With the 2020 U.S. Election under a month away, there has been a lot of concern that outside interests would try to influence the results. Microsoft has recently disrupted a huge coordinated hacking effort that had designs of altering the election infrastructure needed for a fair and secure election. Let’s take a look at the effort and Microsoft’s response in today’s blog.
The Skinny
Microsoft and The United States Cyber Command (USCYBERCOM) announced early on October 12, 2020 that they took down the servers that fueled an enormous botnet called TrickBot, but walked it back when it was evident that the botnet was resilient enough to stay up even as their central servers were taken down. Industry professionals described the action as “kneecapping” the botnet rather than “cutting off its head”. Most predict TrickBot to make a comeback.
TrickBot has an estimated one million devices that have been hijacked and infected with the botnet’s malicious code. Based out of Russia, it is believed that the TrickBot botnet was intent on deploying strategic ransomware attacks to disrupt the 2020 U.S. Presidential election.
Taking Down TrickBot
After the events of the 2016 U.S. Presidential election, most cybersecurity professionals were on the lookout for cybercriminal organizations looking to influence or interrupt the legitimacy of the election. For their part, Microsoft had already warned election officials that several Russian, Iranian, and Chinese hacking collectives are targeting not only the candidates, but also the election infrastructure itself.
To disrupt the TrickBot’s operational command, Microsoft, USCYBERCOM, and National Security Agency operators were able to send a command to all zombies in the botnet to disconnect themselves after which they were able to flood the TrickBot’s database with millions of false records.
While it is reported that the TrickBot remains active, the unprecedented effort actually set a legal precedent. Microsoft’s legal team successfully argued that TrickBot abused Windows code for malicious purposes, which stands in breach of the Windows software development kit’s terms of service. By successfully arguing that TrickBot was infringing on their copyright, Microsoft got legal clearance to take down the Malware as a Service.
With a legal precedent, now Microsoft, or any other software company can work to mitigate more malware attacks using their software.
Do you think that the election is in danger because of foreign hackers? What should be done about it? Leave your thoughts in the comment section below.
