data from hacking incidents.

After the report was published, Klippenstein stated that FBI agents contacted him about his communications with “Robert,” warning that they were part of “foreign malicious influence operations.” Klippenstein said in an article that the information had news value, choosing to release it because he believed the news media should not be “gatekeepers of information the public should know.”

Reuters also received a similar notice from the FBI, but a spokesperson for Reuters stated, “We cannot comment on interactions with law enforcement (if any) on our end.”

An FBI spokesperson declined to comment on their media notification work.

Wheeler stated that he would release new leaked files “soon” as long as the documents are “true and relevant,” continuing to release similar files.

(This article is based on reports by Reuters)