Microsoft takes down a risk to the election, and finds the U.S. doing the same

click to enlarge Voters cast their ballots on the first day of early voting in Adel, Iowa, on Monday, Oct. 5, 2020. U.S. officials fear ransomware attacks could be used to lock up voting registration, tabulation and certification systems in November. - KATHRYN GAMBLE/THE NEW YORK TIMES
Kathryn Gamble/The New York Times
Voters cast their ballots on the first day of early voting in Adel, Iowa, on Monday, Oct. 5, 2020. U.S. officials fear ransomware attacks could be used to lock up voting registration, tabulation and certification systems in November.
By David E. Sanger and Nicole Perlroth
The New York Times Company


Microsoft and a team of companies and law enforcement groups have disabled — at least temporarily — one of the world’s largest hacking operations, an effort run by Russian-speaking cybercriminals that officials feared could disrupt the presidential election in three weeks.

But as soon as Microsoft began dismantling the operations last week, seeking to cripple a network of infected computers known as TrickBot that has been used to paralyze computer systems with ransomware attacks, it discovered that someone else was trying to do the same thing.


In a separate but parallel effort — which was apparently not coordinated with Microsoft — U.S. Cyber Command, the military cousin to the National Security Agency, had already started hacking TrickBot’s command and control servers around the world late last month, according to two government officials.

The one-two punch painted a picture of the accelerating cyberconflict underway in the final weeks before the elections. Cyber Command, following a model it created in the 2018 midterm elections, kicked off a series of covert preemptive strikes on the Russian-speaking hackers it believes could aid President Vladimir Putin in disrupting the casting, counting and certifying of ballots this November. Meanwhile, Microsoft, Symantec and other American companies are doing the same.

TrickBot is their biggest target yet. A vast network of infected computers, known as a botnet, TrickBot has been used for everything from stealing people’s online banking credentials to attacking towns, cities and hospitals with ransomware, malware that locks up victims’ computers until they pay a ransom, often in Bitcoin. So far, TrickBot has not been directed at voting infrastructure, officials say. But it would be well suited to turn against the offices of the secretaries of state who certify tallies, vulnerable voter registration systems or electronic poll books, the records that allow people to vote.

“Just imagine that four to five precincts were hit with ransomware on Election Day,” said Tom Burt, the Microsoft executive overseeing the team that has been dismantling TrickBot.


“Talk about throwing kerosene on this unbelievable discussion of our elections and about whether the results are valid or not,” Burt said. “It would be a huge story. It would churn on forever. And it would be a huge win for Russia. They would be toasting with vodka well into the next year.”

“That is a risk I want to take out,” he said.

Colville Corn Maze & Pumpkin Patch @ Colville Corn Maze & Pumpkin Patch

Through Oct. 31, 11 a.m.-7 p.m.
  • or