How much is different from 2016, and will the institutions that stumbled then—the press, the intelligence community, and the campaigns—do any better this time around?
It’s several months before a presidential election, featuring a showdown between a prominent entertainer and a candidate who, if victorious, would become America’s first female president. Hackers affiliated with a nation-state send spear-phishing emails to people affiliated with both political campaigns—and at least one person takes the bait. The hackers scoop up internal campaign communications, including a dossier of potentially damaging materials about one campaign’s ticket along with emails belonging to the candidate’s adviser. Then, using a fake identity, they reach out to reporters whom they think might be interested in what they have to share.
This is, of course, a description of Russia’s hack of Democratic Party organizations and of the Hillary Clinton campaign in 2016. But it’s also a description of what appears to be the recent hacking of the Trump 2024 campaign by actors linked to Iran. On Aug. 12, the FBI confirmed to the press that it is investigating alleged Iranian cyberattacks against both the Democratic and Republican campaigns for president, following earlier reporting of a hack of the Trump campaign’s systems.
“Buckle up,” tweeted Chris Krebs, who worked to protect election integrity during the 2020 vote while in his former role as director of the Cybersecurity and Infrastructure Security Agency (CISA). “Someone is running the 2016 playbook.”
We know what happened last time: The press seized on the hacked emails after Russian military intelligence, known as the GRU, distributed them through WikiLeaks, and the Trump campaign capitalized exuberantly on Russia’s involvement in the election.
This time, reporters have held back from publishing the leaked information. And, of course, Vice President Kamala Harris has not yet weighed in on the campaign trail with any winking suggestions that Iran might want to continue rummaging around in the Trump campaign’s systems.
Then again, for all we know, this influence operation is only in its opening moments. How much is different from 2016, and will the various American institutions that stumbled then—the press, the government, and the campaigns themselves—do any better this time around?
The first stirrings of the Iran hacking story arrived on Aug. 8, when Microsoft released a report announcing its discovery that “a group run by the Islamic Revolutionary Guard Corps (IRGC) intelligence unit” had “sent a spear-phishing email to a high-ranking official of a presidential campaign from a compromised email account of a former senior advisor.” Two days later, Politico published a strange story describing how the outlet had begun to receive anonymous emails containing “what appeared to be internal communications from a senior Trump campaign official,” along with a document vetting Trump’s running mate Sen. J.D. Vance (R-Ohio). Perhaps not wanting to be left out, the Washington Post and the New York Times published follow-up stories noting that they had received similar emails from the anonymous correspondent—who identified himself only as “Robert.”
Contacted for comment, the Trump campaign pointed to the Microsoft report and blamed “foreign sources hostile to the United States.” At this point, Iran’s involvement has not been definitively confirmed, but it seems reasonably likely that the IRGC really was, in fact, involved. According to the Post, “A person familiar with Microsoft’s work confirmed that the report’s reference was to the Trump campaign.” On Aug. 14, Google released its own analysis about the activities of the IRGC-linked hacking group, writing that the same organization had also attempted to hack into “the personal email accounts of roughly a dozen individuals affiliated with President Biden and with former President Trump” and was continuing its attempts to access accounts linked to Biden, Harris, and Trump.
Several months ago, Microsoft also alerted longtime Trump confidante Roger Stone that his email had been accessed by likely Iranian hackers, press reports indicate—reporting that’s backed up by references from both Microsoft and Google to the compromised email account of an unnamed political consultant. And the FBI’s confirmation of its investigation into Iranian hacking attempts is a strong indication that “Robert” is not, as he hinted, simply a helpful source with a line to the campaign.
There is an obvious irony here, given the glee with which Trump’s 2016 campaign—and Trump specifically—greeted Russia’s interference in that election. After materials stolen from the Democratic Party and the Clinton campaign were made public, Trump harped extensively on the information they contained in order to attack Clinton. Indeed, as the Mueller report recounts, the campaign’s openness to relying on Russian help went well beyond simply citing documents already available in the public domain.
In June 2016, after being informed that the Russian government was willing to provide the Trump campaign with damaging information on Clinton, Donald Trump Jr. replied enthusiastically over email. In July, Trump famously invited the Russian government to hack Clinton’s email, declaring: “Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing. I think you will probably be rewarded mightily by our press.” Later that same day, the GRU attempted to hack into accounts linked to Clinton’s personal office.
Separately, Trump campaign manager Paul Manafort maintained close ties with a Russian national, Konstantin Kilimnik, whom the Senate Intelligence Committee would later identify as a Russian intelligence officer with possible connection to the GRU hack-and-leak. Stone personally communicated with the GRU’s fake persona, “Guccifer 2.0”—and other members of the Trump campaign believed that Stone had inside information about what documents WikiLeaks planned to unveil.
With all this in mind, the 2024 Trump campaign’s protests that the material hacked by Iran was “obtained illegally from foreign sources hostile to the United States” and “intended to interfere with the 2024 election” ring a bit hollow. “We were just informed by Microsoft Corporation that one of our many websites was hacked by the Iranian Government,” Trump posted on Truth Social. “Never a nice thing to do!”
But examining what happened in 2016 and subsequent years is useful for reasons that go beyond simply the identification of hypocrisy. Many of the systems and institutions that will now be tested in responding to the Iran hack were developed, or became substantially more sophisticated, in response to the chaos of 2016.
Consider the role of the press. In the immediate aftermath of the 2016 election, the social media manipulation efforts of the St. Petersburg-based Internet Research Agency (IRA) received far more attention and stoked greater anxiety among policymakers than the GRU hack-and-leak. Subsequent research, though, has shown that the IRA’s trolls likely had little to no effect on voter behavior. In contrast, once the GRU teamed up with WikiLeaks, the hack-and-leak operation was astoundingly successful in shaping the American media environment and directing negative attention toward Hillary Clinton. That was possible because of the behavior of the mainstream press, which leapt at the opportunity to cover new and salacious material about Clinton, even if a great deal of that material didn’t actually turn out to be salacious at all.
The American political press is not, as a rule, inclined to self-reflection. But the shame of having been so thoroughly played by foreign intelligence was stark enough that many journalistic institutions reconsidered their approach in advance of the 2020 vote. An influential Stanford report recommended that journalists presented with potentially hacked material “[m]ake the disinformation campaign as much a part of the story as the email or hacked information dump”—focusing on “why it was leaked as opposed to simply what was leaked,” and taking care to establish that the material is authentic and not a malicious forgery.
This appears to be the approach that major news outlets contacted by the mysterious “Robert” are taking so far. Neither Politico, nor the Post, nor the Times has published anything other than the broadest details about the Trump campaign documents they received—meaning that so far, the hacked materials are hidden from public view. All three outlets report that they have established the authenticity of at least some of the documents. So far, these three—along with other mainstream publications like the Wall Street Journal—are treating the attempted Iranian influence campaign as the story, rather than whatever scuttlebutt the IRGC dug up on J.D. Vance. A Politico spokesman told the AP that the publication’s editors decided that “the questions surrounding the origins of the documents and how they came to our attention were more newsworthy than the material that was in those documents.”
This strategy has led to some frustration from anti-Trump commentators annoyed that Trump is now benefiting from the same journalistic scruples whose absence arguably helped carry him to victory in 2016. Liberal political commentator Brian Beutler decried the “untenable contrast to the way these same outlets responded to the hacking-and-leaking of Democratic emails in 2016.” “[It] is a bit rich for legacy media institutions to be acting so stuffily responsible when it’s Trump (apparently) getting the hack-and-leak treatment,” argued Ryan Cooper in the left-aligned publication The American Prospect. He cheerily suggested that the hackers should provide him with the pilfered materials instead.
For what it’s worth, though, Trump himself was frustrated by exactly these scruples in 2020, when his campaign largely failed in its effort to shop around negative information on Hunter Biden’s business dealings to the mainstream press. After Rudy Giuliani provided the material—emails purported to be from a laptop abandoned by Hunter Biden at a Delaware computer repair shop—to the right-wing New York Post, news outlets closer to the mainstream largely shied away from the story. Reporters were concerned about being taken in again, and the Trump campaign refused to provide them with the necessary material to authenticate the emails as real. Trump’s political allies have continued to denounce this as censorship.
The handling of the Hunter Biden laptop should by no means be held up as a paragon of how to respond to a potential hack-and-leak operation in an election year. For one thing, at the time it was unclear whether any foreign actors were involved in providing the laptop to the Trump campaign and whether the emails had been meddled with. But many institutions reacted aggressively on the seeming assumption that Russia was somehow involved. Twitter, for example, banned the posting or retweeting of links to the New York Post story altogether, a decision that former Twitter executive Yoel Roth would later describe as an error: “[W]e wanted to avoid repeating the mistakes of 2016,” he said in congressional testimony. A group of former intelligence officials released a letter warning that the laptop “has all the classic earmarks of a Russian information operation.” When little evidence of Russian involvement surfaced, Republicans accused the group of seeking to silence legitimate reporting.
The question of potential Kremlin fingerprints on the laptop has never definitively been resolved. In February 2024, the Justice Department indicted an FBI informant of Russian origin for feeding lies to his handlers about the Bidens that echo the allegations made by the Trump campaign regarding the laptop. In 2022, the Washington Post finally obtained a copy of the hard drive. The paper conducted a forensic analysis of the laptop and concluded that some of the material was real but that “the vast majority of the data … could not be verified.”
As strange as it might sound, the Washington Post’s approach to the Hunter Biden laptop may actually serve as a useful mental model for how the press might approach the tranche of hacked material from Trump’s 2024 campaign. The paper took its time to ensure that the materials it was examining were real. After doing so, it reported substantively on the contents of the emails concerning Hunter Biden’s business dealings, leaving out the more intimate details that have saturated the right-wing press. Alongside that substantive story, it also published two separate articles explaining how reporters authenticated the material and why the paper had decided to report its findings.
Russian information operation or not, that seems like a reasonable way to handle potentially important material of uncertain provenance. If news organizations take this approach in 2024, readers might expect to see stories surfacing about the Trump campaign documents only after reporters have done a fair bit of legwork to ensure that the materials in question are genuine—along with some soul-searching about whether or not the leaked documents are newsworthy enough to report on. Journalists “can/should report seriously on real documents that shed light on real stories, but should also foreground the hackers’ motives and not publish personal information gratuitously,” suggested Semafor Editor-in-Chief Ben Smith on Twitter. “And, in general, not treat a drip-drip of random documents as hot scoops.”
Along those lines, Washington Post Executive Editor Matt Murray told a reporter at his paper that the Washington Post had decided not to publish the hacked Trump campaign documents because they “didn’t seem fresh or new enough.” Perhaps, then, the hacked materials haven’t surfaced not because publications are still agonizing over whether or not to report on them, but because there’s just not a lot there.
But this is not necessarily the end of the story. The GRU began releasing tidbits of hacked information from the Democratic Party and the Clinton campaign in June 2016. The mainstream press, though, paid little attention until WikiLeaks began releasing enormous tranches of leaked material onto the open web in late July. It was after that development that reporting on the leaked emails took off. What might happen if—frustrated by the intransigence of the press—the IRGC publishes additional, more salacious hacked material itself, finds or creates a WikiLeaks-style cutout, or begins feeding it to publications with lower standards? Will the press report on it then?
There are no obviously right answers to these questions. This is fundamentally a journalistic judgment call. At the end of the day, it’s a matter of whether the public trusts the ability of the press to make it fairly.
Other institutions will also have judgment calls to make. It’s notable, for example, that the intelligence community moved far more quickly to announce the possibility of foreign interference and confirm the existence of an FBI investigation than these agencies did in 2016. That year, it took until October for the intelligence community to publicly acknowledge the existence of foreign interference—almost four full months after the GRU first began publishing hacked documents online under the persona Guccifer 2.0. This time around, in 2024, it took only a few days for the FBI to confirm an investigation following the Politico report. This increased speed may be due, in part, to increased communication between the private sector and the intelligence community that has grown up in response to the failures of 2016, such that intelligence agencies are better positioned to draw on the resources of threat intelligence companies in identifying and responding to operations of this kind. Should the public expect a similar level of candor from the government going forward as the investigation develops?
Then there are the social media companies—which were caught unawares in 2016 with the IRA’s trolling operation and responded over-aggressively to the Hunter Biden laptop story in 2020. From 2016 through roughly 2022, these companies worked to build relationships with the intelligence community and government agencies like CISA, so that both the private and public sectors would be better positioned to identify and respond to social media manipulation efforts. In recent years, though, these relationships have splintered under a sustained attack from the Republican Party, which has declared such efforts to be “censorship.” Independent researchers, too, have seen their access to platform data curtailed sharply. This GOP campaign has “made us less prepared to detect, investigate and respond to the wide range of foreign actors who are trying to influence the US election,” wrote Alex Stamos, formerly of Stanford University’s now-dismantled Internet Observatory, after news broke of the IRGC hack.
How will social media platforms—including Elon Musk’s Trump-friendly X, formerly Twitter—respond if users begin posting links to hacked material from the Trump campaign? According to Microsoft, Iran’s efforts at election interference also include a network of fraudulent news sites. Will Twitter and other platforms act to limit the spread of such propaganda, as platforms did in 2020, or allow them to spread freely?
And, of course, there is the Harris campaign. So far, the campaign does not seem to have commented publicly on the news of the hack, other than to indicate that it does not believe its systems have been breached. It seems unlikely that Harris will take the opportunity to declare, “Iran, if you’re listening …” in a stump speech. How, though, will the campaign react if the hacked material does become public? Will it be willing to point to such materials in campaigning against Trump?
Trump’s hypocrisy in complaining about the hack is so obvious that it’s barely interesting to point out. His only guiding star is whether something is advantageous for him or not—so hacked material is fair game when it’s useful for him to exploit, but is “never … nice” when it could potentially harm him. The benefit of this, such as it is, is that the Democratic Party now has an opportunity to model a more consistent standard of behavior when it comes to responding to foreign influence. There’s some wiggle room and space for judgment calls here, as with the role of the press, but the bottom line is that it’s inappropriate for a political campaign to seek out and embrace foreign assistance like Trump did in 2016.
Before that election, such conduct would have been unthinkable—but Trump shattered that norm. As strange as it might seem, this is an opportunity to rebuild it. Now that campaigns from both sides of the aisle have been targeted, it should be clear that neither political party is safe from foreign influence campaigns like these. That doesn’t mean that good behavior from the Democratic Party will convince the Republican Party to mend its ways—but there is still value to modeling what good behavior looks like, particularly from a campaign seeking to present itself as an opportunity to break away from the era of Trump.
Right now, the press is still in the earliest stages of untangling this election interference effort, and Iran’s campaign may only be getting started. It’s possible, even likely, that there will be more to come in the months ahead—perhaps from nations other than Iran as well.
They key here, however much one is tempted, is not to join Donald Trump Jr., who once commented about the Russian efforts: “If it’s what you say I love it especially later in the summer.”
– Quinta Jurecic is a fellow in Governance Studies at the Brookings Institution and a senior editor at Lawfare. She previously served as Lawfare’s managing editor and as an editorial writer for the Washington Post. Published courtesy of Lawfare.