Microsoft cracks the whip on hackers
The hacks found by Microsoft are similar to those seen in the US in the 2016 election
As US elections loom, Microsoft is emerging as a leading foe of Russian hacking and meddling in the democratic process, setting it apart from some of its biggest tech counterparts, including Facebook and Twitter, which have been playing catch-up since 2016 in the fight against foreign interference.
Late Monday, Microsoft Corp. staged a broad public announcement to herald its seizure of web domains that were being used to send phishing emails by hackers linked to the Russian military, a possible attempt to manipulate the coming midterm elections in November. The cyber-attackers, from a group called Strontium, sought to masquerade as conservative organisations, the company said, in a possible ploy to sow divisions among Republicans.
The posting reflects Microsoft’s effort to take the lead in technology-policy issues relating to cybersecurity, privacy and nation-state hacking, with repeated public speeches on needed laws and the suggestion of international covenants barring hacking of civilians.
Since reports emerged about Russian hacking and efforts to spread misinformation via social networks during the 2016 presidential campaign, Microsoft has made it clear that the company would deploy its security teams and Digital Crimes Unit to aid in election security. The company’s relish for the task contrasts with companies such as Facebook Inc. and Twitter Inc., which were slow to recognise the role their platforms played in the spread of misinformation in 2016, and which have struggled to combat troll farms and other miscreants trying to use social media to manipulate the electoral process. Facebook and Twitter, along with internet search and advertising giant Google, face Senate hearings next month to answer questions on their efforts to prevent Russian meddling in the November elections. Google on Monday warned customers to take Gmail warnings about phishing attacks seriously.
Microsoft President and Chief Legal Officer Brad Smith, who has been leading the company’s charge against both foreign nation-state hackers and occasionally the US government in cases related to the attempted seizure of customer data, said tech companies and governments must come together and step up efforts to protect democracy.
The hacks found by Microsoft are similar to those seen in the US in the 2016 election and the following year in French elections, he said.
Motivated by civic duty
Microsoft’s activism in this space is not merely motivated by civic duty. It’s also driven by concerns that failure to act against cyber-criminals could undermine trust in technology and possibly impact business.
“Their products are the battleground,” said Andrew Grotto, a security fellow at Stanford University’s Centre for International Security and Cooperation, who served as senior director for cybersecurity policy for Presidents Obama and Trump from December 2015 to May 2017. “They are worried about both actions that undermine trust in their products and there’s a more sector-wide worry about what happens if these risks accumulate and become a burden on trust affecting the industry as a whole.”
And, as Smith pointed out, the think tanks, agencies and candidates under attack are Microsoft clients.
“We are in the business of ensuring the cybersecurity of our customers,” Smith said.