By Dustin Volz
Suspected nation-state hackers from Russia, Iran and elsewhere
have launched nearly 800 cyberattacks against political
organizations over the past year that have been detected by
Microsoft Corp., with the vast majority of the attempts targeting
groups based in the U.S.
Think tanks and nongovernmental groups that work with candidates
or political parties -- or on issues important to their campaigns
-- have suffered most of the attacks. The assaults could be a
precursor to direct attacks on campaigns and election systems, a
trend in recent election cycles in the U.S. and Europe, Microsoft
said Wednesday.
The findings are the latest indication that foreign governments
are laying the groundwork ahead of the 2020 presidential election
to potentially disrupt American politics, as senior U.S.
intelligence officials have repeatedly warned.
Federal agencies have dedicated more resources to election
security since 2016, but cash-strapped campaigns remain broadly
vulnerable, and the Republican-controlled Senate isn't expected to
consider legislation tackling the issue before the election.
Microsoft said it had delivered 781 notifications of suspected
nation-state attacks to customers globally who are enrolled in its
AccountGuard service, a free security tool offered to federal,
state and local political candidates, party committees,
election-oriented technology vendors and select nonprofit and
nongovernmental organizations that use Microsoft Office 365.
Microsoft wouldn't identify the customers.
Microsoft said it had notified almost 10,000 customers overall
that they had either been targeted or compromised by nation-state
attacks in the past year, with about 84% of those attacks targeting
business customers and the rest launched against personal email
accounts.
The majority of nation-state activity spotted by Microsoft
originated from Iran, North Korea and Russia, Microsoft said. It
includes attacks from a group known as Fancy Bear believed to have
ties to Russia's military intelligence and linked to the hack of
Democratic emails in 2016.
The company in its findings didn't mention China -- a country
usually included with the other three when Western intelligence
agencies or security experts discuss state-sponsored cyberattacks.
Asked about the omission, Microsoft said China was also an active
threat but that its attacks against political groups weren't as
voluminous.
AccountGuard, which rolled out last August, is offered in more
than two dozen countries, but 95% of the attacks have targeted
U.S.-based organizations, a proportion that couldn't be explained
by its rate of American customers, Microsoft said.
"Democracy-focused organizations in the United States should be
particularly concerned," said Tom Burt, Microsoft's senior vice
president of customer security and trust, in a blog post.
"By nature, these organizations are critical to society but have
fewer resources to protect against cyberattacks than large
enterprises," Mr. Burt said, adding that "the problem is real and
unabated."
Microsoft previously said it s threat-intelligence team had
tracked hacking attempts to the Kremlin targeting U.S. think tanks,
academics, and nongovernmental groups that appear close to American
politics or specific 2020 campaigns. Wednesday was the first time
it had provided statistics for the phenomenon.
The announcement coincides with the Aspen Security Forum in
Colorado, where Microsoft will demonstrate a new software kit
intended to let third parties verify election results. The kit,
known as ElectionGuard, gives voters a digital tracking code that
allows them to follow an encrypted version of theirballot and check
on a website that it was counted correctly. The system, which can
be layered onto existing voting equipment, would keep actual votes
private, but be able to detect whether a vote had been altered,
according to Microsoft. U.S. officials have repeatedly said there
is no evidence any votes were changed by hackers in 2016.
Microsoft is one of several tech companies that have sought to
build or expand election-security offerings since 2016, when Russia
interfered in the presidential election to boost then-candidate
Donald Trump, according to former special counsel Robert Mueller
and the U.S. intelligence community. Russia has denied the
allegations.
The tech firms' effort haven't always gone smoothly. Facebook
and Twitter have been criticized for acting too slowly or
inconsistently in efforts to take down foreign disinformation on
their platforms. And Google's archive of political ads, set up last
year in response to calls for greater transparency as part of the
fallout of Russian interference in 2016, is riddled with errors and
delays, The Wall Street Journal reported Wednesday.
Some federal offices have also adapted to the new threat. The
Department of Homeland Security, Federal Bureau of Investigation
and other agencies have formed new teams and marshaled staff to
focus on election security.
Despite the efforts, a Wall Street Journal/NBC survey in May
found that 73% of American adults said they had just some or no
confidence at all in the federal government's ability to prevent
foreign countries from interfering in U.S. elections, and 45% said
they were fairly worried or very worried about foreign
interference.
At a gathering of state election directors this week in Austin,
officials voiced frustration over public attitudes that little is
being done to safeguard elections.
"The idea that this is not being taken seriously is just a lie,"
said Bob Kolasky, who leads the DHS's National Risk Management
Center, during a briefing to the election directors.
During the same briefing, one state official said President
Trump, who last month said he might accept information from foreign
governments that was damaging to his rivals, had been an
obstacle.
"He is the one who is overseeing your agencies and directing
your work, in theory," said Will Senning, Vermont's director of
elections, to Mr. Kolasky and other DHS officials in the room. "And
you get him with a sarcastic finger wag to (Russian President
Vladimir) Putin...that is playing the biggest role right now in the
public perception that nothing is being done."
The DHS officials didn't respond to Mr. Senning's remark. Asked
about the exchange, Judd Deere, a White House spokesman, said the
Trump administration was taking election security seriously and
working collaboratively with state and local partners.
Write to Dustin Volz at dustin.volz@wsj.com
(END) Dow Jones Newswires
July 17, 2019 21:52 ET (01:52 GMT)
Copyright (c) 2019 Dow Jones & Company, Inc.
Microsoft (NASDAQ:MSFT)
Historical Stock Chart
From Aug 2024 to Sep 2024
Microsoft (NASDAQ:MSFT)
Historical Stock Chart
From Sep 2023 to Sep 2024