Hillary Clinton may have lost the election because of Russian hacking. Or maybe not. No one knows for sure. But we do know now the Russians are omni-hackers. They go after Democrats and Republicans.
An extraordinary blog post with Microsoft President Brad Smith’s byline spells out the latest. The company’s digital crimes unit (DCU) received a court order to take control of six domains of the Russian hacker group Strontium. Also called Fancy Bear and APT28, it’s associated with the Russian government. The domains Microsoft took down yesterday mimic the conservative Hudson Institute and International Republic Institute. Six Republican senators sit on the IRI board of directors.
In a dozen instances over the past year, Microsoft has yanked no less than 84 Strontium domains. It’s like an endless video game.
Smith says the DCU discovered the nature of the most recent domains after it froze them and took control away from Strontium.
Earlier this summer Sen. Claire McCaskill (D-Mo.) reported an attack on her office. Another Russia-connected group used phishing to try and obtain staff members’ passwords.
So, yeah, the evidence shows Russians attacking both sides. That raises the question of what they hope to achieve. Maybe just chaos. Smith writes, Russian hacking takes place “in a broadening way” before the mid-term elections.
Microsoft, via Smith’s post, says it’ll offer enhanced cybersecurity services to candidates and political organizations that use Office 365. It calls this program “AccountGuard.” Tom Burt, Microsoft’s vice president for Customer Security & Trust, says his group has held multi-day cyber awareness sessions for both parties’ national campaign committees in Washington.
This development occurs when agencies are supposed to be implementing email authentication under the DMARC standard. A binding operation directive from Homeland Security compels agencies to get with DMARC, the goal of which is to give receivers assurance that email comes from whom it says. The deadline for a basic implementation is Oct. 31. Various vendors report the government is about 80 percent there. Back in May, Phil Reitinger, CEO of the Global Cyber Alliance, said on my show that contractors are behind the government in configuring their email systems for DMARC.
Microsoft says it isn’t sure what Strontium intended for the domains it seized yesterday. They apparently hadn’t yet caused any damage. Given that phishing is a popular and effective way to steal information, it seems likely phishing would have been one of the activities originating from the sites.
It’s unclear to what degree congressional agencies and Congress itself are prepared against phishing. But given the connected ecosystem of congressional staff, contractors and agencies you’d hope they’d all work off the same score.