Microsoft Says It Thwarted Attack By Russian Hackers
DAVID GREENE, HOST:
Well, this morning we can put aside any lingering doubts we had about whether Russia is still trying to meddle in U.S. politics. A group with Kremlin ties that tried to influence the 2016 election is at it again. This time, their targets include conservative think tanks. The group is APT28, also known as Fancy Bear. In 2016, they were blamed for, among other things, targeting Hillary Clinton's campaign. This latest attack was announced by Microsoft, which said early this morning it had discovered and disabled six misleading websites set up by Fancy Bear. And we are joined right now by Microsoft's president and chief legal officer, Brad Smith. Mr. Smith, thanks for coming on the program. I know it's probably been a busy morning for you.
BRAD SMITH: No, thank you.
GREENE: Can you just start by telling me about one of these fake sites? What did it look like, and what do you think this Russian group was trying to do with it?
SMITH: Well, what this group does is it registers for a fake domain name, but it chooses a name that is designed to look like a real site. It then makes it look like an Internet support site for an organization like a conservative think tank, in this instance. It would then send emails to board members or employees of, say, this think tank telling them that there is a problem with their email account, and they need to go to this site to address it. When they get to the site, they see, typically, a page that looks just like a page of their employer where they work. They're asked to enter their password. And then their credentials are harvested, so to speak. This group has their password. It's able to access their email account. It's able to get into the entity's network and start finding other documents. And that is, in essence, what was done repeatedly in 2016 in the United States. It's what was attempted in the French presidential election last year, as well.
GREENE: And so it's the same model they seem to be using. So does it look like this is somehow politically motivated? I mean, if this group was trying to go after people who were logging onto conservative websites, does that mean they're - this group is now trying to focus on Republicans or conservatives here?
SMITH: Well, we - it clearly suggests they're focusing on conservative groups. One of the groups is the International Republican Institute. It has six Republican senators among the board members. So clearly, there is an effort here to focus on and target these Republican groups. Obviously, we can't speak for what exactly was intended, but I think we can conclude that it wasn't for the advancement of American democracy.
GREENE: That looks like it's clear. Well, I - how closely did you work with U.S. intelligence on this?
SMITH: We cooperate closely with the law enforcement and government agencies here in the United States and a number of other countries all the time. This particular effort that we undertook was undertaken by Microsoft. We have a world-leading threat intelligence service ourselves. We identified these sites. We went to court. It's the 12th time we've been able to get - go to court, get an order. And then that enables us to transfer control of these kinds of sites to our own digital crimes unit.
GREENE: And you did that in time, right? I mean, there's...
SMITH: So we took action ourselves.
GREENE: There's no evidence that they were successful in getting any logging credentials or actually successfully phishing, right?
SMITH: And that's an important point. In this particular instance, we believe we were able to act quickly enough that these specific sites were not used successfully. And both the International Republican Institute, the Hudson Institute have responded, you know, very quickly, very strongly. And we're now working with a new effort to - across the board, to help secure candidates and campaigns with an eye to this November's elections.
GREENE: You mentioned that you have shut down some of these sites before. You've never come out so publicly with a real public relations push to talk about what you're doing. Talk to me about the timing of that. I mean, the first thing I wondered was whether you regret maybe not doing enough to protect users in the past, and you really want to be out there in front of this saying, you know, hey, we're doing a lot here.
SMITH: Well, I think we're all coming to the conclusion that the kinds of Russian-sponsored attacks that we started to see in 2016 have been even broader than we first thought. That's across the tech sector. That's across this country. And if you're going to stand up successfully and defend a democracy against these kinds of foreign attacks, we need to bring people together. And we can only bring people together if everyone is in the know about what's going on. And this is an important moment across political parties, across the political community and with the tech sector, where, with more knowledge, we can start to take broader and more systemic steps to respond to these kinds of problems.
GREENE: They sound like very lofty goals for a company to have, to play such a sizable role in, you know, as you say, protecting democracy.
SMITH: Well, I would say two things. We are in the business every day of protecting our customers. That's what we do for consumers. That's what we do for large enterprise customers. With an account guard initiative we're launching today, we're providing politicians and campaigns and political parties and think tanks with the kind of customer protection that our largest customers would get. And we're providing it at no extra cost. And I think that does reflect the second aspect. It's really the point you allude to. When we live in a democracy, we can't take it for granted. We all have an individual responsibility to step up and do what it takes.
GREENE: And we'll have to, sadly, leave it there, Brad Smith. I apologize. Microsoft's president and chief legal officer. Thanks.
SMITH: OK. Thank you. Transcript provided by NPR, Copyright NPR.