Iranian Hackers Indictment Shows Vulnerability of Online Voter Registration

Anyone inclined to downplay the risks involved in states allowing online, Internet-based voter registration, take note: Last week, the Justice Department unsealed a federal indictment of two Iranian hackers that shows how the system provides cyber-criminals–and foreign governments–a vulnerable pathway into state databases and our election systems.

The U.S. Attorney for the Southern District of New York charged the two with participating in a “coordinated and multi-faceted, cyber-enabled campaign to intimidate and influence American voters, and otherwise undermine voter confidence and sow discord” in the 2020 presidential election. Both of the hackers were contractors for Eelyanet Gostar, an Iranian company that provides cybersecurity services for the Iranian government.

>>> Democracy’s Digital Defenses

According to the indictment, in September and October of 2020, the hackers targeted 11 state voter registration and voter information websites. They managed to get into one of the states (not identified in the indictment) and download information on 100,000 voters.

Next, the hackers used social media platforms to send emails and Facebook messages to Republican senators and representatives, individuals in President Trump’s presidential campaign, White House advisors, and members of the media, claiming that the Democratic Party was planning on exploiting “serious security vulnerabilities” in state voter registration websites to “edit mail-in ballots or even register non-existent voters.” The hackers masqueraded as a “group of Proud Boys volunteers.”

They then created a false video that supposedly showed someone hacking into a state voter registration website and creating fraudulent absentee ballots through the Federal Voting Assistance Program for military and overseas American voters. They again made it look like the Proud Boys had obtained the surreptitious video.

Using the stolen voter registration information, as well as other sources, the hackers sent emails supposedly from the Proud Boys to tens of thousands of registered Democrat voters, threatening them “with physical injury if they did not change their party affiliation and vote for President…