Federal prosecutors unsealed an indictment Thursday in New York accusing two Iranian hackers of successfully hacking into a state computer election system, stealing voter registration data and using it to carry out a cyber-intimidation campaign that targeted GOP members of Congress, Trump campaign officials and Democrat voters in the November 2020 election.
The indictment charged Seyyed Mohammad Hosein Musa Kazemi, 24, and Sajjad Kashian, 27, with obtaining confidential U.S. voter information from at least one state election website, sending threatening email messages to intimidate and interfere with voters, and disseminating a video containing disinformation about purported election infrastructure vulnerabilities.
The victimized state was not identified, though prosecutors said at least 100,000 voters' information was stolen in the scheme. Prosecutors did not allege direct Iranian government involvement but said at least one of the defendants had done work for Tehran's government.
U.S. officials said the case was an example of "malign foreign influence" in a U.S. election.
"This indictment details how two Iran-based actors waged a targeted, coordinated campaign to erode confidence in the integrity of the U.S. electoral system and to sow discord among Americans," Assistant Attorney General Matthew G. Olsen said in announcing the indictments. "The allegations illustrate how foreign disinformation campaigns operate and seek to influence the American public. The Department is committed to exposing and disrupting malign foreign influence efforts using all available tools, including criminal charges."
The indictment alleged a plot that began in August 2020 that included:
- Attempts to compromise approximately 11 state voter websites, including state voter registration websites and state voter information websites. Those efforts resulted in the successful exploitation of a misconfigured computer system in one state in which data for more than 100,000 voters was stolen.
- The hackers posing as members of a "group of Proud Boys volunteers" and then sending Facebook messages and emails to Republican senators, Republican members of Congress, individuals associated with the presidential campaign of Donald J. Trump, White House advisors, and members of the media. The bogus messages claimed that the Democratic Party was planning to exploit "serious security vulnerabilities" in state voter registration websites to "edit mail-in ballots or even register non-existent voters."
- The production of a false video carrying the Proud Boys logo, which purported to depict an individual hacking into state voter websites and using stolen voter information to create fraudulent absentee ballots.
- The creation of an online voter intimidation campaign involving the dissemination of a threatening message purporting to be from the Proud Boys, to tens of thousands of registered voters. The emails were sent to registered Democrats and threatened the recipients with physical injury if they did not change their party affiliation and vote for Trump.
- An unsuccessful effort to hack into a news media company's computers to further disseminate false claims concerning the election. The effort failed, prosecutors said.