Washington D.C. – Microsoft made it official on Sept. 10, 2020, that they’ve detected cyber-attacks targeting people and organizations involved in the upcoming presidential election, and unsuccessful attacks on people associated with both the Trump and Biden campaigns.
The statement reads, “The activity we are announcing today makes clear that foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated, and is consistent with what the U.S. government and others have reported.”
Microsoft’s security analyst observed Russian, Chinese, and Iranian malicious activity.
The Russian hacking group “Strontium” was observed attacking more than 200 American based political organizations, their consultants and several social advocacy groups. But Strontium isn’t new; Microsoft reported their digital interference in American politics back in 2018 when they announced that foreign entities were launching cyber strikes to disrupt elections and sow discord by spreading disinformation via social media and tampering with voting systems.
The attacks were so frequent that Microsoft’s Digital Crimes Unit (DCU) successfully executed a court order to disrupt and transfer control of six internet domains created by the Strontium group that has been widely associated with the Russian government.
The Chinese group “Zirconium” has attacked several high profile individuals associated with the 2020 election, including people associated with the Joe Biden for President campaign and prominent international affairs community leaders. Zirconium is using what’s called “web bugs,” or “web beacons,” tied to a domain they purchased and populated with content. The actor then sends the associated URL in either an email, text or an attachment to a targeted account.
Microsoft has detected attacks from Zirconium between March 2020 and Sept. 2020 resulting in nearly 150 successful compromises. Its targets have included individuals in two categories:
- People closely associated with U.S. presidential campaigns and candidates. It appears to have indirectly and unsuccessfully targeted the Joe Biden for President Campaign through non-campaign email accounts belonging to people affiliated with the campaign as well as one prominent individual formerly associated with the Trump Administration.
- Prominent individuals in the international affairs community, academics from more than 15 universities and accounts tied to 18 international affairs and policy organizations, including the Atlantic Council and the Stimson Center.
Lastly, the Iranian group “Phosphorus” continues to focus the majority of their cyber-attacks towards the personal accounts of individuals associated with the Donald J. Trump for President Campaign. Phosphorus operates from Iran and has operated espionage campaigns targeting a wide variety of organizations traditionally tied to geopolitical, economic or human rights interests in the Middle East region. Phosphorus has attempted to access the personal or work accounts of individuals involved directly or indirectly with the U.S. presidential election between May and June 2020. Phosphorus has unsuccessfully attempted to log into the accounts of administration officials and Donald J. Trump for President Campaign staff.
Threats to the digital integrity of our voting system and infrastructure are so serious that Microsoft created the Defending Democracy Program in April 2018, with the four priorities focus of:
- Protecting campaigns from hacking
- Protecting the American voting and the electoral process
- Increasing political advertising transparency
- Defending against disinformation campaigns
As of Sept. 10, the Trump Campaign has its campaign team bombarding local election officials in swing states, digging for details on vote-counting and hinting to the possibility that the Trump Campaign may be gearing up for a potential legal fight over mail-in ballots. The Trump campaign is pushing for particulars on everything from ballot storage to volunteer vetting through personal outreach — to include any written correspondence. At least two key states (Wisconsin and Georgia) say that local officials have received questionnaires from the Trump team asking how ballots will be verified, how staffers will be deployed and for a description of the envelopes that will house the ballots.
According to Reid Magney, spokesman for the Wisconsin Elections Commission, more than 1,800 municipal clerks in Wisconsin received a document that resembled a public records request but turned out to be official correspondence from the Trump Victory team seeking voting data. In Georgia, county officials received a 59-question document from the President’s re-election team that detailed how the state’s mail-in system will be structured at every level.
One question on the list asked if there was a way to tell if a ballot was sent by a Democrat or a Republican.
Other questions ask if the remote voting process is trustworthy, demanding information on how officials will prevent voters from voting twice (once by mail and once in person) — which is what Trump has encouraged his supporters to do in efforts to ‘test’ the system during a North Carolina tele-rally. They even inquire about what happens in the event of a recount, asking where and how ballots that have already been counted are stored in case they need to be counted again and how quickly they will be processed in that scenario.
What does this all mean? Vox.com paints a clear picture of how voting sabotage is possible in the November election. Marrying the digital hacks, civil unrest in the streets and personal use of the militarized police as American law enforcement makes a second term highly possible for President Trump. Imagine, come-the-end of election night, a large number of mail ballots have yet to be tallied, and Trump is either enjoying a narrow lead over Joe Biden, or he’s behind by a landslide. Before all the votes can be counted via a process that could take days, Trump can easily either declare victory, or he can cry foul and start the litigation process to contest the legitimacy of the voting process overall — citing irregularities with mail-in votes.
This doesn’t include the potential difficulties that many American citizens may face as a result of the unprecedented circumstances of COVID-19 mandates that may lead to a restriction on in-person voting poll locations, voter ID restrictions for some disenfranchised citizens and weeks of contested results. Should Trump make baseless claims of voter fraud, he’s paving the way for litigation in key states; and he can refuse to turn over the Whitehouse to The Biden/Harris administration should they win the election.