Threat Intelligence

Wyden warns foreign gov’t cyberattacks aimed at personal accounts of senators, aides

The personal email accounts of senators and their aides are in the crosshairs of nation-state hackers, Sen. Ron Wyden, D-Ore., warned Senate leaders in a letter that took the body’s security office to task for failing to safeguard them.

Noting that “at least one major technology company” had notified some senators and their aides that “foreign government hackers” had taken aim at their accounts, Wyden said the U.S. Senate Sergeant at Arms (SAA) claimed its hands were tied because it wasn’t authorized to see to the security of personal accounts.

"The November election grows ever closer, Russia continues its attacks on our democracy, and the Senate simply does not have the luxury of further delays," Wyden wrote, urging action, and saying that “the 2016 election made it clear that foreign governments, including Russia, are leveraging cyberspace to target the fundamental pillars of American democracy.” The administration, he said, has confirmed that Russia continues its hacking and influence campaigns.

“But our adversaries do not limit their cyberattacks to elections infrastructure or even to official government accounts and devices,” the senator said in the letter made available by the Associated Press. “They are also targeting U.S. officials’ personal accounts and devices.”

In August, Microsoft said it had shut down six websites created by the Russian Fancy Bear cybercrime gang targeting members of the U.S. Senate and conservative think tanks and potentially intended to launch cyberattacks.

The tech giant petitioned a judge in the Eastern District of Virginia to take control of the sites, some of which used misleading domains such as “senate.group," and "adfs-senate.email."

Microsoft confirmed the domains, which also included those meant to look like they were generated by the conservative think tank Hudson Institute and could have been used for spearphishing, were linked to "the Russian government and known as Strontium, or alternatively Fancy Bear or APT28."

In a blog post at the time, Microsoft President Brad Smith wrote, "Attackers want their attacks to look as realistic as possible and they, therefore, create websites and URLs that look like sites their targeted victims would expect to receive email from or visit.”

At the Aspen Security Forum in July – on the same day that GOP members of the House voted not to renew additional funding for election security – the company recounted its efforts to help the U.S. government fend off attempts by Russia to hack into the campaigns of three congressional candidates earlier this year.

Keying on candidates “who, because of their positions, might have been interesting targets from an espionage standpoint as well as an election disruption standpoint,” Microsoft Vice President for Customer Security Tom Burt said the hackers volleyed phishing attacks at campaign staffers, hoping to lure them to a fake Microsoft domain and nick their credentials.

"Earlier this year, we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks," Burt told forum attendees, explaining the metadata “suggested” the attacks were aimed at three midterm election hopefuls.

“Given the significance of this threat, I was alarmed to learn that SAA cybersecurity personnel apparently refused to help senators and Senate staff” guard against attacks, said Wyden. “The SAA informed each senator and staff member who asked for help that it may not offer cybersecurity assistance for personal accounts.”

Wyden called on his colleagues to support his legislation “to permit the SAA to provide cybersecurity assistance to senators and staff, on an opt-in basis, for their personal devices and accounts.”

He also asked Senate leaders to “poll senators and staff in your respective caucuses to determine how many of them have been notified by major technology companies that their accounts were targeted by foreign government hackers.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.