Being a professional hacker has never been more straightforward and lucrative than it is today. According to cyberdefense experts at Microsoft, cybercrime will be a $6 trillion industry by 2022. Hacking tools are available on the dark web for as little as $500 dollars, and some are sold with 24-hour support.
The ubiquity of low-cost hacking tools means that elections in the United States and all over the world are persistently threatened by a large and diverse set of hackers. Spikes in malware and phishing attacks targeting political campaigns have been detected during recent elections in Russia, Turkey, Colombia, Azerbaijan and Mali; keyloggers and Trojans were detected in key battleground states ahead of the 2018 US midterm election; and according to the Department of Homeland Security, during the 2016 election all 50 states saw some type of attempted cyberintrusion.
"When you think about attacks on electoral systems not just here in the US but globally," said Ann Johnson, corporate vice president of Microsoft's Cybersecurity Solutions Group, "the scale is almost hard to imagine."
Globally, Microsoft tracks nearly 6.5 trillion — yes, trillion — cybersecurity events per day. Several million of these are targeted at political campaigns. Many of the signals are benign, says Johnson, and using artificial intelligence in the cloud the tech firm works closely with political campaigns to identify and mitigate specific threats. For example, prior to the 2018 midterm elections, Microsoft uncovered phishing attacks targeting both Democrats and Republicans.
Threat actors targeting elections generally fall into a few specific categories. Johnson said hackers have a variety of reasons for doing what they do: there might be "folks that are purely financially motivated and their cybercrime is related to finances, you have folks that are IP theft-oriented, you have folks that are very into infecting our critical infrastructure, and then you have embarrassment actors" who smear politicians and public figures.
CNET visited the Microsoft Digital Crimes Unit in Redmond, Washington, to learn more about how the tech firm coordinates with law enforcement and political campaigns to lessen the impact of cyberattacks targeting democratic institutions.