Microsoft’s Digital Crimes Unit (DCU) successfully executed a court order last week to disrupt and transfer control of six internet domains created by a group widely associated with the Russian government and known as Strontium, APT28, or more colorfully, Fancy Bear. Said Microsoft president Brad Smith:
Foreign entities are launching cyber strikes to disrupt elections and sow discord. Unfortunately, the internet has become an avenue for some governments to steal and leak information, spread disinformation, and probe and potentially attempt to tamper with voting systems. We saw this during the United States general election in 2016, last May during the French presidential election, and now in a broadening way as Americans are preparing for the November midterm elections.
Microsoft says it has used this approach 12 times in past two years to shut down 84 fake websites associated with this notorious group but the company has also used the legal tactic to go after botnets, or malicious networks of automated accounts, since at least 2010. The cases were brought under trademark infringement laws.
Microsoft has been singularly aggressive in pursuing the bad guys through legal channels and has assembled a global force of more than 3,500 security professionals working to solve problems. Microsoft President Brad Smith has called cybersecurity the “new battlefield” and repeatedly called for a “new digital Geneva Convention” to help tech companies and governments come together to protect people from cyber attacks.
The transfer of control of the six domains enabled Microsoft to examine what Strontium intended to do with the domains. They discovered that the sites were meant to mimic prominent Republican organizations such as the Hudson Institute, a conservative Washington think tank active in investigations of corruption in Russia, and the International Republican Institute, a nonprofit group that promotes democracy worldwide. Three other fake sites were built to appear as though they were affiliated with the Senate, and one nonpolitical site spoofed Microsoft’s own online products. Said Smith:
Despite last week’s steps, we are concerned by the continued activity targeting these and other sites and directed toward elected officials, politicians, political groups and think tanks across the political spectrum in the United States. Taken together, this pattern mirrors the type of activity we saw prior to the 2016 election in the United States and the 2017 election in France.
To help political organizations defend themselves against cyber attacks, Microsoft has expanded its billion dollar Defending Democracy Program to offer a new service called Microsoft AccountGuard, which is now available to:
…all current candidates for federal, state and local office in the United States and their campaigns; the campaign organizations of all sitting members of Congress; national and state party committees; technology vendors who primarily serve campaigns and committees; and certain nonprofit organizations and nongovernmental organizations. Microsoft AccountGuard is offered free of charge. Organizations must be using Office 365 to register.
AccountGuard has three core offerings.
Unified threat detection and notification across accounts
Notification about cyber threats, including attacks by known nation-state actors, in a unified way across both email systems run by organizations and the personal accounts of these organizations’ leaders and staff who opt-in. Threat detection and notification will initially be available only for Microsoft services including Office 365, Outlook.com and Hotmail.
Security guidance and ongoing education
Best practice guidance and materials designed specifically for the unique problems faced by politically oriented organizations. This advice will come in two forms: off-the-shelf materials organizations can use as they grow and take on new staff, and in-depth live sessions.
Early adopter opportunities
Organizations registered for AccountGuard will receive access to private previews of security features typically offered to large corporate and government account customers. In addition to being among the first to deploy the latest technology, this aspect of Microsoft AccountGuard will enable the company to collect critical feedback and rapidly evolve security to address the specific needs of eligible organizations.
For complete details, read this blog post by Tom Burt, Microsoft Corporate Vice President, Customer Security & Trust.
Microsoft has a huge stake in keeping its customers secure so its leadership in cybersecurity is both commendable and necessary. It is no secret that Windows and a number of other Microsoft products have had their vulnerabilities exploited by hackers in the past. But, it’s equally clear that Microsoft cannot solve this problem alone. Smith said:
While cybersecurity starts with Microsoft and other companies in the tech sector, it’s ultimately a shared responsibility with customers and governments around the world. Together with our industry partners, we’ve launched the Cybersecurity Tech Accord, now endorsed by 44 leading tech companies to protect and empower civilians online and to improve the security, stability and resilience of cyberspace.
To be successful in defending elections and other democratic institutions, technology companies, government, civil society, the academic community and researchers need to come together and partner in new and meaningful ways. It would be enormously helpful if certain leaders of the free world had a better grasp of the benefits and dangers of a connected world.