Intentionally or not, Microsoft has emerged as a kind of internet cop by devoting considerable resources to thwarting Russian hackers. The company’s announcement Tuesday that it had identified and forced the removal of fake internet domains mimicking conservative U.S. political institutions triggered alarm on Capitol Hill and led Russian officials to accuse the company of participating in an anti-Russian “witch hunt.”
Microsoft stands virtually alone among tech companies with an aggressive approach that uses U.S. courts to fight computer fraud and seize hacked websites back. In the process, it has acted more like a government detective than a global software giant.
In the case this week, the company did not just accidentally stumble onto a couple of harmless spoof websites. It seized the latest beachhead in an ongoing struggle against Russian hackers who meddled in the 2016 presidential election and a broader, decade-long legal fight to protect Microsoft customers from cybercrime. “What we’re seeing in the last couple of months appears to be an uptick in activity,” Brad Smith, Microsoft’s president and chief legal officer, said in an interview this week. Microsoft says it caught these particular sites early and that there’s no evidence they were used in hacking.
The Redmond, Washington, company sued the hacking group best known as Fancy Bear in August 2016, saying it was breaking into Microsoft accounts and computer networks and stealing highly sensitive information from customers. The group, Microsoft said, would send “spear-phishing” emails that linked to realistic-looking fake websites in hopes targeted victims — including political and military figures — would click and betray their credentials. The effort is not just a question of fighting computer fraud but of protecting trademarks and copyright, the company argues.
One email introduced as court evidence in 2016 showed a photo of a mushroom cloud and a link to an article about how Russia-U.S. tensions could trigger World War III. Clicking on the link might expose a user’s computer to infection, hidden spyware or data theft. An indictment from U.S. special counsel Robert Mueller has tied Fancy Bear to Russia’s main intelligence agency, known as the GRU, and to the 2016 email hacking of both the Democratic National Committee and Democrat Hillary Clinton’s presidential campaign. Some security experts were skeptical about the publicity surrounding Microsoft’s announcement, worried that it was an overblown reaction to routine surveillance of political organizations — potential cyberespionage honey pots— that never rose to the level of an actual hack.
The company also used its discovery as an opportunity to announce its new free security service to protect U.S. candidates, campaigns and political organizations ahead of the midterm elections. But Maurice Turner, a senior technologist at the industry-backed Center for Democracy and Technology, said Microsoft is wholly justified in its approach to identifying and publicizing online dangers. Companies including Microsoft, Google and Amazon are uniquely positioned to do this because their infrastructure and customers are affected.
As industry leaders, Microsoft’s Windows operating systems had long been prime targets for viruses when in 2008 the company formed its Digital Crimes Unit, an international team of attorneys, investigators and data scientists. The unit became known earlier in this decade for taking down botnets, collections of compromised computers used as tools for financial crimes and denial-of-service attacks that overwhelm their targets with junk data. A security firm, Trend Micro, identified some of the same fake domains earlier this year. They mimicked U.S. Senate websites, while using standard Microsoft log-in graphics that made them appear legitimate, said Mark Nunnikhoven, Trend Micro’s vice president of cloud research.
Microsoft has good reason to take them down, Nunnikhoven said, because they can hurt its brand reputation. But the efforts also fit into a broader tech industry mission to make the internet safer. “If consumers are not comfortable and don’t feel safe using digital products,” they will be less likely to use them, Nunnikhoven said.