Russian hackers targeted US conservative think-tanks, says Microsoft

Hackers linked to Russia’s government tried to target the websites of two right-wing US think-tanks, suggesting they were broadening their attacks in the build-up to November elections, Microsoft said.

>>Reuters
Published : 21 August 2018, 10:45 AM
Updated : 21 August 2018, 10:45 AM

The software giant said it thwarted the attempts last week by taking control of sites that hackers had designed to mimic the pages of The International Republican Institute and The Hudson Institute. Users were redirected to fake addresses where they were asked to enter usernames and passwords.

There was no immediate comment from Russian authorities, but the Kremlin was expected to address the report later on Tuesday. It has regularly dismissed accusations that it has used hackers to influence US elections and political opinion.

Casting such allegations as part of an anti-Russian campaign designed to justify new sanctions on Russia, it says it wants to improve not worsen ties with Washington.

“We’re concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections,” Microsoft said in a blog post overnight.

The International Republican Institute has a roster of high-profile Republican board members, including Senator John McCain of Arizona who has criticized US President Donald Trump’s interactions with Russia, and Moscow’s rights record.

The Hudson Institute, another conservative group, has hosted discussions on topics including cybersecurity, according to Microsoft. It has also examined the rise of kleptocracy, especially in Russia and has been critical of the Russian government, the New York Times reported.

“They (the Russians) are pursuing attacks that they perceive in their own national self-interest,” Eric Rosenbach, the director of the Defending Digital Democracy project at Harvard University, told the New York Times.

“It’s about disrupting and diminishing any group that challenges how Putin’s Russia is operating at home and around the world.”

CYBER-TENSIONS

Microsoft’s report comes amid increasing cyber-tensions between Moscow and Washington ahead of the congressional votes in November.

A federal grand jury in the US indicted 12 Russian intelligence officers in July on charges of hacking the computer networks of 2016 Democratic presidential candidate Hillary Clinton and the Democratic Party.

Special Counsel Robert Mueller is investigating Russia’s role in the 2016 election and whether Trump’s campaign team colluded with Russians during the vote. Russia denies meddling in the elections while President Trump has denied any collusion.

Microsoft said its digital crimes unit (DCU) had acted on a court order to take control of six internet domains created by a group known variously as Strontium, Fancy Bear and APT28, which it said was associated with the Russian government.

As well as the two think-tanks, other home pages had been set up to mimic the websites of the U.S. Senate and Microsoft’s own Office software suite, it added.

The type of attack is known as “spear fishing,” in which the hackers trick victims into entering their username and password into the fake site in order to steal their credentials.

“To be clear, we currently have no evidence these domains were used in any successful attacks before the DCU transferred control of them, nor do we have evidence to indicate the identity of the ultimate targets of any planned attack involving these domains,” Microsoft said on the blog.

Facebook said late last month it had removed 32 pages and fake accounts from its platforms in a bid to combat foreign meddling ahead of the US votes.

The company stopped short of identifying the source of the misinformation. But members of Congress who had been briefed by Facebook on the matter said the methodology of the influence campaign suggested Russian involvement.

Reporting by Brendan O'Brien; Additional reporting by Andrew Osborn in Moscow; Editing by Simon Cameron-Moore and Andrew Heavens.

More than 175 former US State Department and Pentagon officials added their names to a statement signed by former national security officials criticizing President Donald Trump’s decision to cancel the security clearance of former CIA director John Brennan.

New signatories to the statement, initially issued last week by 15 former directors and deputy chiefs of the Central Intelligence Agency and Office of Director of National Intelligence, include former political appointees and career civil servants. They worked under both Democratic and Republican presidents.

Among the most prominent individuals to sign a new version of the statement released on Monday by senior officials from the George W. Bush and Barack Obama administrations are former NATO Commander Admiral James Stavridis, former Deputy Secretaries of State Anthony Blinken and William Burns and former Undersecretaries of State Nicholas Burns, Wendy Sherman and Thomas Pickering.

While they may not agree with all Brennan’s public attacks on Trump, the statement read, they believe “the country will be weakened if there is a political litmus test applied” before former officials are allowed to voice their views.

Separately, US Senator Mark Warner, the Democratic vice chairman of the Intelligence Committee, filed legislation on Monday that would limit the president’s ability to revoke an individual’s security clearance.

Trump said last week he was considering withdrawing clearances for other former high-ranking officials as well as Bruce Ohr, a current Justice Department official.

Brennan, who has publicly characterized Trump’s comments at a recent summit with Russian President Vladimir Putin as “treasonous,” has said he might sue the Trump administration over the revocation of his clearance.

Representatives Elijah Cummings and Stephen Lynch, top Democrats on the House Oversight and Government Reform Committee, in a letter on Monday to White House Chief of Staff John Kelly, questioned the security clearance of John Bolton, Trump’s national security adviser.

Cummings and Lynch asked Kelly to turn over documents related to whether Bolton, in security clearance forms or “other White House vetting materials,” reported that in 2013 he participated by video in a roundtable discussion on gun rights organized by Maria Butina.

Butina was arrested in July and accused of acting as a Russian agent while developing ties with US citizens and infiltrating political groups.

The Washington Post has reported that Bolton recorded the video promoting an expansion of gun rights in Russia used by Right to Bear Arms, a group Butina formed.

The White House National Security Council had no immediate comment on the letter. White House aides also declined to comment.

Russia has denied any interference in the 2016 US election. Trump has said there was no collusion with his campaign.

“Everybody wants to keep their Security Clearance, it’s worth great prestige and big dollars, even board seats, and that is why certain people are coming forward to protect Brennan,” Trump said in a series of posts on Twitter.