Could nation-state hackers target your email? Microsoft thinks so

ElectionGuard
Image credit: Microsoft
(Image credit: Microsoft)

Microsoft has shown off the first voting system to make use of its ElectionGuard technology, which is designed to prevent tampering with elections, while revealing some alarming statistics about how many normal people – not just business customers – have been targeted by nation-state sponsored cyber-attacks.

The worrying truth is that Microsoft says it has notified almost 10,000 customers that they have either been targeted, or actually compromised, by a nation-state attack.

While 84% of these attacks were against enterprise customers, 16% were aimed at the personal email accounts of everyday consumers. So that represents over 1,500 people who have been hit (or could have been hit) with such cyber-attacks.

The majority of these attacks originated in Iran, North Korea and Russia, Microsoft observes. And while this data has been shared as part of a blog post underlining how democracies around the world are under attack – and could be defended by ElectionGuard, naturally – the software giant does admit that the majority of the cited incidents are unrelated to any democratic process.

Although the company then reminds us: “But let’s be clear – cyber-attacks continue to be a significant tool and weapon wielded in cyberspace. In some instances, those attacks appear to be related to ongoing efforts to attack the democratic process.”

And furthermore, since the launch of AccountGuard – another prong in Microsoft’s Defending Democracy Program – almost a year ago now, the company has picked up 781 notifications of nation-state attacks.

These attacks are targeting organizations using AccountGuard, which is specifically a threat notification service for political parties and NGOs (and currently covers 26 countries across the globe).

US under attack

And of these particular politically-motivated attacks, no less than 95% of them have been aimed at US-based organizations. This is a worrying statistic, and Microsoft further observes: “By nature, these organizations are critical to society but have fewer resources to protect against cyber-attacks than large enterprises.”

We first witnessed the ElectionGuard SDK being wheeled out at Build 2019 earlier this year, with Microsoft boasting that it offers not just protection from potential election tampering, but that it’ll also make voting systems more accessible to everyone.

The demo of ElectionGuard is happening at the Aspen Security Forum in Colorado, which runs until July 21, with the system running on a Microsoft Surface tablet with an Xbox Adaptive Controller that can be optionally used for input, and a bog-standard printer.

Microsoft states: “ElectionGuard is free and open-source and will be available through GitHub as an SDK later this summer. This week’s demo is simply one sample of the many ways ElectionGuard can be used to improve voting, and the final SDK will also enable features like Risk Limiting Audits to compare ballots with ballot counts and other post-election audits.”