News: Iranian hackers — and hitmen

Monday, August 19, 2024

Iranian hackers — and hitmen — eye Trump

Aug 19, 2024

Driving the Day

— Three former Trump administration officials tell MC Iranian hackers have targeted them since they left office. They fear it could be part of an ongoing Iranian campaign to assassinate them.

HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! It is officially heirloom tomato season. If you know, you know. If you don’t know, fine. More tomatoes for the rest of us.

Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Find our usual MC Joseph on X at @JGedeon1 or email him at jgedeon@politico.com. You can also follow @POLITICOPro and @MorningCybersec on X. Full team contact info is below.

Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

During unprecedented times, POLITICO Pro Analysis gives you the insights you need to focus your policy strategy. Live briefings, policy trackers, and and people intelligence secures your seat at the table. Learn more.

Today's Agenda

President Joe Biden headlines Day 1 of the Democratic National Convention in Chicago.

Election Security

HACKING WITH A DARK TWIST — Iranian hackers have been trying to break into the inboxes of senior Trump administration officials for more than two years, in what those officials suspect is part of an ongoing effort to support Iranian assassination teams.

Three former senior national security officials say they’re aware of Iranian efforts to hack into their devices or accounts since Trump left office in 2021. And, they said, the campaigns appear designed to aid Iranian hit men seeking payback for the Trump White House’s 2020 killing of Iranian military leader Qasem Soleimani.

“This is clearly related, or could be, to an assassination campaign against former Trump officials,” said one official. The individual, granted anonymity like others in this story due to ongoing security concerns, said they received a briefing from the FBI about a successful intrusion into their email account roughly a year after leaving office.

John Bolton, the former national security adviser to Donald Trump, also acknowledged Iranian hackers have been targeting him. “The fact is that, over time, yes, the Iranians have tried to hack into my computer system and my various business computer systems and political operations,” said Bolton, a noted Iran hawk.

Bolton declined to go into specifics about the link between the alleged hacking activity and Iranian assassination threats against him. But it’s true, he said, that “access to somebody's schedule could be very, very helpful to the Iranians.”

— The big picture: In recent months, the U.S. has collected intelligence indicating Iran is bent on killing Trump and his former national security aides, including Bolton. Law enforcement has even made an arrest in one of those plots this July.

Iran’s permanent mission to the U.N. did not reply to a request for comment. It has previously denied that Tehran is trying to assassinate any U.S. political figures. The FBI also did not reply to a request for comment.

— Tip of the iceberg: A third former senior official for the Trump administration said they were notified by their email provider that Iranians tried to break into their inbox roughly two years ago.

That official and Bolton both said they believed the Iranian intrusion campaign was widespread. “I believe that [the Iranians] have been very active over a period of time, since the end of the Trump administration, against a pretty large number of former officials,” said Bolton.

— The (other) attribution problem: It’s fairly regular for nation-state adversaries to try to spy on senior national security officials. That means it can be hard — but not impossible — to tell whether Iranian hacking efforts are meant for something darker than old-fashioned espionage.

“The first step towards an assassination plot is using cyber to get into people’s schedules,” said a fourth Trump administration official. That person said he believes the Iranians haven’t successfully hacked him yet. He is confident about that, he said, for a simple reason: "I've asked."

— Fear and loathing: Asked whether the Trump campaign had any reason to think the recent efforts against it also might have an ulterior motive, spokesperson Steven Cheung referred MC to some prior comments on the matter. “The Iranians know that President Trump will stop their reign of terror just like he did in his first four years in the White House," Cheung said previously.

On the Hill

THE GHOST IN THE IOT — First came Huawei, then TikTok, and now — perhaps — Quectel and Fibocom.

The two little-known Chinese companies dominate the global market for so-called IoT modules, the tiny bits of embedded hardware that enable “smart” devices to connect to the internet. And, beltway tech and security hawks are increasingly beginning to speak about the West's heavy dependence on them, much like they once did Beijing’s other notorious tech giants.

The Commerce Department should “keep Chinese-made IoT cellular modules contained in some devices – ranging from body cameras to kitchen appliances — out of critical sectors in the U.S.,” Rep. Mike McCaul (R-Texas), the chair of the House Foreign Affairs Committee, said in a statement on X on Friday.

— Join the club: McCaul’s comments make him the latest to sound the alarm on the national security risks of those two companies. FCC Chair Jessica Rosenworcel and the top lawmakers on the House China Committee have previously warned that Quectel and Fibocom could give Beijing a foothold to spy on the U.S. — or shut down IoT devices used in a myriad of critical industries.

Quectel, Fibocom and smaller Chinese manufacturers control 64 percent of the global IoT module market as of late 2022, according to a paper by former British diplomat Charles Parton.

— Prying eye: McCaul's post followed an article out Thursday from POLITICO’s Alfred Ng and (to a much lesser extent) your MC host.

Alfred reported then about a new lawsuit that aims to ban Axon police body cameras from all presidential campaign events because they include Quectel's IoT modules. Axon happens to be the nation’s largest supplier of those cams.

— Undermining the grid: The suit, filed by a competitor of Axon, mainly focuses on the risk of espionage. But the concerns harbored by China hawks extend much further.

For the Thursday story, your MC host scooped that a multibillion-dollar home appliance manufacturer briefed staff on the House China Committee this summer about their own risky reliance on Chinese-made IoT modules. They relayed fears Beijing could trigger power outages in the U.S. by surging electricity to a fleet of their smart devices, according to two people familiar with the briefing.

— Nothing to see here: Quectel’s head of communications, Phil Rawcliffe, told Alfred the company’s products do not present a risk to national security and that Quectel customers “own and control all data flowing through their devices.” Fibocom did not reply to a request for comment on this story.

— Trust problems: As with Huawei and TikTok, the concerns about Fibocom and Quectel are really about trust.

By design, IoT modules can transmit and receive data over the internet, including from their manufacturers. In theory, that means Beijing could try to cripple or subvert its devices in U.S. networks if relations with the West ever went very south.

“I suspect there's a heavy IoT nexus” in the Biden administration’s warnings about Chinese efforts to burrow into and hold at risk U.S. critical infrastructure, said Matt Pottinger, the former deputy national security adviser to Donald Trump. In addition to hacking, Pottinger said, Beijing also has “hardware and firmware embedded in U.S. infrastructure that they can exploit.”

— What’s next: The Commerce Department didn’t reply to a request for comment about barring Chinese IoT module manufacturers in the U.S., as urged by McCaul.

But keep an eye on the agency’s forthcoming rule on Chinese electric vehicles. It could touch on IoT issues — or signal the agency’s willingness to take on big new tech firms from China.

The International Scene

SIGNALING IN CYBERSPACE — Iran-linked information warriors are taking to X in what appears to be a coordinated bid to deter Israel away from further attacks against Tehran and its proxies, according to preliminary research shared exclusively with MC via anti-disinformation firm Logically.

Since July 31, Logically has tracked approximately 700 Arabic-language mentions of Iran and the "Axis of Resistance" and hypersonic missiles, roughly 80 percent of which came from X, the company’s senior manager for strategy and analysis, Alex Nelson, told MC. In addition, a specific account likely linked to Iran recently posted “a very detailed description” of how Iran and its allies would use hypersonic missiles to attack Israel. The post was viewed more than a million times.

— Why it matters: Logically assesses that the activity is part of an information operation to deter further Israeli attacks amid a moment of heightened tension in the Middle East.

Earlier this month, Iran vowed to retaliate against Israel following the assassination of a top Hamas leader in Tehran and a senior Hezbollah commander in Lebanon. Israel is widely believed to be behind both killings, which targeted Iranian proxy groups.

— Just bluster: Military analysts are skeptical Tehran possesses hypersonics, even though it recently claimed to have developed them. Hypersonics would be a significant new military capability for Iran, since they can evade common missile defense technologies.

Tweet of the Day

The Financial Times knows how to turn IT lemons into lemonade:

Quick Bytes

ZERO TRUST — How the ‘Jia Tan’ hack frayed the open-source software ecosystem, per CyberScoop’s Christian Vasquez.

TROUBLE IN GEORGIA — Far-right activists helped push a controversial election administration rule that could heighten the potential for unrest this November in Georgia, ProPublica reports.

TECH ACCESS — PRC-linked universities in the UAE are getting access to sensitive, export-controlled U.S. technologies, writes The Jamestown Foundation’s Cheryl Yu.

Chat soon.

Stay in touch with the whole team: Joseph Gedeon (jgedeon@politico.com); John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com); and Heidi Vogt (hvogt@politico.com).

DON’T MISS OUR AI & TECH SUMMIT: Join POLITICO’s AI & Tech Summit for exclusive interviews and conversations with senior tech leaders, lawmakers, officials and stakeholders about where the rising energy around global competition — and the sense of potential around AI and restoring American tech knowhow — is driving tech policy and investment. REGISTER HERE.