An Iranian hacking group accused of intercepting emails from Donald Trump's presidential campaign has recently succeeded in disseminating the stolen material after initial attempts to attract media attention failed. The hackers have shared the emails with a Democratic political operative, who subsequently published them through the political action committee American Muckrakers and with independent journalists, one of whom posted them on the writing platform Substack. The leaked content reveals Trump campaign communications with external advisers and allies, covering various topics in the lead-up to the 2024 election.
This operation sheds light on ongoing election interference efforts, showcasing Iran's determination to meddle in U.S. elections, even after a September indictment from the U.S. Justice Department linked the hackers to Tehran and accused them of using false identities.
The indictment claims that the Iranian hacking group, known as Mint Sandstorm or APT42, gained access to multiple Trump campaign staffers' accounts by stealing their passwords between May and June. A recent advisory from the Department of Homeland Security warned that these hackers continue to target campaign personnel, with potential consequences including prison time and fines if convicted.
Iran's mission to the United Nations denied the allegations, labeling reports of hacking against U.S. elections as "fundamentally unfounded." The FBI, currently investigating Iran's hacking activities concerning both presidential campaigns, declined to comment.
David Wheeler, the founder of American Muckrakers, stated that the documents shared were authentic and serve the public interest. He aims to "expose how desperate the Trump campaign is to try to win" while providing factual information. He did not discuss the origins of the material.
In response to the hacking operation, the Trump campaign stated that Iran's actions were intended to disrupt the 2024 election and undermine democracy, asserting that any journalists reprinting the stolen documents were acting against U.S. interests. This stance contrasts with Trump's 2016 remarks, where he encouraged Russia to hack into Hillary Clinton's emails.
The hacking operation reportedly began in July, when an anonymous email account, noswamp@aol.com, initiated contact with reporters from various media outlets under the "Robert" alias. They promised damaging internal information about the Trump campaign, reaching out to Politico, the Washington Post, and the New York Times.
In early September, the hackers resumed contact using a different email address, offering insights compiled by the Trump campaign on potential vice presidential candidates, including JD Vance, Marco Rubio, and Doug Burgum. However, major news outlets like the Times and the Post opted not to publish stories based on the reports.
Both AOL email accounts linked to the hackers were taken offline in September, with Yahoo working alongside the FBI to trace them back to the Iranian group. Before losing access, "Robert" suggested an alternate contact method through the encrypted messaging app Signal, which is harder for law enforcement to monitor.
U.S. intelligence and law enforcement officials believe that Iran's interference efforts this election cycle focus on discrediting Trump, whom they hold accountable for the 2020 assassination of Iranian general Qassem Soleimani. Despite the leaks, they have not significantly altered the public's perception of the Trump campaign.
On September 26, American Muckrakers began releasing internal Trump campaign emails. This PAC has been active since 2021, known for publicizing unflattering information about prominent Republicans. The organization claims to be funded by small-dollar donations from across the country.
American Muckrakers stated that the leaks originated from "a source," and publicly encouraged "Robert" to share information directly with them instead of mainstream media. They expressed frustration on social media, questioning why the hacker continued to distribute information to corporate media outlets.
Muckrakers later published documents regarding two prominent campaigns, including alleged communications about North Carolina Republican gubernatorial candidate Mark Robinson and Florida Republican representative Anna Paulina Luna. Both candidates did not respond to requests for comments.
Independent journalist Ken Klippenstein, one of the few who published material from "Robert," shared the vice presidential research documents on Substack. Following his publication, the FBI contacted him, warning that his communications were part of a "foreign malign influence operation." Klippenstein defended his decision, stating that the public should not be denied access to important information.
This evolving situation highlights ongoing tensions surrounding election interference and the implications of cybersecurity in the political arena.