DOJ pressed to investigate election problems exposed by Iranian hackers in 2020

During the 2020 election, Iranian nationals demonstrated vulnerabilities in states’ voter registration systems by hacking Alaska’s. Those vulnerabilities, particularly regarding overseas voters and their ballots, must be investigated by the Department of Justice and fixed across the U.S., election integrity groups warn.

While Alaska admitted to its voter registration system being breached in 2020, the federal government said it was aware of “at least one state” that had been hacked by Iranians. The DOJ later said that “approximately eleven state voter websites” were attacked at the time.

In the Election Research Institute’s (ERI) new report titled, "Failure of the Weaponized Department of Justice to Protect the US Election System," it shows how there was a significant increase in the number of overseas ballot applications and ballots submitted in 2020 as Iranian hackers revealed how they could use the data from Alaska’s breached voter registration system to complete such applications and ballots.

Feds: “Foreign actors and cyber criminals”

On Sept. 28, 2020, the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) announced that there was a “potential threat posed by attempts to spread disinformation regarding cyberattacks on U.S. voter registration databases or voting systems.”

The agencies said that there were “foreign actors and cyber criminals” during the 2020 election cycle “spreading false and inconsistent information through various online platforms in an attempt to manipulate public opinion, discredit the electoral process, and undermine confidence in U.S. democratic institutions."

“These malicious actors could use these forums to also spread disinformation suggesting successful cyber operations have compromised election infrastructure and facilitated the ‘hacking’ and ‘leaking’ of U.S. voter registration data,” according to the FBI and CISA.

Because much of U.S. voter information can be obtained through publicly available sources, cyber actors have acquired this data in recent years, but it does “not impact the voting process or the integrity of election results,” the agencies said.

“In addition, the FBI and CISA have no information suggesting any cyberattack on U.S. election infrastructure has prevented an election from occurring, compromised the accuracy of voter registration information, prevented a registered voter from casting a ballot, or compromised the integrity of any ballots cast.”

However, a month later, the agencies announced that they were aware of an Iranian hacker attacking election websites.

“CISA and the FBI observed this actor attempting to exploit websites to obtain copies of voter registration data between September 29 and October 17, 2020,” the announcement said.

The agencies added that they could “confirm that the actor successfully obtained voter registration data in at least one state.”

Also, “CISA and the FBI assess this actor is responsible for the mass dissemination of voter intimidation emails to U.S. citizens and the dissemination of U.S. election-related disinformation in mid-October 2020.”

After the 2020 election, on Dec. 3, 2020, then-Alaska Lt. Gov. Kevin Meyer’s (R) office explained that his state “was the victim of data exposure by outside actors that targeted the Division of Elections Online Voter Registration System, which was built and maintained by an outside vendor and operated by the Division.

“Although some voters’ personal information was exposed, the Division has determined that no other elections systems or data were affected. The Division’s ballot tabulation systems, 2020 general election results, and voter database remain secure.”

No effect on elections, as of yet

Meyer’s office added that he first became aware of the issue on Oct. 27, which was three days before the FBI and CISA announced that a state’s voter registration data had been obtained by an Iranian hacker.

“Since the discovery, Division staff, working with the State Security Office, our vendors, and law enforcement, and a computer forensics firm have worked to determine the scope of the problem, secure databases and web applications, comply with state law regarding exposure of personal information records, and assist law enforcement with any investigation as needed. Working with the vendor, the division has determined that 113,000 potential voters’ personal information—such as birth dates and license numbers—was exposed,” the lieutenant governor’s office said.

Then, nearly a year later, on Nov. 18, 2021, the U.S. Attorney for the Southern District of New York announced charges against two Iranian hackers.

The charges were part of an unsealed indictment, which stated that Seyyed Mohammad Hosein Musa Kazemi, 24, and Sajjad Kashian, 27, were charged with obtaining confidential U.S. voter information from at least one state election website, sending threatening email messages to intimidate and interfere with voters, and disseminating a video containing disinformation about purported election infrastructure vulnerabilities.

While the state wasn’t mentioned in the indictment, Alaska was the state that had admitted to being hacked during the 2020 election season.

“In September and October 2020, members of the conspiracy conducted reconnaissance on, and attempted to compromise, approximately eleven state voter websites, including state voter registration websites and state voter information websites,” the U.S. Attorney’s Office said.

The hackers also posed as members of a "group of Proud Boys volunteers" and then sent Facebook messages and emails to Republican senators, Republican members of Congress, individuals associated with the presidential campaign of Donald J. Trump, White House advisors, and members of the media. The bogus messages claimed that the Democratic Party was planning to exploit "serious security vulnerabilities" in state voter registration websites to "edit mail-in ballots or even register non-existent voters."

The ERI report notes that absentee and mail ballot requests are primarily verified by matching driver’s license numbers or Social Security numbers from ballot applications with government records.

Given that the hackers stole voters’ personal information, “If the [Islamic Revolutionary Guard Corps] had submitted fraudulent applications or ballots to election officials in Alaska using the data from the breach, the Social Security or Driver’s License numbers would have been verified as correct in the matching process,” according to the report.

How the breach and data fraud worked

The video that the hackers shared showed “how they could use the breach data to complete Federal Write-In Absentee Ballots (FWAB) or Federal Post Card Applications (FPCA),” the report reads.

“The video included confirmed valid voter information that was copied and pasted into the fields used to create PDFs for at least three FWABs which can be used as emergency back-up ballots by individuals who are eligible to vote under the Uniformed Overseas Citizens Absentee Voting Act (UOCAVA),” per the ERI report.

FPCAs are how UOCAVA voters request to vote overseas.

UOCAVA voters include military and non-military U.S. citizens who live overseas. Last year, just 26.3% of UOCAVA ballots were sent to military members, while nearly 70.7% were sent to non-military voters, including students studying abroad, U.S. citizens who have moved to permanently live overseas, and those who have never resided in the U.S., according to the U.S. Election Assistance Commission’s 2024 Election Administration and Voting Survey Report.

In the 2020 election, 39.4% of UOCAVA voters were military, compared to 60.1% non-military, per the EAC’s report.

The Iranian hackers’ video also showed “computer files for 40 states and a demonstration that at least some of those state folders contained multiple PDF documents of UOCAVA FWAB ballots or FPCA ballot applications. While there is no evidence that the FWABs created in the video were submitted to states, there is ample evidence that the vulnerabilities exist,” according to the ERI report.

According to CISA’s “Rumor Control” webpage, which no longer exists, “Changing an election using fraudulently submitted FWABs would be highly difficult to do. This is because election offices have security measures in place to detect such activity.”

The agency added that because few FWABs are submitted, “spikes in FWAB usage would be detected as anomalous.”

“However, states reported receiving 41% more FWABs in 2020 than in 2016,” according to the ERI report, citing EAC data. “Nationally, 33,027 FWABs were submitted to election offices for the 2020 General Election. That was an increase of nearly 10,000 more FWABs submitted in 2020 when there were travel restrictions and far fewer US citizens abroad.”

Alaska saw the number of UOCAVA ballots increase by 60% from 2016 to 2020, with 16,466 ballots delivered online for the latter election, per the ERI report. UOCAVA ballots are submitted by email, mail, or through online systems.

Also, across the U.S., “Election offices reported receiving 764,691 FPCAs ahead of the 2020 general election, which was almost double the 420,861 FPCAs that states reported receiving ahead of the 2016 general election,” per the EAC’s 2020 Election Administration and Voting Survey Report.

Demands for FBI investigation as precautionary measure

“The 2020 election occurred during a global pandemic which significantly reduced the number of US citizens traveling, studying or working abroad but the significant increase in UOCAVA ballots was not investigated by the DOJ,” according to the ERI report.

“The existing vulnerabilities in the UOCAVA voting system must be addressed to prevent the IRGC and other foreign adversaries from interfering in future elections. There is an urgent need for the FBI to fully investigate the potential exploitation of vulnerabilities in UOCAVA voting. Further, the DOJ should ensure compliance with the federal requirements for verification of voter registration information for individuals who apply to register to vote in federal elections,” the ERI report concludes.

Election Integrity Network Founder Cleta Mitchell told Just the News on Sunday that the ERI report “is a very serious indictment of FBI and national intelligence community failures to protect the integrity of the 2020 election.

“It is yet another intrusion into that election by one of America’s foreign adversaries, this time the Iranian Republican Guard Corp. Not only did the FBI originally deny that a cyber-attack had occurred but they dismissed the incident as propaganda and they failed to investigate the very real vulnerabilities exposed,” Mitchell said. “The indictment of the international bad actors responsible for this very serious breach into a state’s voter registration has done nothing to deter the Iranians.”

Mitchell added that she hopes "Sen. Grassley (R-IA) and the new leadership of the FBI will immediately add this episode to the growing list of 2020 election matters that demand investigation and accountability."

“The FBI repeatedly ignored serious threats to our election system in 2020, leaving it significantly vulnerable to manipulation by bad actors, both foreign and domestic. We need to know why that happened and how to keep it from happening ever again.”

Mitchell also said that the UOCAVA “system is utterly broken, it fails to serve our active duty military members, and it is clearly vulnerable to exploitation by our adversaries. Congress and the Administration must fix the problems within UOCAVA to make certain that those who wish to commit fraud in our elections are not able to use the UOCAVA system for that purpose. This report raises serious alarms that must be addressed before the 2026 election.”

The FBI didn’t respond to a request for comment by publishing time.