Russian Hackers Targeted U.S. Political Groups, Microsoft Says
DAVID GREENE, HOST:
Russian hackers who sought to influence the 2016 election here in the United States indeed appear to be at it again. The group is now targeting the U.S. Senate and conservative think tanks. This is according to Microsoft, which said early this morning that it discovered and disabled six misleading websites. They were apparently created by the group APT28, also known as Fancy Bear. That group, which has ties to the Kremlin, was active during the 2016 election. Cybersecurity researchers have blamed it for the hack of John Podesta's email account. He was serving as Hillary Clinton's campaign chairman. Elizabeth Dwoskin covers Silicon Valley for The Washington Post and has been reporting on this. I spoke with her earlier this morning, and I asked what exactly Microsoft discovered.
ELIZABETH DWOSKIN: Well, Microsoft discovered six websites. Now, remember, Microsoft is managing one of the largest corporate email programs in the world, so they really care about phishing attacks. Now, when you open up your email and you click on a link and then you're taken to a website - you know, you think it's an email from a trusted person, and then you're taken to a website that is loaded up with malware and...
GREENE: And stealing stuff from me if I'm...
DWOSKIN: It's going to take your credentials.
DWOSKIN: Yup, exactly. And so this wasn't like what we saw with the Russian IRA, Russian operatives on Facebook, where they're actively creating these pages that are trying to sow divisive messages in the U.S. political pages. This was different. These were going to be set up as impersonation pages for the U.S. Senate and also for two prominent think tanks, as well.
GREENE: Oh, I see. So this would be kind of, in theory, luring me in. If I was going to look at something on a conservative think tank or on the U.S. Senate website, I might accidentally go to one of these sites, and they could somehow phish me and start collecting data from my stuff.
DWOSKIN: Yeah, that's what it looked like it was about to be. It didn't get to that point, or at least, Microsoft didn't know of any attack that has been staged from these pages. But it was these pages, they said, had ties to the group that is publicly linked to the Russian intelligence agency. And so it really shows how active these efforts are to meddle in our democracy two months ahead of the midterms.
GREENE: Well, Microsoft says that they've actually been tracking this group for a couple years now. So what is the timing of this? Why speak out about this now?
DWOSKIN: Yeah, I thought that was fascinating. That was, like, one of my biggest questions for them is, why now? Because they said they've found actually 84 websites associated with the group for the last two years. And the reason for the why now is that they've seen an uptick in activity leading into the midterms, which is scary, but I think it's also more that tech companies right now - Silicon Valley as a whole - is wrestling with how to be more public, how to be more transparent. These are - tend to be really secretive, competitive companies. How do they be more transparent about the threats against them and the way their own systems might be weaponized?
And remember; it's frightening because here you are, naming a foreign country and a foreign government, potentially making yourself into a bigger target, and just getting involved in these geopolitical issues that you're not used to. It also could make you look bad if you were the subject of an attack. So it's very risky for them. But Microsoft's president, who I interviewed today, he said that they feel like it's an imperative now, which is what the companies are kind of stretching towards.
GREENE: And I'm sure we might be hearing more of this in the months leading up to the midterms. It sounds like Russia is still at it. Elizabeth Dwoskin of The Washington Post, thanks so much for talking to us this morning. We really appreciate it.
DWOSKIN: Thanks for having me, David.
NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.