WASHINGTON, Oct 25 (Reuters) – A group of Iranian hackers accused of breaching the email accounts of Donald Trump’s campaign for the Republican presidential nomination have managed to get their stolen emails published after initial attempts to attract media attention failed.

Recently, these hackers expanded their outreach by selling Trump’s emails to a Democratic political figure, who subsequently shared the documents through his political action committee, American Muckrakers, as well as with independent journalists. Some of this material has been featured on the writing platform Substack, revealing communications between Trump’s campaign and various advisers, covering various subjects as the 2024 election approaches.

The hacking activities tracked by Reuters shed light on potential election interference efforts. They indicate that Iran remains intent on intervening in elections, even in spite of a September indictment from the U.S. Justice Department, accusing those involved of operating under false identities for Tehran.

The indictment contends that the Iranian-linked hacking group, named Mint Sandstorm or APT42, accessed the accounts of several Trump campaign staff members by stealing their passwords during May and June. A recent advisory from the Department of Homeland Security warned that these hackers continue to target campaign personnel. If found guilty, they could face imprisonment and fines.

The indictment described the hackers as three Iranian individuals collaborating with Iran’s Basij paramilitary force, which enforces the government’s strict policies and extends its influence. Efforts to contact the hackers identified in the indictment via email and text were unsuccessful.

When approached by Reuters, the hackers, who use a shared alias “Robert,” avoided directly responding to the U.S. accusations with one saying, “Do you really expect me to answer?!”

“Robert” is the same alias mentioned in the U.S. indictment, according to FBI communications reviewed by Reuters.

In response to allegations regarding its involvement in U.S. election hacking, Iran’s mission to the United Nations stated that such claims are “baseless and completely unacceptable,” and firmly denied these accusations. The FBI, which is looking into Iran’s hacking efforts against both presidential campaigns, has chosen not to comment.

David Wheeler, the founder of American Muckrakers, asserted that the documents he disseminated are authentic and serve the public interest. He emphasized that his intention was to shed light on the lengths the Trump campaign is willing to go in their pursuit of victory and to inform the public with accurate details. He refrained from revealing how he obtained the material.

Earlier this month, the Trump campaign released statements claiming that Iran’s hacking actions aimed to disrupt the 2024 election and create chaos in the democratic process, further alleging that journalists who republished the stolen documents are serving the interests of “America’s enemies.”

This situation contrasts with Trump’s stance in 2016 when he encouraged Russia to hack into Hillary Clinton’s emails and share them with the media.

Leak operation

The operation to leak the emails commenced around July when an email account, noswamp@aol.com, began communicating with reporters from multiple news organizations under the alias Robert, according to two sources familiar with the matter. Initially, they reached out to Politico, the Washington Post, and the New York Times, claiming they had damaging internal insights regarding Trump’s campaign.

In early September, the accused Iranian hackers employed another email address, bobibobi.007@aol.com, to engage with outlets including Reuters, as they offered new leads, according to the two sources.

During that time, they provided research compiled by the Trump campaign about Republican figures JD Vance, Marco Rubio, and Doug Burgum—all potential candidates for Trump’s vice-presidential nomination.

The reports about potential running mates were confirmed to be legitimate by a source familiar with the Trump campaign. However, neither Politico, the Washington Post, the New York Times, nor Reuters published news reports based on these findings.

A spokesperson for the New York Times stated that the outlet only publishes articles based on hacked materials when they find valid news and can authenticate the contents.

The Washington Post referred Reuters to a prior statement from its executive editor, Matt Murray, underlining that news publishers will not accept any hacked materials without substantial verification. A spokesperson for Politico mentioned that the provenance of the documents is often more critical than the substance of the leaks. Reuters opted not to run the material believing it did not hold significant news value, according to a spokesperson.

The two AOL accounts linked to this operation were deactivated in September by Yahoo, which collaborated with the FBI prior to the indictment to track them back to the Iranian hacking group, as indicated by two informed sources. Yahoo has not responded to requests for comment.

Reporters may require an alternate means of contact and were provided with a phone number associated with the encrypted messaging app Signal. Signal is harder for law enforcement to track, and did not respond to requests for comments.

According to high-ranking U.S. intelligence and law enforcement officials, Iran’s meddling in this election cycle is aimed at undermining Trump, whom they blame for the 2020 drone strike that killed former Iranian general Qassem Soleimani.

So far, the leaks that have been made public do not seem to have altered the political landscape for the Trump campaign.

Muckrakers

On September 26, the North Carolina-based group American Muckrakers began releasing internal emails from the Trump campaign. This political action committee (PAC) has been active since 2021 and has a history of revealing damaging information about notable Republicans. Public disclosure reports indicate that it relies on donations from individual contributors nationwide.

On their website, American Muckrakers claimed that the leaks originated from “a source,” but before the release last month, they publicly urged someone named Robert to contact them. “HACKER ROBERT, WHY DO YOU KEEP SENDING TRUMP INFORMATION TO CORPORATE MEDIA?” the group posted on X. “Send it to us, and we will publish it.”

When asked if his source was the alleged Iranian hacker known as Robert, Wheeler stated that information was confidential and he could not confirm the source’s whereabouts. He also refrained from commenting on whether the FBI had alerted him that the communications stemmed from a foreign influence campaign.

On October 4, Muckrakers released documents claiming to reveal a financial arrangement between lawyers for former presidential candidate Robert F. Kennedy Jr. and Trump. Kennedy’s attorney, Scott Street, stated via email to Reuters that he could not comment publicly on the matter. Reuters verified the authenticity of the documents.

Muckrakers also published communications from Robert related to two notable political races, including purported campaign messages concerning Republican gubernatorial candidate Mark Robinson from North Carolina and Republican representative Anna Paulina Luna from Florida, both of whom have Trump’s endorsement.

The discussion about Robinson involved a Republican consultant, W. Kirk Bell, seeking advice from the Trump team following a scandal regarding remarks attributed to Robinson on an adult forum, which Robinson has denied. The other correspondence involved a Republican advisor sharing personal information about Luna with the campaign.

Neither Robinson’s nor Luna’s campaigns responded to requests for comment.

One of the few journalists who received information from Robert and subsequently published it is independent national security reporter Ken Klippenstein, who released research documents regarding the vice presidency on Substack last month. Robert confirmed to Reuters that he shared this material with Klippenstein.

Substack did not respond to inquiries about its policy on hacked content.

Following the article, Klippenstein reported that FBI agents contacted him concerning his interactions with Robert and suggested that they were related to a “foreign malign influence operation.” Klippenstein stated in a post that he found the material to be of public interest and felt the media should not act as a “gatekeeper” regarding what information the public ought to learn.

A spokesperson for Reuters, which also received similar notifications from the FBI, stated, “We cannot comment on our interactions, if any, with law enforcement.” An FBI representative declined to discuss the media notification process.

Wheeler mentioned that he expects to release more leaks “soon” and will continue to publish similar documents as long as they are “genuine and pertinent.”