The tech industry has a lot more work to do to protect elections.
If the US presidential campaign in 2016 blindsided giant technology companies like Facebook, Google and Twitter, the upcoming midterm elections are proving to be another all-out assault from bad actors attempting to cause trouble.
Now a new round of Russian hacking attempts on sites belonging to American organizations shows that tech companies should be prepared for a large scope of exploits.
Microsoft said Monday it recently discovered and disabled several fake websites designed to trick visitors and allow a hacking group connected to the Russian government to hack into their computers. Two of the fake sites were designed to mimic a pair of American conservative organizations -- the Hudson Institute and the International Republican Institute -- while three other domains were intended to resemble official US Senate sites.
A hacking group linked to the Russian military and known as Strontium was behind the spoofing campaign, according to Microsoft. The group, more widely known as Fancy Bear and APT 28, has also been linked to a series of hacks in recent years, including one in which emails and chat transcripts were stolen from the Democratic National Committee's computer network in 2016.
Microsoft reportedly found no evidence the fake domains were used in a successful hack.
However, spoof sites often prompt users to enter their usernames and passwords, allowing hackers to steal emails, documents and other sensitive information. After discovering the sites, Microsoft said it obtained a court order to move the domains to its own server to neutralize the threat -- an approach the company has used 12 times in two years to shut down 84 fake websites linked to the group.
"Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit," Microsoft President and Chief Legal Officer Brad Smith wrote in a company blog post. "The sites involved in last week's order fit this description."
The discovery underscores the challenges as the US tries to avoid a repeat of Russian interference in the 2016 election. Disinformation has long been a part of Russia's foreign policy strategy, and social media has allowed the trolling effort to expand on a viral scale. US intelligence agencies have warned Congress that these campaigns will continue in future elections.
In the aftermath of the 2016 election, the big tech companies have gone into crisis mode to secure their platforms. Facebook CEO Mark Zuckerberg has been candid that Facebook just wasn't looking out for the right vulnerabilities. While the company said it was prepared to deal with traditional cybersecurity attacks at the time, it wasn't anticipating the social engineering tactics carried out by the Russians -- using organic posts and paid ads to sow discord among voters.
The discovery by Microsoft on Monday suggests attempts to meddle in the 2018 midterms will be a mixed-bag of efforts: exacerbating tensions and divides among voters, as well as exploiting the technical vulnerabilities of websites. The targets will also be across the board -- from liberal and progressive sites to conservative and far-right sites as well.
Facebook has already identified new disinformation attempts ahead of the US midterms. Last month, the company said it found campaigns of "inauthentic behavior" that used dozens of Facebook pages and accounts, and $11,000 worth of ads, to promote political causes. The company said it found signs that the campaigns were the work of Russian agents, but stopped short of definitively naming them as the culprits.
A broader effort
Microsoft's revelation comes roughly a month after US special counsel Robert Mueller filed charges against 12 Russian hackers connected to the cyberattacks on the Democratic National Committee during the 2016 election campaign. In February, the Justice Department indicted 13 Russian nationals and the Internet Research Agency, a group linked to Russian intelligence services, for a propaganda campaign spread across social media during the 2016 election.
The moves by Microsoft are part of a concerted effort by some of the tech industry's most influential companies to head off foreign interference before it penetrates their platforms. Representatives from Amazon, Apple, Google, Facebook, Microsoft, Oath, Snap and Twitter met in April with representatives of the US intelligence community to discuss preparations for the midterm elections.
Next month, leaders from Facebook, Google and Twitter are scheduled to appear before the Senate for a hearing on election security and Russian meddling.
The US Justice Department has also instituted a new policy to inform Americans of foreign operations attempting to undermine confidence in US democracy. The government's plan is to notify US companies, private organizations and individuals when a hacking threat by foreign actors is detected.
First published Aug. 20, 10:28 p.m. PT.
Updated, Aug. 21, 10:27 a.m. PT: Adds more information throughout.
: 36 states are using this hacking detection sensor to protect the midterm elections.
? The Obama campaign used security keys in the 2012 election to prevent hacks.