As many of us suspected, there was some hacking done during the 2016 U.S. Presidential election. What that looked like specifically, no one really knows. Or if they do know, they’re not letting the rest of the world know. As we enter into another election season, we have to keep in mind that there’s likely to be more hacking, and Microsoft is trying to get out in front of it. They recently announced that they’ve been working hard to shut down Russian plots to hack U.S. political targets – including the U.S. Senate. Last week, Microsoft received a federal court’s permission to take down malicious websites that mimicked the login pages of the Senate, Microsoft’s own Office 365 platform and two conservative think tanks – the International Republican Institute and the Hudson Institute.
Using these websites, hackers working for the Kremlin-linked group Fancy Bear tried to trick their targets into handing over their passwords. The same group, which is tied to Russian military intelligence, has been blamed for the thefts and distribution of emails and other sensitive documents from the Democratic Party and Hillary Clinton’s campaign aides two years ago.
Microsoft is saying that it doesn’t have any evidence that the Russians successful hacked anyone using the sites that they took down last week, but they are “concerned that these latest attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections”. And they’re not wrong. In response, Microsoft has indicated that they will offer detailed, personalized notifications about specific cyber attacks. In addition, they will offer more general network and email security briefings to “all candidates and campaign offices at the federal, state and local level, as well as think tanks and political organizations we now believe, are under attack.”
Is this troublesome? Absolutely. While the whole idea is troublesome from a national security perspective, I think it’s also potentially troublesome from an individual perspective. It’s possible for you, as an ordinary citizen, to fall victim to some kind of rouse and end up giving away your password or your information. Sure, there are things that you can do to protect yourself, but as I have always said – there are a lot of wolves dressed in sheep’s clothing. Which means that you have to be able to spot those wolves. And it’s not always going to be easy. There will be times when you give that password away without realizing what you’ve done. That’s ok. It’s their job to find a way to get you to give that up.
It’s not right, and that’s why I’m happy to see someone trying to fight this. After spotting the fake Senate, IRI and Hudson websites, Microsoft notified all three entities. Are they obligated to do so? Absolutely not, but the fact that they did speaks volumes to the fact that they’re concerned about this as much as the rest of us are. Microsoft is “concerned by the continued activity toward elected officials, politicians, political groups and think tanks across the political spectrum in the United States.” They also see this activity as similar to what occurred in 2016 in the United States, and in 2017 in France.