Hackers targeted the campaigns of at least three candidates running for Congress in the upcoming 2018 U.S. elections, but the attacks were detected and thwarted, a Microsoft executive said Thursday.
The attempted attacks tried to use a fake Microsoft domain as a landing page for phishing attacks, said Tom Burt, Microsoft vice president for customer security and trust. He refused to name which candidates were targeted, citing privacy concerns.
“They were all people who, because of their positions, might have been interesting targets from an espionage standpoint, as well as an election disruption standpoint,” Burt told an audience at the annual Aspen Security Forum in Aspen, Colorado.
He also did not identify the source of the phishing attacks, though the tactic was similar to those used by Russian operatives to target the Republican and Democratic parties during their presidential nominating conventions in 2016.
Burt said Microsoft coordinated with the U.S. government and was able to take down the fake domains. He also said none of the campaign staffers targeted by the phishing attacks were infected.
More attacks are coming
Thursday’s revelation came in the wake of U.S. President Donald Trump’s news conference Monday in Helsinki, Finland, after his meeting with Russian President Vladimir Putin. Trump sided with Putin, supporting the Russian leader’s assertions that his country did not meddle with the 2016 U.S. presidential election.
Trump’s comments, which directly contradicted the findings of the U.S. intelligence community, have drawn harsh criticism from politicians, and former diplomatic and intelligence officials.
Current intelligence and security officials have warned repeatedly that not only was Russia responsible for meddling in the 2016 election, but that more attacks — both in the form of hacks and in the form of more subtle information operations — are coming.
Russia taking lead
“What we assessed and reassessed and have carefully gone over still stands,” U.S. Director of National Intelligence Dan Coats said of Russia’s efforts.
“It’s undeniable that the Russians are taking the lead on this,” Coats added, speaking during an appearance at the same security forum. “They are the ones who are trying to undermine our basic values, divide us with our allies.”
But U.S. and private sector officials say that, at least to this point, Russian efforts to influence the 2018 elections appear to be somewhat subdued.
“We’re not seeing the targeting of the actual state and local election systems that we saw in 2016 right now,” said Jeanette Manfra, the Department of Homeland Security’s assistant secretary for cybersecurity.
New tools working
For now, some leading private sector technology and social media companies agree.
Facebook, which Russia used to run ads and false news stories as part of its 2016 influence campaign, thinks some of that could be related to more awareness and crackdowns on the fake accounts Russian-linked operatives had been using.
“The new tools that would identify and remove fake accounts like the IRA [Russia’s Internet Research Agency] was running, combined with the new requirements for transparency in advertising, are such that I think we’re not seeing that same conduct,” Monika Bickert, head of Facebook’s product policy and counterterrorism, said.
“But we are watching for that activity,” Bickert said.
Microsoft’s Burt is also cautious, despite his experts “not seeing the same level of activity by the Russian activity groups” as they did two years ago.
“It doesn’t mean we’re not going to see it,” he said. “There’s a lot of time left.”
“I think we should all be prepared, given that capability and will, that they’ll do it again,” U.S. Homeland Security Secretary Kirstjen Nielsen warned Thursday. “We would be foolish to think they’re not.”