CNET también está disponible en español.

Ir a español

Don't show this again

Security

How Microsoft spotted another Russian hacking attempt

Also: How it all fits in with a larger campaign to influence elections.

James Martin/CNET

Microsoft said Monday that it had identified yet another attempt to hack political organizations and that the attack came from what it suspects is a group of professional hackers working for the Russian government. The tech giant spotted and neutralized websites that were attempting to impersonate the sites of conservative think tanks.

If this all sounds familiar, that's because Microsoft recently stopped similar attempts to collect login information from staffers of Democrats running for office, including someone working for Missouri Sen. Claire McCaskill. It's all part of what US intelligence officials and cybersecurity experts say is an ongoing attempt to influence US elections by hacking politicians and sparking discord online.

Here are answers to your questions about Microsoft's efforts to stop the fake sites and how these attempts fit into the big picture when it comes to election hacking.

What is Microsoft doing?

Microsoft is in a unique position to tackle hacking attempts like these. That's because its services are the backbone of many workplace email systems, so spoof websites impersonate the company. Microsoft keeps an eye out for web domains it doesn't control that pose as Microsoft login or password-reset pages. Such domains are a clear sign hackers are trying to fool web users into handing over their usernames and passwords, which the hackers can then use to steal emails and documents.

That's similar to what happened in 2016 to John Podesta, then head of Hillary Clinton's presidential campaign. Podesta was using Gmail and reportedly received an email prompting him to enter his username and password. He did, and hackers made off with a collection of his emails, which were later made public.

Microsoft is using the court system to take control of spoof websites bearing the Microsoft name. That takes the tools out of the hands of hackers, making it so they can't use them to steal usernames and passwords or launch any other kind of hacking attack.

Which groups were targeted?

This time, the hacks targeted the International Republican Institute and the Hudson Institute, both of which count Republican senators among their members, as well as three websites affiliated with the Senate.

The International Republican Institute's mission is focused on building democracy abroad, and the Hudson Institute fosters conversations on national security and foreign policy.

"We can only assume that this attack was intended to gather information about, and compromise or otherwise disrupt, Hudson's longstanding democracy-promotion programs, and in particular, our initiatives to expose the activities of foreign kleptocratic regimes," the Hudson Institute said in a statement Tuesday.

Now playing: Watch this: Justice Department indicts 12 Russian cyberspies suspected...
1:59

The International Republican Institute pointed to the threat of hacking attempts from foreign regimes.

"Cyberattacks have become one of the preferred tools of authoritarians around the world to harass and undermine independent organizations and democratic governments," the organization's president, Daniel Twining, said in a statement Tuesday.

How often is Microsoft seeing hacking attempts like this?

The company isn't finding a hack every day, but it's taken down a lot of spoof sites.

"We have now used this approach 12 times in two years to shut down 84 fake websites associated with this group," Microsoft President Brad Smith wrote in a blog post published Monday that details the new hacking effort.

How can political groups -- and everyone else -- protect themselves?

The first line of defense is to use two-factor authentication. That stops hackers from using your stolen username and password to log in to your accounts. 

Two-factor authentication is a login system that requires an extra piece of information, in addition to your username and password. It can be a onetime code generated on an app on your phone, or a physical token that connects to your device wirelessly or through the USB port.

Tech companies have a big role to play too. In addition to Microsoft's efforts to spot and take over spoofing websites, the company's Outlook service can filter out the fraudulent emails that hacking targets often receive prompting them to click on a link to the fake site. 

On Monday, Google security engineer Shane Huntley wrote in a blog post that Google does its best to filter out these phishing emails from Gmail. Google also sends warnings to users it finds are being targeted by a government-backed hacking effort. (Hunt also encouraged users to adopt token-based two-factor authentication if they believe they're at risk.)

Finally, companies are developing specialized tools for political campaigns and others at risk from this kind of hacking. At the same time it disclosed the Russian hacking attempt, Microsoft said its new AccountGuard tool will protect political organizations' accounts free of charge. What's more, secure-messaging companies like Wickr and Signal are working with campaigns to encourage them to keep sensitive messages and documents out of their regular email.

How does this fit into the big picture of election hacking?

All these hacking attempts use the same set of strategies Russians allegedly used in 2016 to sow chaos in the lead-up to the US presidential election. 

The 2016 hackers, who US agencies said were under direct orders from Russian president Vladimir Putin, made stolen information public. Other hacking campaigns focused on probing voter registration databases and elections websites for vulnerabilities.

So far in 2018, large troves of emails haven't been made public, and cybersecurity experts and law enforcement officials haven't identified any successful hacking attacks.

Beyond hacking, Russians at the Internet Research Agency allegedly ran misinformation and influence campaigns on social media platforms including Facebook, Twitter, YouTube and Reddit in 2016.

Many of those activities appear to continue today, and Facebook announced earlier this month that it had identified and taken down 32 accounts, pages and events affiliated with a coordinated campaign to influence the platform's users.

First published Aug. 21 at 1:15 p.m. PT
Update at 2:28 p.m. PT: Added information about preventing future hacks.

Cambridge Analytica: Everything you need to know about Facebook's data mining scandal.

Taking It to Extremes: Mix insane situations -- erupting volcanoes, nuclear meltdowns, 30-foot waves -- with everyday tech. Here's what happens.