X

Russian election hacking hits a bump, but it's still going on

Microsoft foils an effort targeting US conservative groups. The problem, though, is a whole lot bigger.

Richard Nieva Former senior reporter
Richard Nieva was a senior reporter for CNET News, focusing on Google and Yahoo. He previously worked for PandoDaily and Fortune Magazine, and his writing has appeared in The New York Times, on CNNMoney.com and on CJR.org.
Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Richard Nieva
Steven Musil
4 min read
gettyimages-157280535.jpg

The tech industry is in the hot seat before US midterm elections. 

Getty Images

The tech industry has a lot more work to do to protect elections.

If the US presidential campaign in 2016 blindsided giant technology companies like Facebook, Google and Twitter, the upcoming midterm elections are proving to be another all-out assault from bad actors attempting to cause trouble.

Now a new round of Russian hacking attempts on sites belonging to American organizations shows that tech companies should be prepared for a large scope of exploits.

Microsoft said Monday it recently discovered and disabled several fake websites designed to trick visitors and allow a hacking group connected to the Russian government to hack into their computers. Two of the fake sites were designed to mimic a pair of American conservative organizations -- the Hudson Institute and the International Republican Institute -- while three other domains were intended to resemble official US Senate sites.

A hacking group linked to the Russian military and known as Strontium was behind the spoofing campaign, according to Microsoft. The group, more widely known as Fancy Bear and APT 28, has also been linked to a series of hacks in recent years, including one in which emails and chat transcripts were stolen from the Democratic National Committee's computer network in 2016.

Watch this: Microsoft finds more Russian political meddling

Microsoft reportedly found no evidence the fake domains were used in a successful hack.

However, spoof sites often prompt users to enter their usernames and passwords, allowing hackers to steal emails, documents and other sensitive information. After discovering the sites, Microsoft said it obtained a court order to move the domains to its own server to neutralize the threat -- an approach the company has used 12 times in two years to shut down 84 fake websites linked to the group.

"Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit," Microsoft President and Chief Legal Officer Brad Smith wrote in a company blog post. "The sites involved in last week's order fit this description."

Not again

The discovery underscores the challenges as the US tries to avoid a repeat of Russian interference in the 2016 election. Disinformation has long been a part of Russia's foreign policy strategy, and social media has allowed the trolling effort to expand on a viral scale. US intelligence agencies have warned Congress that these campaigns will continue in future elections.

In the aftermath of the 2016 election, the big tech companies have gone into crisis mode to secure their platforms. Facebook CEO Mark Zuckerberg has been candid that Facebook just wasn't looking out for the right vulnerabilities. While the company said it was prepared to deal with traditional cybersecurity attacks at the time, it wasn't anticipating the social engineering tactics carried out by the Russians -- using organic posts and paid ads to sow discord among voters.

The discovery by Microsoft on Monday suggests attempts to meddle in the 2018 midterms will be a mixed-bag of efforts: exacerbating tensions and divides among voters, as well as exploiting the technical vulnerabilities of websites. The targets will also be across the board -- from liberal and progressive sites to conservative and far-right sites as well.

The nine types of Facebook ads that Russian trolls paid for

See all photos

Facebook has already identified new disinformation attempts ahead of the US midterms. Last month, the company said it found campaigns of "inauthentic behavior" that used dozens of Facebook pages and accounts, and $11,000 worth of ads, to promote political causes. The company said it found signs that the campaigns were the work of Russian agents, but stopped short of definitively naming them as the culprits.

A broader effort

Microsoft's revelation comes roughly a month after US special counsel Robert Mueller filed charges against 12 Russian hackers connected to the cyberattacks on the Democratic National Committee during the 2016 election campaign. In February, the Justice Department indicted 13 Russian nationals and the Internet Research Agency, a group linked to Russian intelligence services, for a propaganda campaign spread across social media during the 2016 election.

The moves by Microsoft are part of a concerted effort by some of the tech industry's most influential companies to head off foreign interference before it penetrates their platforms. Representatives from Amazon, Apple, Google, Facebook, Microsoft, Oath, Snap and Twitter met in April with representatives of the US intelligence community to discuss preparations for the midterm elections.

Next month, leaders from Facebook, Google and Twitter are scheduled to appear before the Senate for a hearing on election security and Russian meddling.

The US Justice Department has also instituted a new policy to inform Americans of foreign operations attempting to undermine confidence in US democracy. The government's plan is to notify US companies, private organizations and individuals when a hacking threat by foreign actors is detected.

First published Aug. 20, 10:28 p.m. PT.
Updated, Aug. 21, 10:27 a.m. PT: Adds more information throughout.

On the alert: 36 states are using this hacking detection sensor to protect the midterm elections.

Lesson learned? The Obama campaign used security keys in the 2012 election to prevent hacks.