The Daily - The First Major Cyberattack of the 2024 Election

Episode Date: August 27, 2024

The U.S. authorities have repeatedly warned that foreign governments would seek to meddle in the upcoming presidential election. It now appears they were right.David E. Sanger, a White House and natio...nal security correspondent for The New York Times, tells the story of the first major cyberattack of the 2024 campaign.Guest: David E. Sanger, a White House and national security correspondent for The New York Times.Background reading: The hacking of presidential campaigns has started, with the usual fog of motives.The finding that Iran had breached the campaign of former President Donald J. Trump was widely expected.For more information on today’s episode, visit nytimes.com/thedaily. Transcripts of each episode will be made available by the next workday.

Transcript
Discussion (0)
Starting point is 00:00:00 From the New York Times, I'm Michael Bobarro. This is The Daily. Today, U.S. authorities have repeatedly warned that foreign governments would seek to meddle in this year's presidential race. It now appears that they were right. My colleague, White House and National Security Correspondent David Sanger, brings us the story of the first major cyberattack of the 2024 campaign. It's Tuesday, August 27th. David, a few weeks ago, just after the Republican National Convention, when the presidential race is entering its most intensive phase, the Trump campaign comes out and it says,
Starting point is 00:01:04 we have been hacked. And it doesn't get a ton of attention at the time, but you have been trying to understand what actually happened. So tell us what you have learned. It started the Friday before President Trump and his campaign made that announcement. A major warning from Microsoft about foreign interference
Starting point is 00:01:26 in the upcoming U.S. presidential election. There was a report that came out from Microsoft. And Microsoft, of course, has an incredible view across the internet because people are using so many different Microsoft products. So they're usually among the first to see hacker activity. Microsoft outlining what it says was an Iranian cyber attack
Starting point is 00:01:51 on an active presidential campaign. And so before Trump made his statement, they released a report that declared that there was a hacking group run by Iran. Iran sent fake emails from a compromised email account of a former senior advisor. And then it had successfully breached the account of what they called a former senior advisor to a presidential campaign. Very tantalizing, but also very mysterious.
Starting point is 00:02:21 Exactly, Michael. mysterious. Exactly, Michael. Over the weekend, former President Donald Trump said his campaign was hacked and he blamed Iran. And then the next day, President Trump came out and his campaign and said that they had been informed by Microsoft several weeks before that they had in fact been hacked. Unsurprisingly, Iran is now trying to tilt the election in Kamala's favor very strongly. They're trying to, they're openly fighting for it. But Mr. Trump in his usual way kind of fogged it up by saying, don't worry, they didn't
Starting point is 00:03:00 get anything you couldn't get from our website. You know, it wasn't terribly important, but he wanted to make the point that a foreign intelligence operation was trying to interfere in his campaign. Got it. And between these twin announcements, the first from Microsoft, the second from the Trump campaign, what do you end up learning has actually occurred here? Well, this was a strange enough set of events that a group of us all began to dig in. I talked to Microsoft investigators and they described in a little more detail what they had learned.
Starting point is 00:03:39 Then we also talked to federal investigators because we had every reason to believe that the FBI was on to this as well. And from our sources, we learned Iran also targeted the Biden Harris campaign. The bigger surprise, Michael, would have been if they hadn't. But we don't know if it had any real effects. And then my colleagues Maggie Haberman and Adam Goldman and Glenn Thrush began to dig around with the campaigns. And they spoke to Roger Stone, who you'll remember was a long time and very close advisor to former President Trump. He was deeply involved in the effort to alter the results of the 2020 election.
Starting point is 00:04:21 But it turns out that he had received a warning, also from Microsoft and from federal investigators, that both his Hotmail and Gmail accounts had been compromised. So piecing that all together, it appears that here's what happened. The Iranians ran what's called a spearfishing campaign on Roger Stone, got him to answer an email and basically give them access to his email accounts. And then they leveraged that to send out emails that appeared to come from Stone, right, a trusted old friend of the Trump campaign, to senior members of the current campaign. And so it was a pretty sophisticated, socially engineered hack by the Iranians to gain access
Starting point is 00:05:15 to the Trump campaign by pretending to be Roger Stone. David, I want to get to whether or not this fishing expedition got Iran anything that it was looking for. But let's start with Iran's motivation for trying to get inside the Trump campaign in the first place. Why try to hack this campaign? Well, the key to this, Michael, was the fact that Microsoft left no doubt about who they thought this was. It wasn't some mysterious organization out there someplace.
Starting point is 00:05:53 It was the military, the Islamic Revolutionary Guard Corps, the IRGC, which is the most elite part of the Iranian military, and historically, some of their most successful and aggressive group of hackers. They've got a lot of motivations to try to derail a Trump presidency. It's not simply that Trump is anti-Iran. He's the one who killed off the 2015 Iran nuclear deal and reimposed sanctions on the country just when they thought they had reached an agreement with the United States that basically
Starting point is 00:06:33 traded progress in their nuclear program for re-entering the world economy. Not only that, he was singularly responsible for the death of Qasem Soleimani, who was a revered general, rose through the IRGC ranks, ultimately ran the Quds Force, which is one of their most powerful units, and he was killed in January of 2020. Right. And Trump personally, as I remember it, authorized his assassination. That's exactly right. I want to ask you, when it comes to this hack, do we know what Iran actually obtained from this attempted hacking effort?
Starting point is 00:07:17 Well, it's a complicated question, Michael, because we don't know whether the senior members of Trump's campaign fell for the same phishing attempt that Roger Stone fell for. And we don't know whether or not the Iranians, as a result, were able to get inside the campaign's systems and networks. What we do know is that around the same time that the Trump campaign announced this hack, a number of news organizations, including the Times, reported that they had received some documents, largely
Starting point is 00:07:53 vetting documents that would be used to go assess potential candidates for vice president, who were about 200 pages or so. And they appear to be internal from the Trump campaign. So people jump to the conclusion that it must have come from the Iranian hack. I mean, that would be a very logical conclusion. And I think for most of us who've covered politics over the past decade, that was the moment where we said to ourselves, uh-oh, this is 2016 all over again. A foreign government with a stake in the election, stealing emails from a campaign to try to embarrass a candidate and prevent that candidate from becoming president. In 2016, it was when Russia stole emails from Hillary Clinton, gave them to reporters. And now this time around, it appeared Iran was doing the same thing, trying
Starting point is 00:08:45 to steal emails from the Trump campaign to embarrass him by giving those emails to reporters. Michael, that's exactly what everyone thought was happening initially. But I've covered cyber issues long enough to know that it's really easy to leap to a conclusion that a certain set of documents came from a certain hack. And I've been wrong plenty of times before. And the more we looked at these, we just weren't sure. Because the nature of the documents,
Starting point is 00:09:18 which were not immensely revealing, could have come from the Iranian hack, but you'd expect that they'd have a lot more if they had free range inside the Trump campaign. Instead, they could just as easily have come from a disgruntled insider. They weren't particularly confidential. Most of these 200 pages were filled up with statements that were excerpts of lines that Vance had used about how much he disliked or distrusted Trump in the past.
Starting point is 00:09:50 Frankly there was nothing there that couldn't have been assembled by a bright college intern who spent a day making their way through Google to just try to put together a dossier of nasty public things Vance had already said. Understood. You're saying that the 2016 analogy isn't really a good one. But I think we should explain that for just a moment because I think a lot of people who learned about this Iranian hack wondered, why aren't we seeing news outlets publishing stories based on what they presumed Iran had stolen and that our journalists had
Starting point is 00:10:26 in their possession that might embarrass Trump and why weren't they publishing these emails in the same way that they had when Russia stole embarrassing emails about Hillary Clinton and I hear you saying that we aren't sitting on embarrassing emails from the Trump campaign if anything we're sitting on publicly available information that, as you said, a bright young intern could find from Google searches about JD Vance and that we don't even know where these emails came from, who took them, which is why the New York Times, among other news agencies, hasn't really published any of this
Starting point is 00:11:00 so far. Yeah, that's exactly right. And I mean, it's not my call, that's for senior editors of the paper. And there was certainly a live discussion of the question, but it was very different from what we saw in 2016, which were clearly emails from inside a campaign. Right. Some of them came from John Podesta's account,
Starting point is 00:11:23 a senior campaign official. Those emails gave you a sense of the internal dissonance within Clinton's campaign. It was an email, for instance, in which Podesta and his aides criticized Clinton for what they thought were her terrible instincts as a candidate. We learned about the contents of paid speeches that Clinton had given that became the subject of controversy in the campaign because she had declined to publicly release them. And while the publication of these emails
Starting point is 00:11:54 has always upset some of Hillary Clinton's supporters, the journalistic explanation was that they revealed things we previously didn't know. Now, the documents we got this month, ostensibly from inside the Trump campaign, they fundamentally didn't have any news in them. Now Michael, it's also possible we're just at the beginning of this and that at some point we'll see more documents and maybe they'll be revealing of what's happening inside the Trump campaign. But
Starting point is 00:12:24 we'd have to have a pretty active journalistic discussion at that time about whether any new documents were newsworthy. And of course, there's always the question of whether you're doing the bidding of a foreign government by publishing them. So that conversation aside for just a moment, it very much feels like Iran's attempted hack
Starting point is 00:12:44 of the Trump campaign is our first real warning that this election 2024 is going to be another election in which foreign governments try to put their finger on the scale, try to influence the course of and the outcome of our presidential election. You know, four years is a lifetime in the technological advancement of hacking techniques, of the sophistication of information operations. And now, of course, we have a whole new factor, far more sophisticated artificial intelligence tools that can be used to fool voters and so forth. that can be used to fool voters and so forth. And of course, the number of countries that are interested in influencing the US election is growing
Starting point is 00:13:32 and they've got capabilities of their own to interfere. And so when you add all of this together and you compress the problem into a pretty short cycle until election day, it could be a more potent threat to interfere in the election process than we've seen in past years. We'll be right back. David, let's talk about these threats to the 2024 election that you just raised, this growing cast of players that are a threat to our system, and what they might do to influence this election?
Starting point is 00:14:28 Well, Michael, the primary actors that the U.S. intelligence community is concerned about is the old set of actors. It's Russia, it's China, and it's obviously Iran Iran as we've been discussing. So in early July, ahead of all of this news about the Trump campaign and Roger Stone and Microsoft and all that, the US intelligence community issued a public alert and said, here's what they're worried about.
Starting point is 00:15:04 Obviously their first and biggest concern was Russia. And they were saying that they were beginning to see the Russians identify specific voter demographics and go amplify those divisive narratives that they use so well in 2016. When you'll recall, they grabbed on social divisions, whether it was abortion or gun control or something like that.
Starting point is 00:15:30 And they used it to go try to influence that election. Right, the idea was that they were gonna inflame existing partisan divisions in our country. That's right, because that's far more effective than trying to create something new. Now for the Russians, it was pretty clear what their desired outcome was. They are very pro-Trump. The Iranians, as we've discussed, are very anti-Trump.
Starting point is 00:15:56 And then in the middle of this are the Chinese, who have been a lot more cautious. The intelligence agencies doubt they're really planning to try to influence the outcome here because they're really not sure which candidate they dislike the most. Trump obviously blamed China for COVID, has threatened huge tariffs on their goods, but it was Joe Biden who actually put export restrictions on the most high-end chips that the Chinese need to develop a large language models for artificial intelligence. So just to summarize, Russia, when it thinks about meddling in our election, wants to do whatever it can to help Trump. Iran wants to do everything it can to hurt Trump, which we presume means they'd like to see Kamala Harris win.
Starting point is 00:16:47 And when it comes to China, we don't really know which side China has picked. I'm curious when the US officials you talk to think about meddling in 2024, what precise scenario they most fear from these three countries? Well, it's a great question because there are different techniques and they fear them for different reasons. So we've already talked about one of them, which is you fish into a campaign, you get some embarrassing memos, you release them. Okay. So we're up on that. Then there's the disinformation stuff. You go and you create bots or fake news.
Starting point is 00:17:29 And then there's the third one, which some US officials are most concerned about, and frankly, it's the one that concerns me the most about trying to tamper with the election itself. On election day, to create doubts about whether this was truly a fairly run vote. What would election tampering from a foreign government look like? Exactly.
Starting point is 00:17:56 Well, you know, we focused a lot in 2016 on the question of whether or not you could actually play with the voting numbers and the election machines. And what we learned is that that's really hard. And it's hard because our system is so disparate, right? Every state uses a different method. Some places use paper ballots. Some places use ballots where you mark something electronically, but there's a paper backup. Some use all paper ballots. Some places use ballots where you mark something electronically, but there's a paper backup.
Starting point is 00:18:28 Some use all electronic systems and so forth. And what we've discovered is that our system is so discombobulated, unlike the Europeans who basically have one system used throughout an entire country, that it's actually hard to hack. Okay, this is one of the rare moments. Fascinating. Where the differences among the states is actually a cyber safety device for us.
Starting point is 00:18:52 Right, too messy to interfere with. That doesn't mean it's impossible, but what worries me the most is less the voting machines than the state voter registration rolls. And just to explain what you're referring to, this is the, when you vote, long ream of names and signatures that contain the identities of everyone who wants to vote. That's right, and usually in most places,
Starting point is 00:19:20 you have to register well ahead of election day, or you have to have been living in a state for a certain period of time. So what worries me about the registration roles is that in the past couple of years, we have seen a huge explosion in ransomware, right? This is the software that is used to lock up an entire city.
Starting point is 00:19:44 You'll remember it happened to Baltimore. It happened to Atlanta. It's happened to many companies. But it's not hard to imagine a ransomware attack that was aimed at locking up a state's ability to go sign up new voters. And that then raises the question, did something happen to the registration
Starting point is 00:20:09 during that hack or around it? So that when you go to vote, Michael, they look and say, well, this is very interesting because you're voting in New York, but our system shows you moved to Arizona a few months ago, right? Or we think you're double registered someplace. And there is the possibility of creating just enough data
Starting point is 00:20:32 manipulation to make people question the accuracy and quality of the voter registration rolls. Got it. So the nightmare scenario is that foreign country basically hacks into making this up, but a swing district somewhere in Wisconsin takes over the voter rolls, manipulates those voter rolls in the direction they want the election to go in that state. And we wouldn't know what happened until they released the voter rolls, perhaps after a ransom is paid, and suddenly people show up to vote and they find out, uh-oh, I can't because my name's been deleted, I've been moved to Idaho, and suddenly it's a real mess.
Starting point is 00:21:16 What you've described is the outside scenario where they lock things up and they manipulate the data. But, you know, they can do a lot of damage just by locking things up, because it creates the fog about whether or not they did do anything. And if you're trying to manipulate the election, you may have done as much damage by creating the fear that data was altered
Starting point is 00:21:41 than by actually altering it. And there's very little question who would seize on that doubt. It would be Donald Trump, who with almost every campaign appearance is throwing in the line that someone is trying to go influence the election to keep him from regaining office.
Starting point is 00:22:03 Sometimes he blames the Biden administration. Sometimes he blames the Biden administration. Sometimes he blames the FBI. Sometimes he blames CISA, the group within the Department of Homeland Security that oversees cybersecurity in the United States that's providing election help to states and towns and cities. So Trump is seeding the clouds out here now
Starting point is 00:22:26 for the rainstorm that he might want to have happen if he lost the election. Right, and as we've explained on the show, actually within the past week, he hasn't just seeded the clouds, he has seeded local election boards with people who anticipate that there might be interference and problems and seem very ready to raise objections to certifying the results of this 2024 election. That's exactly right. And, you know, in that episode that you ran last week, what you discovered was that these election workers would have some vaguely defined right to hold up the certification of the election if there were reasonable doubts
Starting point is 00:23:14 about the election outcome. So the perfect storm that people who worry about this kind of thing could imagine coming is enough foreign interference to create that doubt. And then these presumably pro-Trump newly appointed election officials using that fog of uncertainty to declare that they can't certify the results and have them reported to Congress. Well, given that, David, it strikes me that even if a foreign country trying to interfere in our elections were trying to help Kamala Harris, let's say Iran, that the doubts that they would raise through their hacking efforts, their cyber attacks, would probably end up benefiting Trump more because
Starting point is 00:24:05 of the doubts he has seeded and the supporters he has gotten onto these local election boards. You have to think that that's right. And of course, if he comes out ahead, he's not going to mention that fog at all. David, it feels worth posing a devil's advocates question here at the end about our fears of election interference, because you have raised a lot of very worrisome scenarios in our conversation. But if we think back to 2016, we think back to 2020, I wonder if our fears of interference were greater than the reality of what foreign countries were trying to do, especially when it comes to actually tampering with results. So is it possible that we have gotten a little too worried about all of this and the way
Starting point is 00:24:57 we talk to America? And maybe we should take this down a notch or two. 2016 and 2020 give you very different answers to that question. In 2016, we knew before the election happened that the Russians were trying to get into the election rolls. And it was only after the election
Starting point is 00:25:20 that we really understood the scope of the information operations they were running. In 2020, we were much better prepared, election that we really understood the scope of the information operations they were running. In 2020, we were much better prepared. And it turned out the Russians did relatively little in that election of note. And we saw for the first time some awkward Iranian interventions. So what's that tell you about 2024? Well, the first thing it tells you is that,
Starting point is 00:25:48 yes, we can overhype the threat, but as in all threats, the threat of nuclear war, the threat of biological attack, all the other parade of horribles that you and I discuss at various moments, you can overhype the concern, but that's probably the only way to get attention focused on the possibilities and think about the preventatives. In other words, the price of vigilance against election interference may be that we end up
Starting point is 00:26:21 feeding a narrative about election interference. We don't mean to, but that may just be the cost of making sure we're prepared. That's absolutely right. But let's remember here what we have at stake. This is one of the most consequential elections in American history. It comes after two election cycles in which we have worried about foreign interference and one in which a large part of the population has denied that the election turned out the way it really turned out. Because in just two and a half months, Michael, there's going to be no more important question than whether or not this
Starting point is 00:27:06 election was fairly run. There's no more important single issue for retaining confidence in our democracy and in our election system. And the two are so inextricably intertwined that we have to get this right. [♪ music playing. V.O.] Well, David, thank you very much. Thank you. [♪ music playing. V.O.] We'll be right back. Here's what else you need to know day.
Starting point is 00:28:01 On Monday, Democrats sued the Georgia State Election Board, arguing that its efforts to alter the state's election certification process were illegal and could create chaos on Election Day. The board's actions give local election officials the authority to conduct investigations into voting before certifying their results, a power that Democrats fear will lead to delays and missed deadlines in a key swing state. And, prosecutors in France said they have arrested the founder of Telegram in connection
Starting point is 00:28:35 with an investigation into criminal activity on the popular messaging app. The investigation, prosecutors say, includes complicity in the distribution of child pornography, drug sales, money laundering, and the refusal by telegrams leaders to cooperate with law enforcement. If you want more news, and I suspect you do, check out our other daily news show. It's called The Headlines. It brings you the day's top stories, along with analysis from Times reporters, all in about 10 minutes or less. And you can subscribe to it
Starting point is 00:29:10 wherever you get your podcasts. Today's episode was produced by Claire Tennis-Sketter and Michael Simon-Johnson with help from Shannon Lin. It was edited by Lexi Diao and Michael Benoit, contains original music by Marion Lozano, Pat McCusker and Dan Powell, and was engineered by Chris Wood. Our theme music is by Jim Brunberg and Ben Landsberg of Wonderly. That's it for the daily. I'm Michael Bobarro. See you tomorrow.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.