ASPEN, Colorado — Microsoft just announced it notified nearly 10,000 of its customers that they were targeted or compromised by a cyberattack in the past year — primarily due to countries like Russia, Iran, and North Korea.
Tom Burt, Microsoft’s corporate vice president for consumer security and trust, wrote in a Wednesday blog post that 84 percent of the observed targets were the company’s enterprise customers, while the remaining 16 percent were individuals.
Burt made sure to note that many of the attacks had nothing to do with election interference. However, the scale of the attacks leads the company to worry about “the significant extent to which nation-states continue to rely on cyberattacks as a tool to gain intelligence, influence geopolitics, or achieve other objectives.”
What’s more, according to the blog post, Microsoft notified 781 democracy-focused organizations using one of its products — AccountGuard, a product specifically designed to protect entities vital to democracy — since last August that they were victims of a nation-state cyberattack. About 95 percent of those observed attacks around the world on political parties, campaigns, and other organizations targeted US-based groups.
Which means recent statements by Trump administration officials that the US government can safeguard the 2020 presidential election from foreign meddling shouldn’t be much of a comfort. If anything, Microsoft’s data shows just how big the problem has become — and why it wants to offer a new solution to deal with the issue.
Countries continue to cyberattack America
Russia, Iran, and North Korea — along with China — are the United States’ main adversaries in cyberspace. Experts worry about how those and other nations use cyberattacks to spy on business, hack into voting systems, and surveil citizens. The worry is they’ll use these methods not only to hack into pro-democracy groups, but do so to disrupt democracy itself.
So before digging into Microsoft’s proposal for safeguarding elections, it’s worth first understanding the extent of the threat.
Let’s start with Russia. In January 2017, the FBI, CIA, and NSA definitively assessed that Russia did interfere in the 2016 presidential election — and that the order came from the top. Here’s part of that conclusion:
We assess Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the US presidential election. Russia’s goals were to undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency. We further assess Putin and the Russian Government developed a clear preference for President-elect Trump.
Russia targeted the election systems of at least 21 states, although it doesn’t look like they managed to change any results.
In July 2018, special counsel Robert Mueller indicted 12 Russian intelligence officers, charging them with hacking the computer networks of members of Hillary Clinton’s campaign, the Democratic National Committee, and the Democratic Congressional Campaign Committee. Working under the monikers “DCLeaks” and “Guccifer 2.0,” they allegedly coordinated to release damaging information to sway the election. Mueller later concluded that Russia interfered in the 2016 election, though there was no coordinated conspiracy with the Trump campaign.
Iran is clearly trying to be as effective as Russia on this front.
In May, the prominent cybersecurity firm FireEye released information about social media accounts — created between April 2018 and March 2019 and originating from Iran — that were purposely impersonating Americans and even Republican candidates for Congress. In some cases, the fake users weighed in on the Trump administration’s tough policy toward the Middle Eastern country, such as its decision to designate an elite Iranian military unit as a terrorist organization in April. That tip led Facebook to remove roughly 100 accounts, pages, groups — and even three Instagram accounts — from the web, seemingly all coming from one location.
It appears the same kind of behavior took place on Twitter. Yoel Roth, Twitter’s head of site integrity, tweeted that earlier in May the social media platform “removed more than 2,800 inauthentic accounts originating in Iran ... employ[ing] a range of false personas to target conversations about political and social issues in Iran and globally.” Roth also noted that while the accounts were the same ones reported on by FireEye, Twitter didn’t receive any information before removing the fake users.
What’s more, recent reports indicate that Iranian cyberwarriors have stepped up their online operations, with a particular emphasis on preparing to attack US firms. Among other moves, they’re aiming to trick employees at major businesses to hand over passwords and other vital information, giving them greater access to a firm’s networks.
“When you combine this increase with past destructive attacks launched by Iranian-linked actors, we’re concerned enough about the potential for new destructive attacks to continue sounding the alarm,” Christopher Krebs, a top cybersecurity official at the Department of Homeland Security, told Foreign Policy on July 1.
North Korea, meanwhile, seems focused on non-election-related matters.
In December 2017, the US said North Korea was behind the WannaCry cyberattack. That attack used ransomware — where hackers use malware to scramble a victim’s files and then demand money to unscramble them — to infect businesses, banks, hospitals, and schools in more than 150 countries. One of the biggest strikes occurred in Britain, where it caused havoc in the health care system and interfered with surgeries and emergency services.
That wasn’t the first time North Korea had launched a successful cyberattack. Experts and analysts believe the Kim regime was behind the $81 million cyber heist of the Bangladesh Central Bank in 2016 and the Sony Pictures hack in 2014 — right before the studio released The Interview, a comedy about two Americans who assassinate a fictional North Korean leader. But WannaCry seems to be Kim’s greatest cyber success to date.
Still, the US government seems keen on protecting the integrity of American elections from attacks by these and other countries. Microsoft thinks it has a solution for that.
Microsoft to demo ElectionGuard to protect American elections
On Wednesday, Microsoft unveiled at the Aspen Security Forum in Colorado that it will demo a working version of what it calls “ElectionGuard” — part of its Defending Democracy program.
According to the company, it’s the first end-to-end verifiable system that can help voters confirm their votes counted and weren’t hacked.
Here’s how the demo will work, per Burt’s blog post. First, a person can vote on a screen or using an Xbox adaptive controller, for those with limited mobility. Second, the voter will get a tracking code that allows the person to check if their choice was counted once the voting is over. And third, the demo provides a voter with a printed record of their vote, which they can also place into a physical ballot box.
Microsoft will partner with technology companies serving state and local governments to provide its new service. It’ll be available for free later this summer through GitHub, a Microsoft subsidiary, but it’s unclear how it might be used or if it’ll be widespread during the primary elections.
It’s an interesting solution to a long-standing problem, and it’s one many companies will certainly dabble in over the next few months and years.
President Donald Trump continues to say he’s worried about fraudulent voting in America, despite little evidence pointing to its prevalence. He should therefore be happy people are working on the issue.