State Department Announces $10M reward Iranian Cyber Actors’ Interference with 2020 U.S. Presidential Election

Apologies to told you on Sunday that my week is absolutely insane and that it was highly unlikely that I’d publish a daily article this week. But here I am after an 18 hour day -writing & editing

State Department’s Rewards for Justice program

In 1984 Congress enacted legislation to “Combat International Terrorism” which established the State Department’s Rewards for Justice  (RFJ) State Department’s counterterrorism rewards program administered by the Diplomatic Security Service.

… RFJ’s goal is to bring international terrorists to justice and prevent acts of international terrorism against U.S. persons or property. Under this program, the Secretary of State may authorize rewards for information that:

• Leads to the arrest or conviction of anyone who plans, commits, aids, or attempts international terrorist acts against U.S. persons or property

• Prevents such acts from occurring

• Leads to the identification or location of a key terrorist leader

• Disrupts terrorism financing

The Secretary of State is authorized to pay a reward greater than $25 million if he/she determines that a greater amount is necessary to combat terrorism or to defend the United States against terrorist acts.

State Department Feb 1, 2022 Press Release

Yes from time to time the State Department offers rewards via their Rewards for Justice (RFJ) program. Which is managed by their Diplomatic Security Service. On February 1, 2022 the State Department publicly announced that it is offering;

…a reward of up to $10 million for information on any person who, while acting at the direction of or under the control of a foreign government, interferes with U.S. elections by violating the Computer Fraud and Abuse Act (CFAA) ¹

Rewards for Justice @RFJ_USA

Reward! Up to $10 Million These hackers worked for the Iranian government to try to interfere with the 2020 U.S. elections. Got information on them? Text us a tip. You could be eligible for a reward. ow.ly/cQqr50HJucF

5:00 PM ∙ Feb 1, 2022

---

November 2021 -Iranian Cyber Actors identified

The State Department is seeking information on Iranian cyber actors -that ran a sophisticated and malicious operation during the 2020 electoral cycle. To be clear, the FBI and more broadly the DOJ -USAO previously identified these individuals

• Seyyed Mohammad Hosein and MUSA KAZEMI (سید محمد حسین موسی کاظمی), a/k/a “Mohammad Hosein Musa Kazem,” a/k/a “Hosein Zamani,” and SAJJAD KASHIAN (سجاد کاشیان), a/k/a “Kiarash Nabavi,” ²

• Iranian cyber company Emennet Pasargad - both defendants worked as contractors for Emennet Pasargad

• See State Department’s Seyyed Kazemi’s info sheet

Based on the investigation, both defendants engaged in a malicious cyber operation. Which ran from at least August through November 2020 and sought to sow discord and undermine voters’ faith in the U.S. electoral process.

…Kazemi helped to carry out the voter intimidation and influence campaign by compromising servers used to send the threatening voter emails, preparing emails for the voter threat email campaign, and compromising the email accounts of an American media company. ³

In November 2021, these individuals and their employer, Emennet Pasargad, were designated under Executive Order 13848 Treasury Sanctions Iran Cyber Actors for Attempting to Influence the 2020 U.S. Presidential Election:

…Iranian actors obtained or attempted to obtain U.S. voter information from U.S. state election websites, sent threatening emails to intimidate voters, and crafted and disseminated disinformation pertaining to the election and election security.  Furthermore, the Iranians illicitly accessed content management accounts of several online U.S. media entities, which resulted in their ability to edit and create fraudulent content.  However, the actors’ ability to leverage this unauthorized access was ultimately thwarted by the Federal Bureau of Investigation (FBI). 

Examples of the 2020 Election Interference:

As noted in the November 2021 Indictment —there’s Iranian cyber operatives not only penetrated eleven state voting websites but then they exfiltrated data, more than 100,00- State Voter Information was stolen. But it’s the other malicious cyber actions that kind of gave me a bad flash back. As noted in the DOJ-OPA USAO-SDNY press released, which reads in part:

Iranians posing as “proud boys” and “support Trump or else”

Man I’d be super curious to know who the hackers sent emails to like which Senators and US House of Representatives

• October 2020, members of the conspiracy, claiming to be a “group of Proud Boys volunteers,” sent Facebook messages and emails (the “False Election Messages”) to Republican Senators, Republican members of Congress, individuals associated with the Presidential campaign of Donald J. Trump, White House advisors, and members of the media.  The False Election Messages claimed that the Democratic Party was planning to exploit “serious security vulnerabilities” in state voter registration websites to “edit mail-in ballots or even register non-existent voters.”  The False Election Messages were accompanied by a video (the “False Election Video”) which purported, via simulated intrusions and the use of State-1 voter data, to depict an individual affiliated with the Proud Boys hacking into state voter websites and using stolen voter information to create fraudulent absentee ballots through the Federal Voting Assistance Program (“FVAP”) for military and overseas voters.

• engaged in an online voter intimidation campaign involving the dissemination of a threatening message (the “Voter Threat Emails”), purporting to be from the Proud Boys, to tens of thousands of registered voters, including some voters whose information the conspiracy had obtained from State-1’s website.  The emails were sent to registered Democrats, and threatened the recipients with physical injury if they did not change their party affiliation and vote for President Trump.

• November 4, 2020, the day after the 2020 U.S. Presidential election, the conspirators sought to leverage earlier September and October 2020 intrusions into an American media company’s (“Media Company-1”) computer networks.  Specifically, on that day, the conspirators attempted to use stolen credentials to again access Media Company-1’s network, which would have provided them another vehicle for further disseminating false claims concerning the election through conspirator-modified or created content.  However, because of an earlier FBI victim notification, Media Company-1 had by that time mitigated the conspirators’ unauthorized access and these log-in attempts failed

I vaguely remember writing an article about this indictment back in November 2021 but after an almost 18 hour work day —I just don’t have the stamina to try and chase it down. I’m unlikely to publish an article tomorrow because this week is me entering Dante’s 4-level in the Inferno (phew I published this with 40 minutes to spare until Feb 3rd)

And lastly your prerequisite daily dose of salt water therapy…

file411_dc

A post shared by File411 (@file411_dc)

1

See USAM via DOJ Computer Fraud Abuse Act - https://www.justice.gov/jm/jm-9-48000-computer-fraud -last accessed on February 2, 2022 codified 18 U.S.C. §1030 et seq, https://uscode.house.gov/view.xhtml?req=(title:18%20section:1030%20edition:prelim) last accessed February 2, 2022

2

See November 18, 2021 unsealed indictment of defendants https://www.justice.gov/usao-sdny/press-release/file/1449276/download -last accessed on February 2, 2022

3

See WSJ November 19, 2021 article https://www.wsj.com/articles/iranian-hackers-broke-into-newspaper-publisher-lee-enterprises-ahead-of-2020-election-11637359741 which details the American Media Company’s efforts to take their systems back from these pernicious hackers

Comments

[Marcia]

The number of tentacles on the beast continues to grow. Thank you, again, for educating us. Disfruta!

[Lily Sanchez]

Thank you, Filey. I wish you a long soak with a nice glass of wine, and a blissful foot rub.