Microsoft’s Digital Crimes Unit (DCU) has intervened to disrupt six internet domains that it has found to be part of a Kremlin-backed election hacking project. The hacking is aimed at US candidates running in the midterm election cycle. The domains were created by a group widely associated with the Russian government and known as Strontium, or alternatively Fancy Bear or APT28.
In April, Microsoft launched a project called the Defending Democracy Program, wherein the company is monitoring websites and web traffic to political sites in order to ensure that campaigns aren’t subject to cyber manipulation and disinformation tactics. Microsoft is working with governments and courts around the world to share information about campaign hacking.
We’re concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections. That’s why we are expanding Microsoft’s Defending Democracy Program with a new initiative called Microsoft AccountGuard. This initiative will provide state-of-the-art cybersecurity protection at no extra cost to all candidates and campaign offices at the federal, state and local level, as well as think tanks and political organizations we now believe are under attack. The technology is free of charge to candidates, campaigns and related political institutions using Office 365. Microsoft said in a statement about its intervention ahead of the midterms.
According to Microsoft, the company was able to disrupt the six sites with the approval of a court in the US. It has used the same process of shutting down and transferring control of questionable domains 12 times in two years to shut down 84 fake websites associated with APT28.
Russia has denied all allegations from Microsoft.
Writing in a blog post, Brad Smith, Microsoft president and chief legal officer, said that he expects that the fake sites will only expand and attacks may get more sophisticated. The six websites disrupted yesterday were designed to look very real and emailed users with detailed phishing emails that looked as though they would be from legitimate organizations.
One of the fake sites appeared to be with the International Republican Institute, which promotes democratic principles and is led by a board of directors that includes six Republican senators. Another looked as though it was part of the Hudson Institute, which hosts high profile policy discussion events. Other domains were designed to look like they were affiliated with the US Senate. Microsoft notified all of the organizations and said that it has no evidence that cyber attacks were carried out against any of them.
The company says its AccountGuard technology sets up a monitoring and incident response workflow similar to what Microsoft did when it found these sites on its own. AccountGuard will monitor the web for replica and disinformation sites and notify organizations if a compromising site is found.
Microsoft’s projects come alongside reporting released earlier today explaining how state governments are approaching election security ahead of the midterm elections in November and beyond. Congress has appropriated $380 million to the states for this purpose and much of that will be going to improving cybers defenses and updating voting equipment. However, it could take as long as five years or more before updates are fully complete and some election experts say that the $380 million will not be enough to replace current paperless voting machines which have been found to be easily manipulated and often lack fully secure backup records.
The Electronic Frontier Foundation, which advocates for a variety of cyber issues including improved security and privacy protection, is calling on Congress to rework the current text of the proposed Secure Elections Act to enforce paper balloting and risk limiting audits in order to deal with some of the problems with voting machines in several states.