WASHINGTON — In the past year, political campaigns, parties, and pro-democracy groups around the world have faced more than 800 cyberattacks, according to new data provided to Rolling Stone by tech giant Microsoft.
“The threat is real and it’s not stopping,” Tom Burt, a vice president of customer security and trust at Microsoft, tells Rolling Stone. “Anyone involved in the democratic process needs to know that it’s likely not a question of if they’ll be targeted but whether they will be breached, and there’s a lot they can do today — basic cybersecurity hygiene — to protect themselves.”
The 2016 presidential race demonstrated how a foreign adversary’s hacking operation could wreak havoc in US democracy — in that case, by digitally breaking into the DNC and the personal email account of Clinton campaign chief John Podesta and then weaponizing those stolen emails and documents through publishing them online.
Despite Special Counsel Robert Mueller’s indictment of 12 Russian intelligence officers for the DNC and Podesta hacks, the cyberattacks didn’t let up in the 2018 midterm elections. In the summer of 2017, shortly after President Trump took aim at then-Sen. Claire McCaskill (D-Mo.) and told a Missouri rally crowd to “vote her out of office,” Russian-affiliated hackers targeted staffers in McCaskill’s Senate office and tried to dupe those staffers into handing over their email passwords.
Rolling Stone broke two stories that revealed online attacks targeting two Democratic candidates for Congress in competitive races, one of whom was challenging then-Rep. Dana Rohrabacher (R-Calif.), widely seen as the most pro-Russia lawmaker in Washington. (Rohrabacher lost his race last year.) The other Democratic candidate was Bryan Caforio, whose official campaign website was crippled multiple times by distributed denial of service attacks.
The FBI has investigated both of these incidents and continues to look into the DDoS attacks on Bryan Caforio, according to a source with knowledge of the investigation.
Then-Director of National Intelligence Dan Coats said in the summer of 2018 that the warning lights for future cyberattacks on American elections were “blinking red.” A month later, Microsoft announced that it had used a court order to disrupt and shut down phony domain names used by Fancy Bear, the Russian-affiliated hacking operation, to attack U.S. Senate staffers and employees of nonprofit groups like International Republican Institute that have been critical of Russia and its leader, President Vladimir Putin.
As part of its Defending Democracy Program, Microsoft created a free tool called AccountGuard that political candidates, parties, and democracy-focused NGOs can use for free to protect themselves against the hacking attempts and other cyberthreats. There are approximately 60,000 accounts enrolled in AccountGuard, which is available in more than two dozen countries, according to Microsoft.
Tom Burt, the Microsoft executive in charge of customer security, tells Rolling Stone that the majority of nation-state attacks the company has detected against all Microsoft customers have originated with actors in Iran, North Korea, and Russia. (The company doesn’t specify which nation-states are behind attacks on political campaigns, parties, and pro-democracy groups that use the AccountGuard tool.)
Burt says that he and his team have detected a pattern in the cyberattacks that they’re seeing. “Early on in election cycles, we often see the majority of attacks targeting NGOs and think tanks involved in policy-making process and that are in communication with campaigns,” Burt says. “As we get closer to elections themselves, we often see more attacks targeting campaigns themselves and the personal email of campaign staff.”
The Microsoft data suggest that, when it comes to the threat of cyberattacks, the 2020 elections are shaping up to be as bad or worse than 2016.