As US elections loom, Microsoft is emerging as a leading foe of Russian hacking and meddling in the democratic process, setting it apart from some of its biggest tech counterparts, including Facebook and Twitter, which have been playing catch-up since 2016 in the fight against foreign interference.
Late Monday, Microsoft Corp. staged a broad public announcement to herald its seizure of web domains that were being used to send phishing emails by hackers linked to the Russian military, a possible attempt to manipulate the coming midterm elections in November. The cyber-attackers, from a group called Strontium, sought to masquerade as conservative organisations, the company said, in a possible ploy to sow divisions among Republicans.
The posting reflects Microsoft’s effort to take the lead in technology-policy issues relating to cybersecurity, privacy and nation-state hacking, with repeated public speeches on needed laws and the suggestion of international covenants barring hacking of civilians. Since reports emerged about Russian hacking and efforts to spread misinformation via social networks during the 2016 presidential campaign, Microsoft has made it clear that the company would deploy its security teams and Digital Crimes Unit to aid in election security. Just last month, the software maker reported it had stopped cyber-attacks on three congressional candidates targeted using a phoney version of the company’s website.
“They are trying to take the high ground of protector of corporate and consumer,” said Mark Moerdler, an analyst at Sanford C. Bernstein & Co.
The company’s relish for the task contrasts with companies like Facebook Inc. and Twitter Inc., which were slow to recognise the role their platforms played in the spread of misinformation in 2016, and which have struggled to combat troll farms and other miscreants trying to use social media to manipulate the electoral process. In the aftermath of the 2016 election, Facebook at first said it saw no evidence of Russian interference. It wasn’t until months later, after urging from government officials, that the company started to pinpoint activity specifically by Russia’s internet Research Agency. At that time, Twitter and Google scrambled to search for the same. All the companies finally released numbers on the extent of the campaigns, saying they were still investigating them, ahead of a November 2017 congressional hearing on the issue.
More recently the companies have been more active in removing suspicious material. After its platform was Russia’s main weapon in its 2016 interference, Facebook has invested heavily in trying to prove it will keep elections safe from further manipulation around the world. The company has hired thousands of security experts and content moderators to help detect problems, so they can coordinate with governments on resolving them. The company said in July that it found another instance of a campaign to manipulate political opinions on its social network ahead of the US midterms. It hasn’t yet been able to pinpoint a country behind the meddling, though politicians have cited Russia. Twitter, too, has heightened its efforts to rid its platform of bots and fake accounts that may be used to spread misinformation. Facebook and Twitter, along with internet search and advertising giant Google, face Senate hearings next month to answer questions on their efforts to prevent Russian meddling in the November elections.
Google on Monday warned customers to take Gmail warnings about phishing attacks seriously. “Beyond phishing for the purposes of fraud, a small minority of users in all corners of the world are still targeted by sophisticated government-backed attackers. These attempts come from dozens of countries,” the company wrote in a blog post.
Microsoft President and Chief Legal Officer Brad Smith, who has been leading the company’s charge against both foreign nation-state hackers and occasionally the US government in cases related to the attempted seizure of customer data, said tech companies and governments must come together and step up efforts to protect democracy. The hacks found by Microsoft are similar to those seen in the US in the 2016 election and the following year in French elections, he said. “This is a moment in time where we should reflect as a nation that 21st century democracy will flourish only if we take new steps to protect it,” he said in an interview. “These steps cannot be confined to one political party or to people in government. We have to come together across the tech sector and in partnership with democratic governments around the world.”
Still, the decision to act is different and somewhat easier for Microsoft than it is for social-media or consumer-facing internet companies. The Redmond, Washington-based company doesn’t operate a large social network where user opinion can be swayed by posts, nor does it get the majority of revenue from advertising, which can be secretly purchased by foreign actors or linked to nefarious posts. Where Microsoft is strong is in email software, and that’s how these recent attacks have shown up “” through phishing emails designed to harvest a user’s passwords and personal information after getting them to click on a link made to look like the website of two well-known conservative think tanks.
Microsoft’s activism in this space is not merely motivated by civic duty. It’s also driven by concerns that failure to act against cyber-criminals could undermine trust in technology and possibly impact business.
“Their products are the battleground,” said Andrew Grotto, a security fellow at Stanford University’s Centre for International Security and Cooperation, who served as senior director for cybersecurity policy for Presidents Obama and Trump from December 2015 to May 2017. “They are worried about both actions that undermine trust in their products and there’s a more sector-wide worry about what happens if these risks accumulate and become a burden on trust affecting the industry as a whole.”
And, as Smith pointed out, the think tanks, agencies and candidates under attack are Microsoft clients.
“We are in the business of ensuring the cybersecurity of our customers,” Smith said.