By Christopher Bing, Raphael Satter and Gram Slattery
WASHINGTON (Reuters) – The accused Iranian hacking group who intercepted Republican U.S. presidential candidate Donald Trump’s marketing campaign emails have lastly discovered some success in getting their stolen materials revealed after initially failing to curiosity the mainstream media.
In latest weeks, the hackers started peddling Trump emails extra extensively to at least one Democratic political operative, who has posted a trove of fabric to the web site of his political motion committee, American Muckrakers, and to impartial journalists, at the least one in every of whom posted them on the writing platform Substack. The newest materials reveals Trump marketing campaign communications with exterior advisers and different allies, discussing a variety of matters main as much as the 2024 election.
The hackers’ actions tracked by Reuters present a uncommon glimpse into the operations of an election interference effort. In addition they show Iran stays decided to meddle in elections regardless of a September U.S. Justice Division indictment accusing the leakers of working for Tehran and utilizing a pretend persona.
The indictment alleged that an Iranian-government linked hacking group, often called Mint Sandstorm or APT42, compromised a number of Trump marketing campaign staffers between Might and June by stealing their passwords. In a Homeland Safety advisory revealed earlier this month, the company warned that the hackers proceed to focus on marketing campaign workers. If discovered responsible, they face jail time and fines.
The Division of Justice indictment stated the leakers had been three Iranian hackers working with Iran’s Basij paramilitary power whose voluntary members assist the regime to implement its strict guidelines and to challenge affect. Makes an attempt to achieve the hackers recognized by title within the indictment by way of e-mail and textual content message had been unsuccessful.
In conversations with Reuters, the leakers – who collectively use the pretend persona “Robert” – didn’t instantly tackle the U.S. allegations, with one saying “Do you really expect me to answer?!”
“Robert” is similar pretend persona referred to within the U.S. indictment, in keeping with FBI emails despatched to journalists and reviewed by Reuters.
Iran’s mission to the United Nations stated in a press release that reviews of the nation’s involvement in hacking towards the U.S. election had been “fundamentally unfounded, and wholly inadmissible,” including that it “categorically repudiates such accusations.” The FBI, which is investigating Iran’s hacking exercise towards each presidential campaigns on this election, declined to remark.
David Wheeler, the founding father of American Muckrakers, stated the paperwork he shared had been genuine and within the public curiosity. Wheeler stated his objective was to “expose how determined the Trump marketing campaign is to attempt to win” and to provide the public with factual information. He declined to discuss the material’s origin.
Without making any specific references, the Trump campaign said earlier this month that Iran’s hacking operation was “intended to interfere with the 2024 election and sow chaos throughout our democratic process,” adding any journalists reprinting the stolen documents “are doing the bidding of America’s enemies.”
In 2016, Trump took a different position when he encouraged Russia to hack into Hillary Clinton’s emails and provide them to the press.
LEAK OPERATION
The leak operation started around July when an anonymous email account, noswamp@aol.com, began communicating with reporters at several media outlets, using the Robert moniker, according to two people familiar with the matter. They initially contacted Politico, the Washington Post and the New York Times, promising damning internal information about the Trump campaign.
In early September, the accused Iranian hackers used a second email address, bobibobi.007@aol.com, in a fresh round of overtures, including to Reuters and at least two other news outlets, the two people familiar with the matter, said.
At the time, they offered research compiled with public information by the Trump campaign into Republican politicians JD (NASDAQ:) Vance, Marco Rubio and Doug Burgum, all of whom were under consideration as Trump’s running mate.
The vice presidential reports were authentic, a person familiar with the Trump campaign told Reuters. Neither Politico, the Washington Post, the New York Times, nor Reuters published stories based on the reports.
New York Times spokesperson Danielle Rhoades Ha, said the newspaper only published articles based on hacked material “if we find newsworthy information in the materials and can verify them.”
In an email, the Washington Post referred Reuters to past comments made by its executive editor, Matt Murray, who said the episode reflected the fact that news organizations “aren’t going to snap at any hack” provided to them. A spokesperson for Politico said the origin of the documents was more newsworthy than the leaked material. Reuters did not publish this material because the news agency did not believe it was newsworthy, a spokesperson said.
Both AOL email accounts identified by Reuters were taken offline in September by its owner Yahoo, which worked with the FBI before the indictment to trace them to the Iranian hacker group, according to two people familiar with the investigation. Yahoo did not respond to a request for comment.
Before losing email access, Robert suggested reporters might need an alternate contact and offered a telephone number on the encrypted chat application Signal. Signal, which is more difficult to monitor by law enforcement, did not return messages seeking comment.
Some senior U.S. intelligence and law enforcement officials have said that Iran’s interference efforts this election cycle are focused on denigrating Trump as they hold him responsible for the 2020 American drone assassination of former Iranian military general Qassem Soleimani.
Thus far, the already-published leaks do not appear to have changed the public dynamics of the Trump campaign.
MUCKRAKERS
On Sept. 26, North Carolina-based American Muckrakers, began publishing internal Trump campaign emails. Active since 2021, the PAC has a history of publicizing unflattering material about high-profile Republicans. According to public disclosure reports, it is funded through individual, small-dollar donors from around the country.
On its website, American Muckrakers said the leaks came from “a source,” but, ahead of the publication last month, the group publicly asked Robert to get in touch. “HACKER ROBERT, WHY THE F DO YOU KEEP SENDING THE TRUMP INFORMATION TO CORPORATE MEDIA?” the group said in a post to X. “Send it to us and we’ll get it out.”
When asked whether his source was the alleged Iranian persona Robert, Wheeler said “that is confidential” and that he had “no confirmation of the source’s location.” He also declined to comment on whether the FBI had warned him that the communication was the product of a foreign influence operation.
In one example, Muckrakers published material on Oct. 4th purporting to show an unspecified financial arrangement with lawyers representing former Presidential candidate Robert F. Kennedy Jr. and Trump. RFK Jr. attorney Scott Street, said in an email to Reuters he could not speak publicly about the incident. Reuters confirmed the authenticity of the material.
Muckrakers subsequently published documents from Robert about two high-profile races. It included alleged campaign communication about North Carolina Republican gubernatorial candidate Mark Robinson and Florida Republican representative Anna Paulina Luna, both of whom were endorsed by Trump.
The exchange about Robinson concerned an attempt by Republican adviser W. Kirk Bell, to seek guidance from the Trump camp after the scandal over comments attributed to Robinson on a pornographic forum. Robinson has previously denied the comments. The other message came from a Republican adviser sharing information with the campaign about Luna’s personal life.
Robinson and Luna’s campaigns did not return messages seeking comment.
One of the few journalists contacted by Robert who did publish material was independent national security reporter Ken Klippenstein, who posted the vice presidential research documents to Substack late last month. Robert confirmed to Reuters that they gave the material to Klippenstein.
Substack did not respond to a question about its policies concerning hacked material.
After the story, Klippenstein said FBI agents contacted him over his communication with Robert, warning that they were part of a “foreign malign influence operation.” In a post, Klippenstein said the material was newsworthy and he chose to publish it because he believed the news media should not be a “gatekeeper of what the general public ought to know.”
A spokesperson for Reuters, which acquired comparable notifications from the FBI, stated, “We cannot comment on our interactions, if any, with law enforcement.” An FBI spokesperson declined to touch upon its media notification effort.
Wheeler stated he had new leaks in retailer “soon” and that he would proceed to publish comparable paperwork so long as they had been “authentic and relevant.”