August 21, 2018

Microsoft to take down domain names maligning U.S. elections

The decision was taken after Microsoft was given orders by the court, as a result of persistent efforts from the tech giant’s Digital Crimes Unit.

Zoho CRM

Tech giant Microsoft have been granted permission by the court to take down domain names with the aim of disrupting elections in the U.S. With this move, Microsoft will be pulling out 6 domain names created by a group associated with the Russian government, known as Strontium, or alternatively Fancy Bear or APT28.

Microsoft say that they had launched the Defending Democracy Program early last year to combat cyber attacks and foreign interference. Shortly after its launch, Microsoft claim that their Digital Crimes Unit has been successful in identifying anti-national domain names 12 times in two years only to shut down 84 such fake websites associated with the Russian group Strontium.

According to Microsoft, the order given by the court transferred control of the 6 domain names from Strontium to Microsoft. This decision, Microsoft claim, will prevent Strontium from using them and enable Microsoft to look more closely for evidence with respect to Strontium’s intentions.

Microsoft have revealed the six domain names as these:


Speaking about this, Brad Smith, President and Chief Legal Officer at Microsoft, commented:

We have now used this approach 12 times in two years to shut down 84 fake websites associated with this group. Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit. The sites involved in last week’s order fit this description.

Microsoft say that these domain names appear to mimic the domain name of the International Republican Institute, which promotes democratic principles and is led by a notable board of directors, including 6 Republican senators and a leading senatorial candidate. In closing, Microsoft cleared the air by saying that they have no evidence that reveals the identity of the targets of planned attacks involving these domains.