Another Step in Testing ElectionGuard | Microsoft on the Issues

Another Step in Testing ElectionGuard | Microsoft on the Issues

After the debacle in the Iowa Caucuses early this month (though not directly related due to other circumstances) trust in the voting and election process continues to be under attack both internally and externally. The goal is to get it right, and Microsoft is doing it’s part to make it work for everyone.

Microsoft On the Issues Photo Credit

Feb 17, 2020   |   Tom Burt – Corporate Vice President, Customer Security & Trust

Tomorrow I’ll be in Fulton, Wisconsin, with a team of people from Microsoft taking one of many steps needed to prepare our ElectionGuard technology for broad adoption. Together with election officials from the state of Wisconsin and the election technology company VotingWorks, we will be piloting ElectionGuard in an actual election for the first time.

As voters in Fulton go to their polling place tomorrow to cast ballots in a primary election for Wisconsin Supreme Court candidates, the official count will be tallied using paper ballots as usual. However, ElectionGuard will also provide an encrypted digital tally of the vote that will enable voters to confirm their votes have been counted and not altered. Tomorrow’s pilot is one step in a deliberate and careful process to get ElectionGuard right before it’s used more broadly across the country.

Preparing technology for wide adoption is accomplished through incremental steps that enable iteration and improvement. We first demonstrated an implementation of ElectionGuard to cybersecurity experts and others at the annual Aspen Security Forum last summer. Then, in September, we shared the code for ElectionGuard as an open source project on GitHub so voting machine manufacturers, security researchers and others could begin testing it. We announced a bug bounty program, offering up to $15,000 to people who report security vulnerabilities with ElectionGuard so they can be fixed. The code was also tested for security vulnerabilities by NCC Group. Tomorrow’s pilot gives us the first chance to see ElectionGuard in action in a real election, to assess its performance and observe voter reaction. We hope to learn from this so we can continue to work with election officials in Wisconsin and other states – and with technology partners such as VotingWorks – to improve ElectionGuard. This is by no means the last step in our preparation; we anticipate many more pilots of ElectionGuard technology as we get it ready for prime time.

To be clear, the biggest credit for tomorrow’s pilot goes to the Wisconsin Election Commission and its Administrator Meagan Wolfe, as well as Rock County Clerk Lisa Tollefson for making the decision to try ElectionGuard so they can evaluate it for future use, and to VotingWorks, which designed and built much of the physical voting experience used in Fulton tomorrow. We’ve worked closely with the Commission and VotingWorks in recent months to test the system and voting machines for pilot use tomorrow, to conduct a public test of the machines even before the pilot, and to train polling place workers. We are also grateful to Connie Zimmerman, the Fulton Town Clerk, for enabling and supporting this pilot in the polling place she’s run for years, and to the Fulton Town Board, which voted to approve the pilot…

The rest of the post Another Step in Testing ElectionGuard appeared first on Microsoft on the Issues.

from Microsoft on the Issues https://ift.tt/32amGn2
via IFTTT

Microsoft takes court action against fourth nation-state cybercrime group | Microsoft on the Issues

Microsoft takes court action against fourth nation-state cybercrime group | Microsoft on the Issues

This will become very important as probably the most important election year in my lifetime (I know, this could be said about every election, but…) the need for cybersecurity is critical to the collective survival of the experiment named the United States of America.

Personal emphasis.

On December 27, a U.S. district court unsealed documents detailing work Microsoft has performed to disrupt cyberattacks from a threat group we call Thallium, which is believed to operate from North Korea. Our court case against Thallium, filed in the U.S. District Court for the Eastern District of Virginia, resulted in a court order enabling Microsoft to take control of 50 domains that the group uses to conduct its operations. With this action, the sites can no longer be used to execute attacks.

Microsoft’s Digital Crimes Unit (DCU) and the Microsoft Threat Intelligence Center (MSTIC) have been tracking and gathering information on Thallium, monitoring the group’s activities to establish and operate a network of websites, domains and internet-connected computers. This network was used to target victims and then compromise their online accounts, infect their computers, compromise the security of their networks and steal sensitive information. Based on victim information, the targets included government employees, think tanks, university staff members, members of organizations focused on world peace and human rights, and individuals that work on nuclear proliferation issues. Most targets were based in the U.S., as well as Japan and South Korea.

Like many cybercriminals and threat actors, Thallium typically attempts to trick victims through a technique known as spear phishing. By gathering information about the targeted individuals from social media, public personnel directories from organizations the individual is involved with and other public sources, Thallium is able to craft a personalized spear-phishing email in a way that gives the email credibility to the target. As seen in the sample spear-phishing email below, the content is designed to appear legitimate, but closer review shows that Thallium has spoofed the sender by combining the letters “r” and “n” to appear as the first letter “m” in “microsoft.com.”

Phishing example

The link in the email redirects the user to a website requesting the user’s account credentials. By tricking victims into clicking on the fraudulent links and providing their credentials, Thallium is then able to log into the victim’s account. Upon successful compromise of a victim account, Thallium can review emails, contact lists, calendar appointments and anything else of interest in the compromised account. Thallium often also creates a new mail forwarding rule in the victim’s account settings. This mail forwarding rule will forward all new emails received by the victim to Thallium-controlled accounts. By using forwarding rules, Thallium can continue to see email received by the victim, even after the victim’s account password is updated

The rest of the post Microsoft takes court action against fourth nation-state cybercrime group appeared first on Microsoft on the Issues.

from Microsoft on the Issues https://ift.tt/2u0C4Fj
via IFTTT

New cyberattacks targeting sporting and anti-doping organizations | Microsoft on the Issues

New cyberattacks targeting sporting and anti-doping organizations | Microsoft on the Issues

Today we’re sharing that the Microsoft Threat Intelligence Center has recently tracked significant cyberattacks originating from a group we call Strontium, also known as Fancy Bear/APT28, targeting anti-doping authorities and sporting organizations around the world. As the world looks forward with anticipation to the Tokyo Summer Games in 2020, we thought it important to share information about this new round of activity.

At least 16 national and international sporting and anti-doping organizations across three continents were targeted in these attacks which began September 16th, just before news reports about new potential action being taken by the World Anti-Doping Agency. Some of these attacks were successful, but the majority were not. Microsoft has notified all customers targeted in these attacks and has worked with those who have sought our help to secure compromised accounts or systems.

This is not the first time Strontium has targeted such organizations. The group reportedly released medical records and emails taken from sporting organizations and anti-doping officials in 2016 and 2018, resulting in a 2018 indictment in federal court in the United States…

You can protect yourself from these types of attacks in at least three ways. We recommend, first, that you enable two-factor authentication on all business and personal email accounts. Second, learn how to spot phishing schemes and protect yourself from them. Third, enable security alerts about links and files from suspicious websites.

The rest of the post New cyberattacks targeting sporting and anti-doping organizations appeared first on Microsoft on the Issues.

from Microsoft on the Issues https://ift.tt/34a9tds
via IFTTT

Recent cyberattacks require us all to be vigilant | Microsoft on the Issues

Recent cyberattacks require us all to be vigilant | Microsoft on the Issues

Today we’re sharing that we’ve recently seen significant cyber activity by a threat group we call Phosphorus, which we believe originates from Iran and is linked to the Iranian government. We’re sharing this for two reasons. First, it is important that we all – governments and private sector – are increasingly transparent about nation-state attacks and efforts to disrupt democratic processes. Second, while we have processes to notify customers about nation state activity and have AccountGuard to monitor accounts of campaigns and other associated organizations related to election processes in democracies around the world, publishing this information should help others be more vigilant and take steps to protect themselves.

In a 30-day period between August and September, the Microsoft Threat Intelligence Center (MSTIC) observed Phosphorus making more than 2,700 attempts to identify consumer email accounts belonging to specific Microsoft customers and then attack 241 of those accounts. The targeted accounts are associated with a U.S. presidential campaign, current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran. Four accounts were compromised as a result of these attempts; these four accounts were not associated with the U.S. presidential campaign or current and former U.S. government officials. Microsoft has notified the customers related to these investigations and threats and has worked as requested with those whose accounts were compromised to secure them.

Phosphorus used information gathered from researching their targets or other means to game password reset or account recovery features and attempt to take over some targeted accounts. For example, they would seek access to a secondary email account linked to a user’s Microsoft account, then attempt to gain access to a user’s Microsoft account through verification sent to the secondary account. In some instances, they gathered phone numbers belonging to their targets and used them to assist in authenticating password resets.

The rest of the post appeared on Recent cyberattacks require us all to be vigilant from Microsoft On The Issues via IFTTT.