Microsoft uncovers more Russian attacks ahead of midterms

Microsoft said that a hacking group tied to the Russian government created fake Internet domains that appeared to spoof two American conservative organizations. (AP)
Updated 21 August 2018
0

Microsoft uncovers more Russian attacks ahead of midterms

  • The hacking attempts mirror similar Russian attacks ahead of the 2016 election
  • The company is offering free cybersecurity protection to all US political candidates, campaigns and other political organizations

Microsoft said Tuesday it has uncovered new Russian hacking attempts targeting US political groups ahead of the midterm elections.
The company said that a hacking group tied to the Russian government created fake Internet domains that appeared to spoof two American conservative organizations: the Hudson Institute and the International Republican Institute. Three other fake domains were designed to look as if they belonged to the US Senate.
Microsoft didn’t offer any further description of the fake sites.
The revelation came just weeks after a similar Microsoft discovery led Sen. Claire McCaskill, a Missouri Democrat who is running for re-election, to reveal that Russian hackers tried unsuccessfully to infiltrate her Senate computer network.
The hacking attempts mirror similar Russian attacks ahead of the 2016 election, which US intelligence officials have said were focused on helping to elect Republican Donald Trump to the presidency by hurting his Democratic opponent, Hillary Clinton.
This time, more than helping one political party over another, “this activity is most fundamentally focused on disrupting democracy,” Brad Smith, Microsoft’s president and chief legal officer, said in an interview this week.
Smith said there is no sign the hackers were successful in persuading anyone to click on the fake websites, which could have exposed a target victim to computer infiltration, hidden surveillance and data theft. Both conservative think tanks said they have tried to be vigilant about “spear-phishing” email attacks because their global pro-democracy work has frequently drawn the ire of authoritarian governments.
“We’re glad that our work is attracting the attention of bad actors,” said Hudson Institute spokesman David Tell. “It means we’re having an effect, presumably.”
The International Republican Institute is led by a board that includes six Republican senators, and one prominent Russia critic and Senate hopeful, Mitt Romney, who is running for a Utah seat this fall.
Microsoft calls the hacking group Strontium; others call it Fancy Bear or APT28. An indictment from US special counsel Robert Mueller has tied it to Russian’s main intelligence agency, known as the GRU, and to the 2016 email hacking of both the Democratic National Committee and the Clinton campaign.
“We have no doubt in our minds” who is responsible, Smith said.
Microsoft has waged a legal battle with Strontium since suing it in a Virginia federal court in summer 2016. The company obtained court approval last year allowing it to seize certain fake domains created by the group. It has so far used the courts to shut down 84 fake websites created by the group, including the most recent six announced Tuesday.
Microsoft has argued in court that by setting up fake but realistic-looking domains, the hackers were misusing Microsoft trademarks and services to hack into targeted computer networks, install malware and steal sensitive emails and other data.
Smith also announced Tuesday that the company is offering free cybersecurity protection to all US political candidates, campaigns and other political organizations, at least so long as they’re already using Microsoft’s Office 365 productivity software. Facebook and Google have also promoted similar tools to combat campaign interference.


UK warns dual nationals over travel to Iran, as France holds on envoy nomination

Updated 19 September 2018
0

UK warns dual nationals over travel to Iran, as France holds on envoy nomination

  • Britain is seeking the release of Nazanin Zaghari-Ratcliffe, a project manager with the Thomson Reuters Foundation who was arrested in April 2016
  • France will not name a new ambassador to Tehran before getting information from Iran following a foiled plot to bomb an Iranian opposition rally in Paris in June

LONDON: Britain on Wednesday advised British-Iranian dual nationals against all but essential travel to Iran, tightening up its existing travel advice and warning it has only limited powers to support them if detained.

The advisory came in tandem with France’s decision to hold off on appointing a new ambassador to Iran, as it seeks clarification over an attempt to bomb an Iranian opposition rally in Paris in June

“The Foreign Secretary (Jeremy Hunt) has taken the decision to advise against all but essential travel by UK-Iranian dual nationals to Iran,” a foreign office spokeswoman said in an emailed statement.
“British citizens who also hold Iranian nationality face risks if they travel to Iran, as we have seen all too sadly in a number of cases. The Iranian government does not recognize dual nationality, so if a dual national is detained our ability to provide support is extremely limited.”
Earlier this month Britain’s Middle East minister Alistair Burt used a visit to Iran to discuss cases of detained dual nationals, alongside other diplomatic issues.
Britain is seeking the release of Nazanin Zaghari-Ratcliffe, a project manager with the Thomson Reuters Foundation who was arrested in April 2016 at a Tehran airport as she headed back to Britain with her daughter, now aged four, after a family visit.
She was convicted of plotting to overthrow Iran’s clerical establishment, a charge denied by her family and the Foundation, a charity organization that is independent of Thomson Reuters and operates independently of Reuters News.
Meanwhile, France will not name a new ambassador to Tehran before getting information from Iran following a foiled plot to bomb an Iranian opposition rally in Paris last June, French officials said on Wednesday.
An Iranian diplomat based in Austria and three other people were arrested on suspicion of plotting the attack on a meeting of the National Council of Resistance of Iran (NCRI).
Iran has said it had nothing to do with the plot, which it called a “false flag” operation staged by figures within the opposition group itself.
The incident has hit relations just as France and its European partners are seeking to salvage a 2015 nuclear agreement between Tehran and world powers.
France’s ambassador to Iran departed in the summer. Iran has also yet to replace its departed ambassador to Paris.
“We have a charge d’affaires today in Tehran and there is a high-level dialogue between French and Iranian authorities,” said a French presidential source.
“We are working together to bring to light what happened around this event ... I wouldn’t say there is a direct link (in not appointing an ambassador), but Iran has promised to give us objective facts in the coming weeks that would allow us to pursue our diplomatic relationship as it is today.”
A French diplomatic source said the nomination had indeed been suspended as a result of the alleged plot.
France’s Foreign Ministry in August told its diplomats and officials to postpone non-essential travel to Iran indefinitely, citing the plot and a hardening of Tehran’s attitude toward France, according to an internal memo seen by Reuters.
President Emmanuel Macron is likely to discuss the issue with Iranian President Hassan Rouhani when they meet on Sept. 25 on the sidelines of the UN General Assembly, the source said.
Along with Britain and Germany, France is trying save a 2015 agreement on Iran’s nuclear program, which was thrown into disarray when US President Donald Trump pulled out of the accord in May and re-imposed economic sanctions on Iran.
Even so, tensions between Paris and Tehran have grown in recent months as Macron and his government have become increasingly frustrated with Iran’s activities in the Middle East region, in particular its ballistic missile program.