Microsoft goes after “largest botnet in the world,” citing trademark law

In the days leading up to the 2016 election in the United States, there were several nation-run and sanctioned efforts from various international actors used to interfere with the election at the time. Through investigations, it would seem the most prominent actors perpetrating targeted misinformation attacks aimed at American voters were Russian based aggressors.

As the 2020 election cycle winds down to a close with a US voting date just weeks out, Microsoft managed to disrupt a repeated effort by a Russian criminal botnet to lock up voter registration systems.

According to the Washington Post, “Microsoft has taken legal steps to dismantle one of the world’s largest botnets, an effort it says is aimed at thwarting criminal hackers who might seek to snarl up state and local computer systems used to maintain voter rolls or report on election results.”

Specifically, Microsoft was able to get a federal judge from the Eastern District of Virginia to grant them access to take on the infamous global Trickbot botnet network and jam up their efforts to mess with US elections in the coming weeks. Microsoft’s newly granted order allows them to seize Internet addresses from eight hosting providers that were leveraged in the US by utilizing a workaround that includes claiming copyright infringements for the botmasters who used malware that included Microsoft code. In addition, Microsoft was also allowed to block efforts by operators to lease or buy replacement servers thus mitigating Trickbot’s ability to reassert its malware computer army’s strength in time for the November 3rd election date.  Microsoft is looking to replicate its success in other countries to further cripple Trickbot’s network.

While not the most sophisticated implementation, Trickbot’s growing number of malware-infected PCs used to launch malicious software or ransomware on healthy computers, is troubling to US officials. Moreover, with governors limiting the number of voting precincts leading up to voting day, one successful attack from Trickbot’s previous efforts could have invalidated the voting ballots for entire counties within a state, putting an already fraught election cycle into more turmoil.  Tom Burt, Microsoft’s VP of customer security and trust echoes the fears many responsible for maintaining election integrity are concerned with Trickbot’s attempts.

“Having just a few precincts report that they got disrupted and locked up and people couldn’t vote or their ballots can’t be counted — it’d just be pouring kerosene on the fire.”

While successful this go around, Trickbot is nowhere close to being finally dealt with and it’s proven itself resourceful and still dangerous as evident by its Ryuk ransomware attack that crippled Universal Health Services in 400 facilities across the US and Britain. Microsoft and government officials will need to remain vigilant over the next few weeks and even into the new year as ballot counting and recording and practically every other facet of voting will be under scrutiny this election cycle.