Of all the battles Microsoft has fought over the decades, its pursuit of the alleged Russian Fancy Bear hacking group is turning into one of the most intriguing.
In a new skirmish mentioned by Microsoft’s president and chief legal officer Brad Smith, Microsoft’s Digital Crimes Unit (DCU) recently took control of six internet domains that were about to be used by the group to spoof US political organisations.
These included two mimicking US think tanks – the International Republican Institute and the Hudson Institute – plus three that appeared to be about to target services connected to the US Senate.
The motive? Politics of course:
We’re concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections.
But it was the final domain, impersonating Office 365 and OneDrive, that must have waved a red flag inside Microsoft – going after US democracy is bad enough but going after Microsoft brought trouble even closer to home.
Of all the battles Microsoft has fought over the decades, its dogged pursuit of the Russian Fancy Bear hacking group is rapidly turning into one of the most intriguing.
Two years ago, Microsoft sued Fancy Bear, the first time anyone had ever tried legal action against a hacking group in any context, let alone one with no business address and whose members or employees remain a mystery.
Microsoft has also gone out of its way to namecheck the group’s victims, which include the Democratic National Committee (DNC), the German parliament, French TV, the World Anti-Doping Agency, the Ukrainian military, and many others.
But the important moment was the setting up of the Defending Democracy Program earlier this year, out of which has emerged AccountGuard, a free service that it says will defend political candidates at national, state and local levels of US democracy from hackers.
For most of its existence, Microsoft has skirted around politics as much as possible. With alleged Russian hacking banging on the door of US elections, some will say the company has picked a good moment to change course.
Mahhn
Having been paying close attention to everything considered Election Hacking I have been surprised by the limit of the “hacks”. Everything I have seen is Social Engineering, however having also paid attention to the “manipulation” (not called hacks) by both the corporate parties (D & R) have spent millions in disinformation, and spoofed websites. One of the presentations at DefCon this year went over how both of those parties bought domains (traced back registering parties), put up context that pretended to support the opposition, have a donate button, and brought in monies, with a tiny (might as well be hidden) disclaimer that the page was in opposition to all the other content on it, with no indication to where the money goes.
It would be best if both domestic along with foreign manipulation of our elections would be called out as hacking – not that it’s Sophos responsibility, and the big News corps certainly (as manipulating participants) won’t point it out, as they are committed to one or the other “side”. well,,, never mind…..