Microsoft shut down a massive malware network in a pre-emptive strike against a group of Russian-speaking hackers. The tech company said they targeted the Trickbot botnet, a network of roughly one million computers infected with malware that hackers could use to launch cyberattacks.
Trickbot has been used in a series of recent ransomware attacks against cities, towns, and hospitals and could have posed a threat to the upcoming presidential election on November 3.
"Just imagine that four to five precincts were hit with ransomware on Election Day," said Tom Burt, the Microsoft executive overseeing the team that has been dismantling TrickBot.
"Talk about throwing kerosene on this unbelievable discussion of our elections and about whether the results are valid or not," Mr. Burt said. "It would be a huge story. It would churn on forever. And it would be a huge win for Russia. They would be toasting with vodka well into the next year."
"That is a risk I want to take out," he said.
To shut down the servers, Microsoft filed legal claims that the criminals were violating the Digital Millennium Copyright Act by using Microsoft's code for malicious purposes. Microsoft obtained a court order to shut down Trickbot's servers and worked with telecom providers around the world to disable the IP addresses associated with the botnet.
As they were dismantling the botnet, they discovered that the U.S. Cyber Command was working on the same thing. Microsoft did not coordinate their plans with the U.S. government.
U.S. Cyber Command has been working around the clock to ensure that bad actors don't interfere with the election.
"Right now, my top priority is for a safe, secure, and legitimate 2020 election," General Paul Nakasone, the head of Cyber Command, told the Washington Post. "The Department of Defense, and Cyber Command specifically, are supporting a broader 'whole-of-government' approach to secure our elections."
Photo: Getty Images