Iranians Accused of Hacking US Presidential Campaigns; $10 Million Offered for Info on their Location

The Justice Department announced that three Iranian nationals and Islamic Revolutionary Guard Corps (IRGC) employees, at the same time, have been indicted for hacking accounts belonging to US officials, journalists, and individuals associated with US political campaigns.

Several reports of hacks related to political campaigns have surfaced in recent months as unknown hackers breached various systems and networks, then stole information and tried to disseminate it in the mass media. All the major publications refused to publish the information, and it turns out that it was for good reason.

"As alleged, in or around May, after several years of focusing on compromising the accounts of former U.S. government officials, the conspirators used some of the same hacking infrastructure from earlier in the conspiracy to begin targeting and successfully gaining unauthorized access to personal accounts belonging to persons associated with an identified U.S. Presidential campaign (U.S. Presidential Campaign 1), including campaign officials," the DOJ says in a statement.

While the DOJ doesn't name the affected party, the Trump campaign did say it directly: Iranian hackers hadve compromised the accounts of people in the campaign. That incident was later confirmed by the FBI, which added that hackers had multiple targets, including the other political campaign engaged in the race for the White House.

 "The conspirators used their access to those accounts to steal, among other information, non-public campaign documents and emails (campaign material)," the DOJ added.

 "The activity broadened in late June, when the conspirators engaged in a ‘hack-and-leak’ operation, in which they sought to weaponize campaign material stolen from U.S. Presidential Campaign 1 by leaking such materials to members of the media and individuals associated with what was then another identified U.S. Presidential campaign (U.S. Presidential Campaign 2."

 According to the indictment, the attackers used numerous techniques, including spearphishing and social engineering, to gain access to victims' accounts. They tried to use VPNs to obscure their location, created fake accounts seemingly belonging to prominent US citizens and international institutions, used phishing websites to steal credentials, and more.

 While not all their efforts were successful, given the fact that some files were stolen in the process, some of the techniques were enough.

 The Department of State, through the Rewards for Justice Program, is offering a reward of up to $10 million for information for the capture of the hackers.