With just a few days before the 2020 United States Election, there has been quite a bit of concern over the idea that external interests may try to sway the results—and it seems for good reason. Only recently, Microsoft interrupted a massive coordinated hacking plot that could have altered the very infrastructure needed to support a fair election. Let’s examine this plot, and what Microsoft did, in some more detail.
In a joint statement on October 12, 2020, the United States Cyber Command (USCYBERCOM) and Microsoft revealed that an enormous botnet had been discovered and dubbed TrickBot. While the servers that powered the attack were initially taken down, their efforts were walked back when TrickBot proved resilient enough to remain in operation. With many industry professionals expecting TrickBot to resurge, these efforts can more accurately be described as “kneecapping” the botnet than it would be to say they “cut off its head.”
This Russian-based botnet has hijacked an estimated one million devices and is believed to be intended to disrupt the 2020 election through strategic ransomware attacks and infections.
After the 2016 U.S. Presidential election, cybersecurity professionals were on the alert for cybercriminal organizations seeking to manipulate or invalidate the election. Microsoft has already alerted election officials of hacking collectives based in Russia, Iran, and China that were targeting both the candidates and the election infrastructure.
When it came to TrickBot and interrupting its operational command, operators from the National Security Agency, Microsoft, and USCYBERCOM were able to send a disconnect command to all the zombified devices that made up the botnet. Once that was accomplished, they flooded Trickbot’s database with millions of falsified records.
While TrickBot is still active, this effort actually established a legal precedent. As TrickBot abused Window’s code for its own malicious purposes, Microsoft’s legal team was able to argue that it was in breach of Windows software development kit’s term of service. This meant that TrickBot constituted copyright infringement, and therefore cleared Microsoft to legally take down the Malware as a Service.
What do you think? Will software developers take a stronger stance against hackers that use their code now that the fear of having their software removed is there? How concerned are you about election security?