Here we go again —

Microsoft exec: We stopped Russia from hacking 3 congressional campaigns

Fake Microsoft domain was tied to attacks this year against congressional campaigns.

Microsoft's Tom Burt talks about phishing attacks detected by Microsoft against political campaigns at the Aspen Security Summit.

In a panel discussion at the Aspen Institute's Security Summit yesterday, Microsoft Corporate Vice President for Customer Security and Trust Tim Burt said that in the course of hunting for phishing domains targeting Microsoft customers, members of Microsoft's security team detected a site set up by Russian actors that was being used in an attempt to target congressional candidates.

"Earlier this year," said Burt, "we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks, and we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for election in the midterm elections." While Burt would not disclose who the candidates were, he did say that they "were all people who, because of their positions, might have been interesting from an espionage standpoint as well as an election disruption standpoint."

Microsoft alerted US law enforcement and worked with the government to take down the sites. "We took down that domain and, working with the government, were able to prevent anyone from being infected by that particular attack," Burt said. "They did not get in, they tried, they were not successful, and the government security teams get a lot of credit for that."

Referencing the indictment issued last week against officers of Russia's Main Intelligence Directorate (GRU), Burt noted that phishing attacks are the primary method for state actors to gain access to political organizations' networks. To blunt that attack, "you need to have two-factor authentication," Burt explained. "It's a huge, if not perfect, defense."

Burt noted that, based on collaboration with other Internet services and security firms, "the consensus of the threat community is that we're not seeing the same level of activity" that was present at this point during the 2016 election cycle. The industry, he said, had not seen anything equivalent to the targeting of think tanks and academia nor the use of social media networks to build up a disinformation campaign that they saw in 2016. "But that doesn't mean we're not going to see it," he added. "There's a lot of time left before the election."

In April, Microsoft launched the "Defending Democracy" program, providing support to state election authorities, as well as to campaign organizations, in an effort to help better safeguard the electoral process. "We've been working with secretaries of state," Burt said, "and we did two three-day seminars with the Republican and Democratic communities to strengthen the security of campaigns."

Burt appeared on the panel with Facebook Head of Product Policy and Counterterrorism Monika Bickert, Former Secretary of Homeland Security Michael Chertoff, Assistant Secretary of Homeland Security for Cybersecurity and Communications Jeannette Manfra, and Washington State Secretary of State Kim Wyman. Wyman said that Washington had seen unsuccessful efforts to gain access to electoral systems in 2016 from Russia and was expecting more to come.

Listing image by Aspen Institute

Channel Ars Technica