Microsoft exec: We stopped Russia from hacking 3 congressional campaigns

Microsoft exec: We stopped Russia from hacking 3 congressional campaigns
Fake Microsoft domain was tied to attacks this year against congressional campaigns.
Sean Gallagher - 7/20/2018, 2:15 PM

In a panel discussion at the Aspen Institute's Security Summit yesterday, Microsoft Corporate Vice President for Customer Security and Trust Tim Burt said that in the course of hunting for phishing domains targeting Microsoft customers, members of Microsoft's security team detected a site set up by Russian actors that was being used in an attempt to target congressional candidates.

"Earlier this year," said Burt, "we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks, and we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for election in the midterm elections." While Burt would not disclose who the candidates were, he did say that they "were all people who, because of their positions, might have been interesting from an espionage standpoint as well as an election disruption standpoint."

Microsoft alerted US law enforcement and worked with the government to take down the sites. "We took down that domain and, working with the government, were able to prevent anyone from being infected by that particular attack," Burt said. "They did not get in, they tried, they were not successful, and the government security teams get a lot of credit for that."

Referencing the indictment issued last week against officers of Russia's Main Intelligence Directorate (GRU), Burt noted that phishing attacks are the primary method for state actors to gain access to political organizations' networks. To blunt that attack, "you need to have two-factor authentication," Burt explained. "It's a huge, if not perfect, defense."

Burt noted that, based on collaboration with other Internet services and security firms, "the consensus of the threat community is that we're not seeing the same level of activity" that was present at this point during the 2016 election cycle. The industry, he said, had not seen anything equivalent to the targeting of think tanks and academia nor the use of social media networks to build up a disinformation campaign that they saw in 2016. "But that doesn't mean we're not going to see it," he added. "There's a lot of time left before the election."

In April, Microsoft launched the "Defending Democracy" program, providing support to state election authorities, as well as to campaign organizations, in an effort to help better safeguard the electoral process. "We've been working with secretaries of state," Burt said, "and we did two three-day seminars with the Republican and Democratic communities to strengthen the security of campaigns."

Burt appeared on the panel with Facebook Head of Product Policy and Counterterrorism Monika Bickert, Former Secretary of Homeland Security Michael Chertoff, Assistant Secretary of Homeland Security for Cybersecurity and Communications Jeannette Manfra, and Washington State Secretary of State Kim Wyman. Wyman said that Washington had seen unsuccessful efforts to gain access to electoral systems in 2016 from Russia and was expecting more to come.

https://arstechnica.com/information...to-hack-3-congressional-candidates-this-year/

 

Why is our CIA and intelligence services so inept at repelling hacking???

 

no idea...then again maybe they're not inept, it's not wise to let your enemy know how good you are and what you know...in WW2 allied spy agencies deliberately let the Nazi's succeed in their attacks even when they knew what they were up to, to react to the information would've tipped the Nazi's off they knew their secret code system...

my sons starting his post secondary education in cyber security in September, counter hacking...essentially he's training to be a hacker, I told him to use his powers for good and not evil...

 

1. The nature of the technology itself and its constant evolution.
2. The fact that the Internet is all about connectivity and data transfer from one user to another
3. Unsophisticated end users doing dumb things - thats why spearfishing works
4. They are not inept, they rarely get hacked but they sure as hell can hack just about anyone else on the planet.
5. The president has not mandated a coordinated action across the entire government, nor requested the budget to do so.
6. The weaponization of social media was an unanticipated consequence that by its very nature is incredibly difficult to combat without gov't mandated restrictions and increased regulation
7. State sponsored coordinated cyber warfare campaigns that include hacking, platform exploitation and tons of bullshit fake news is a "perfect storm" attack that requires a coordinated cyber defense, including anti hacking, platform regulations and development of rather sophisticated anti bullshit technologies and processes.

Anyway, I am sure that all kinds of agencies from the military on down are on the case. Not just in America but throughout the world, especially in Europe.

Frankly I am appalled at the lack of leadership in this regard from the President. It is a dereliction of duty that he isn't demanding coordinated action. Hell his republicans just rejected extra funds to PROTECT the integrity of the upcoming election.

Makes no friggin sense if one goes by what was once considered accepted norms of behavior.

 

and the premise of the OP that the government agencies don't know is most likely incorrect...Obama was aware of the Russians were doing during the election campaign but not doing anything was a decision made to remain neutral and not to appear to be swaying the election toward Clinton...if he had trump and his minions would be screaming the election was rigged, which it turned it was but in trumps favor...

 

President Obama ordered them to not interfere with Russian activities, certain Russia was backing Clinton for obvious reasons.

 

Yeah sure right. Boy you sure do know what's going on, in your own mind.

 

Funny, you say they are inept yet say Trump should have listened to them when they blamed Russia for hacking.

Now...hmmmm…..why would you believe a bunch of people that are inept?

 

Cyber attacks are a daily happening... The worst are Iran, Russia, North Korea and China.. and that's been going on for a decade.

 

Trump claimed repeatedly during his campaign that the election was rigged.. and after he won, he claimed 5 million illegals had voted.

 

Nope.. Obama expelled 35 Russians and put sanctions on Russia.

 

Not sure why you are quoting my post here when nothing you said has any relevance to what I wrote.

 

They've done a great job, what are you referring to? The DNC leak? That wasn't under CIA protection...

 

It was rigged, and he still won...

 

Rigged how, beyond the Russian interference on his behalf?

 

Good question.

 

Yeah they got all those illegals to vote for Hillary...

 

Well this certainly doesn't help...

 

You don't need a budget to repel a phishing attack. Get a bleeping firewall. And for the love of god, authenticate the sites yourself before clicking the link. You don't get "hacked" by a phishing attack, you're stupid enough to fall into a phishing attack.

In the age of the internet, we basically have these older 30-40-50 year old types using the technology and largely being clueless.

 

Because it is an organization that is suffering inferior complexia (both on the domestic plain and on the international scene) and as with most suffering the same malady have a burning need to boast ..... ie. bragging with their mouths wide open. I think you know that it isn't the best way to keep secrets.

 

If Microsoft made a better OS in the first place lol. Windows is hardly secure now and during the days of XP!

The fact that 99% of users ran as a super user was just poor show.

 

A firewall ain't the cure all for phishing attacks, particularly sophisticated ones. Guess you haven't heard of spoofing. Nor of hacking email contact lists from facebook et.al. AND, these days you'd be amazed what one can do with a hacked smart phone in close proximity to a corporate network.



I do agree that the older generation is not as "tech savvy" as the younger crowd. Happens with every generation.
But age sure as hell isn't a factor in who gets taken in by nefarious actors with particular agendas.

 

They refuse to hire 15-year-old computer geeks.

 

And until we have elections that can be monitored, as the carter center told us ours could not be, no one knows how much fraud goes on in an election. Not trump, and not a democrat.

There have been cases of fraud caught over the years, so we know it happens. How much? No way to tell unless our elections are monitored by an independent non political partisan group.

But the democrats nor the repubs seem to want to insure honest elections by monitoring them. Perhaps each believe they would lose votes if we did? ha ha ha.

 

I don't believe that's true..