Microsoft disrupts Fancy Bear election meddlers

Of all the battles Microsoft has fought over the decades, its pursuit of the alleged Russian Fancy Bear hacking group is turning into one of the most intriguing.

In a new skirmish mentioned by Microsoft’s president and chief legal officer Brad Smith, Microsoft’s Digital Crimes Unit (DCU) recently took control of six internet domains that were about to be used by the group to spoof US political organisations.

These included two mimicking US think tanks – the International Republican Institute and the Hudson Institute – plus three that appeared to be about to target services connected to the US Senate.

The motive? Politics of course:

We’re concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections.

But it was the final domain, impersonating Office 365 and OneDrive, that must have waved a red flag inside Microsoft – going after US democracy is bad enough but going after Microsoft brought trouble even closer to home.

Of all the battles Microsoft has fought over the decades, its dogged pursuit of the Russian Fancy Bear hacking group is rapidly turning into one of the most intriguing.

Two years ago, Microsoft sued Fancy Bear, the first time anyone had ever tried legal action against a hacking group in any context, let alone one with no business address and whose members or employees remain a mystery.

Microsoft has also gone out of its way to namecheck the group’s victims, which include the Democratic National Committee (DNC), the German parliament, French TV, the World Anti-Doping Agency, the Ukrainian military, and many others.

But the important moment was the setting up of the Defending Democracy Program earlier this year, out of which has emerged AccountGuard, a free service that it says will defend political candidates at national, state and local levels of US democracy from hackers.

For most of its existence, Microsoft has skirted around politics as much as possible. With alleged Russian hacking banging on the door of US elections, some will say the company has picked a good moment to change course.