Abstract
With just shy of a month before the 2020 United States Election, there has been quite a bit of concern over the idea that external interests may try to sway the results—and it seems for good reason. Only recently, Microsoft interrupted a massive coordinated hacking plot that could have altered the very infrastructure needed to support a fair election. Let’s examine this plot, and what Microsoft did, in some more detail.
The Situation
In a joint statement on October 12, 2020, the United States Cyber Command (USCYBERCOM) and Microsoft revealed that an enormous botnet had been discovered and dubbed TrickBot. While the servers that powered the attack were initially taken down, their efforts were walked back when TrickBot proved resilient enough to remain in operation. With many industry professionals expecting TrickBot to resurge, these efforts can more accurately be described as “kneecapping” the botnet than it would be to say they “cut off its head.”
This Russian-based botnet has hijacked an estimated one million devices and is believed to be intended to disrupt the 2020 election through strategic ransomware attacks and infections.
Disarming TrickBot
After the 2016 U.S. Presidential election, cybersecurity professionals were on the alert for cybercriminal organizations seeking to manipulate or invalidate the election. Microsoft has already alerted election officials of hacking collectives based in Russia, Iran, and China that were targeting both the candidates and the election infrastructure.
When it came to TrickBot and interrupting its operational command, operators from the National Security Agency, Microsoft, and USCYBERCOM were able to send a disconnect command to all the zombified devices that made up the botnet. Once that was accomplished, they flooded Trickbot’s database with millions of falsified records.
While TrickBot is still active, this effort actually established legal precedent. As TrickBot abused Window’s code for its own malicious purposes, Microsoft’s legal team was able to argue that it was in breach of Windows software development kit’s term of service. This meant that TrickBot constituted copyright infringement, and therefore cleared Microsoft to legally take down the Malware as a Service.
Therefore, TrickBot establishes the precedent that any software company is free to pursue malware attacks that utilize their software.
What do you think? Will software developers take a stronger stance against hackers that use their code now that the precedent to do so is there? How concerned are you about election security? Let us know in the comments.
ABOUT THE AUTHOR
Rafiq Masri
With over 25 years of experience in Information Technology, Rafiq is one of the most accomplished, versatile and certified engineer in the field. He has spent the past 2 ½ decades administering and supporting a wide range of clients and has helped position Network Management, Inc. as a leader in the IT Managed Services space.
Rafiq has built a reputation for designing, building and supporting top notch IT infrastructures to match the business objectives and goals of his clients.
Embracing the core values of integrity, innovation, and reliability, Rafiq has a very loyal client base with some customer relationships dating back 20+ years.
Rafiq holds a bachelor’s degree in Mechanical Engineering from the University of Michigan and has completed graduate programs in Software Engineering and Business at Harvard and George Mason University. Rafiq is a former founder and CEO of Automation, Inc. in Ann Arbor, Michigan as well as a valued speaker on entrepreneurship and technology at industry events such as ExpoTech and others.