UPDATED 20:39 EST / AUGUST 21 2018

INFRA

Microsoft shutters Russian domains used to hack conservatives as Facebook axes more fake accounts

Microsoft Corp. said Monday that it had shut down six domains relating to an effort by Russian state-sponsored hackers to hack conservative organizations and senators.

The domains were being used as part of a phishing campaign that attempted to gain login details for sites with similar names to those being used by the hackers. Domains included ones that mimicked the International Republican Institute and the Hudson Institute, both of which have Republican senators among their membership as well as three websites affiliated with the Senate.

Also today, Facebook Inc., the main target of complaints of Russian influence on the 2016 U.S. presidential election, said it found more influence campaigns on its social network that were trying to mislead people not only in the U.S. but also Britain, Latin America and the Middle East.

Facebook said the activity, which started in Iran and Russia, prompted it to shut down 652 fake accounts, groups and pages. That was much more than the 32 pages and fake accounts on Facebook and Instagram that it removed late last month.

Microsoft didn’t hold back in pointing the finger, attributing the campaign to the group known as Fancy Bear or APT28, the same Russian group that has been behind a range of hacks previously including the Democratic National Committee in the lead up to the election.

In addition to shutting down the phishing domains, Microsoft also announced a new AccountGuard initiative that will provide three services that will cover both organizational and personal email accounts: threat notification across accounts, security guidance and ongoing education, and early-adopter opportunities.

Priscilla Moriuchi, director of strategic threat development at Recorded Future Inc., told SiliconANGLE that it’s a mistake to believe that the Russian government is a partisan political actor.

“Vladimir Putin (pictured) uses cyber operations to promote those who support his political agenda and undermine those who do not,” Moriuchi explained. “This includes people and organizations on both sides of the political aisle.”

She added that there’s no reason Russia would not continue to employ a technique that “so successfully furthered American domestic divisions and Putin’s own political goals. There is no doubt these types of attacks will continue through the mid-term and 2020 elections so far as the political gain has vastly outweighed the costs.” And Russia will persist, Moriuchi warned, unless it’s “confronted with real-world economic and political consequences.”

Sean Sullivan, security adviser at F-Secure Corp., said that although Microsoft’s announcement is generating a lot of attention from the press, it’s important not to lose sight of the bigger issue.

“The focus on think tanks holding pro-sanction views on Russia’s current regime is about espionage,” he said. “In short: Spies are going to spy. That’s true whether or not it’s an election year.”

The problem in the “rush to conclude that these six domains are part of an ‘attack’ on the elections,” he added, is that it “risks missing the complete threat model – and thus the complete countermeasures that should be taken.”

Terry Ray, chief technology officer at Imperva Inc., took a broader perspective, noting that while it’s good to see cybersecurity professionals taking action against phishers, it’s important not to forget that “it’s far easier to create a new domain than it is to get permission to take one offline, and with the vast number of available domains that can look like a political support organization, the hackers still have the advantage.”

For example, Microsoft eliminated the my-iri.org domain, because it looks like a domain for the International Republican Institute, but hackers can also, create iri-my.org, or my1-iri.org, or your-iri.org and so on. “The number of options is only limited by the hackers imagination and takes minutes to create and use,” Ray said. “On the defender’s side, finding, verifying and eliminating domains is a more tedious process which requires proof, documentation, multiple law enforcement agencies and, most importantly, time.”

Although he applauded the efforts of Microsoft with the announcement, Ray said he was looking for businesses to “better validate legitimate domains versus bogus in spam and other filters proactively for the consumer in the e-mail tools we all use in addition to the deletion of some domains.”

Photo: Kremlin

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU