In what could become a regular occurrence, Microsoft on Tuesday said the company thwarted phishing attacks that it believes originated from Russia that targeted the U.S. Senate and two conservative think tanks, the Hudson Institute and the International Republican Institute.
Several weeks after Facebook said it foiled a politically motivated hack in the months leading up to the midterm elections, Microsoft said it executed a court order to shutter six websites created in recent weeks by a group tied to Russian intelligence, known by the names Strontium, Fancy Bear, and APT28.
In a blog post, Microsoft (MSFT) President Brad Smith said the attempted attack is fresh evidence that “democracies around the world are under attack.” In an interview with MSNBC, Smith said “everyone across the political spectrum” is at risk. Microsoft security executive Tom Burt warned as much last month when he said hackers who meddled in the 2016 elections are going after the campaigns of at least three candidates, including Sen. Claire McCaskill (D., Mo.).
Get used to it.
The interesting twist in all this is that tech companies aren’t just alerting the public to cyber-threats but improving their standing among customers, partners, and–yes–investors. “There is no question a Microsoft or Facebook improves their brand,” Jessica Ortega, a security analyst at SiteLock, tells Barron’s. “Trust is a major issue for them as we get closer to November” elections.
Take July 31, for instance, when Facebook said it shut down 32 “inauthentic behavior” pages and accounts designed to inflame social and political tensions in the U.S. that were similar to those of Russian accounts during the 2016 election. Its stock, which had been in freefall after it issued a stunningly weak financial outlook, has since stabilized.
Cyber-security experts are bracing for more of the same briefings in the months leading up to the 2018 midterms and well beyond. The heightened threats aren’t just from Russia, but Iranian agents reacting to sanctions, Chinese adversaries, and domestic groups from all political persuasions. And the attacks are cheap and effective in infiltrating vulnerable computer systems.
“Nation-state espionage isn’t going to decrease anytime soon,” Sean Sullivan, an adviser to F-Secure, tells Barron’s.
The specter of more-sophisticated digital intrusions isn’t just confined to Microsoft and Facebook (FB). The urgency of the matter was underscored in a May 23 meeting at Facebook’s Menlo Park, Calif., headquarters attended by representatives from the company, Amazon (AMZN), Apple (AAPL), Alphabet’s (GOOGL) Google, Microsoft, Verizon Communications (VZ) division Oath, Snap (SNAP), and Twitter (TWTR), according to two people with knowledge of the meeting who were not authorized to speak. The eight companies met with Christopher Krebs, an under-secretary for the Department of Homeland Security (DHS), and a representative of the FBI’s “foreign influence” task force.
Facebook has been playing defense against a relentless onslaught of “well-funded adversaries” to its platform, CEO Mark Zuckerberg said in a conference call following its Q2 results on July 25. Prior to the latest episode, 126 million Americans may have seen Russian-backed political content on Facebook over a two-year period, with another 16 million people affected on its Instagram photo-sharing app.
The company continues to coordinate efforts by people-led investigation teams, combined with automated detection and removal of fake accounts through machine learning and artificial intelligence, to restore election integrity.
Facebook accounts are far from fake-free, however. About 3% to 4% of the service’s 2.2 billion MAUs—some 77 million profiles—in Q2 2018 and Q1 2018 are fake, according to the company’s quarterly earnings reports. On top of that, another 10% of Facebook profiles are duplicates.
At the same time, as many as 95 million bots posing as legitimate accounts may be among Facebook-owned Instagram’s 1 billion users, according to a new study by research firm Ghost Data, conducted for The Information.
Social-media headaches aside, there are plenty of vulnerable chinks in the U.S. election system itself. Forty-one states are using voter-registration systems more than a decade old, according to a report by New York University School of Law, leaving them potentially vulnerable to hackers.
So what are states to do? Well, there is this radical, albeit tougher-to-tamper, solution that Rhode Island, Virginia, and other states are pursuing: Paper ballots.
Sign up to Review & Preview, a new daily email from Barron’s. Every evening we’ll review the news that moved markets during the day and look ahead to what it means for your portfolio in the morning.