By: Meghan Chilappa

Foreign election interference ahead of the 2020 election is a substantial threat, with law enforcement and national security officials sharing their concerns.[1]  Cybersecurity firms and the U.S. government continue to dismantle cybercriminals that engage in ransomware attacks.[2]  

On Monday, October 12, 2020, Microsoft VP Tom Burt shared that the company disrupted Trickbot, a notorious network believed to be the world’s largest botnet run by Russian cybercriminals.[3]  This followed on the heels of a Friday report that U.S. Cyber Command — an arm of the U.S. military — also participated in a campaign to disrupt Trickbot’s operations.[4]  Both institutions previously shared warnings that Trickbot sows ransomware into U.S. institutions, which is a top threat to the 2020 election.[5]  Ransomware could potentially “lock-up” or freeze election reporting systems and sow chaos into the U.S. electorate.[6]  

In its latest ransomware takedown, Microsoft not only provided in-depth detail of its operation against Trickbot, but also the inner workings of its legal strategy in the U.S. District Court for the Eastern District of Virginia.[7]  For the first time, Microsoft used provisions of The Copyright Act of 1976[8] in its Complaint in order to “disable the IP addresses, render the content stored on the command and control servers inaccessible, suspend all services to the botnet operators, and block any effort by the Trickbot operators to purchase or lease additional servers.”[9]  

The software giant argued that Trickbot abused its copyrights by repurposing its code for its criminal operations and cyber-attacks.[10]  To underline the urgency of the operation, Microsoft explained that Trickbot harms the company because it suffers “monetary loss to its business, reputation, and goodwill. . . Once infected, altered and controlled by Trickbot, the Windows operating system ceases to operate normally and becomes tools for Defendants to conduct their theft.”[11]  VP Burt stated that this novel legal approach allowed Microsoft “to take civil action to protect customers in the large number of countries around the world that have these laws in place.”[12]  

It is too early to tell what the long-term impact of The Copyright Act arguments hold for the IT sector. Cybersecurity experts remain skeptical that this legal strategy will continue to work, given that Trickbot’s super-structure of “1 million zombie computers” operate “behind uncooperative national borders.”[13]  But it may usher in a new era of legal precedent for the private sector around The Copyright Act and the inner-workings of cybercrime disruption efforts.[14]  Microsoft may have disrupted Trickbot’s command-and-control servers in the United States, but the group still appears active outside the United States.[15]   

With less than two weeks until Election Day, foreign election interference campaigns show no signs of slowing down.[16]  U.S. intelligence and law enforcement officials have begun sounding the alarm in a public and transparent way, starting last week.[17]  While transparency and accountability from the government was lacking earlier in the summer,[18] it is now evident that both the government and private sector are collaborating on the threats in real-time.  After intimidating emails, the private sector filling this legal and technical information gap is both noteworthy and also frustrating ahead of the 2020 election, when transparency from government officials and Congress is so desperately needed.

[1] Mark Hosenball, Homeland Security Steps up Warnings about 2020 Election Security, Reuters (Oct. 6, 2020, 2:11 PM),

[2] David E. Sanger & Nicole Perlroth, Microsoft Takes Down a Risk to the Election, and Finds the U.S. Doing the Same, (Oct. 12, 2020) N.Y. Times,

[3] Tom Burt, New Action to Combat Ransomware Ahead of U.S. Elections, Microsoft on the Issues (Oct. 12, 2020),

[4] Ellen Nakashima, Cyber Command has Sought to Disrupt the World’s Largest Botnet, Hoping to Reduce its Potential Impact on the Election, Wash. Post (Oct. 9, 2020, 8:16 PM),

[5] Id.

[6] Jay Greene, Security Firms Call Microsoft’s Effort to Disrupt Botnet to Protect Against Election Interference Ineffective, Wash. Post (Oct. 16, 2020, 7:57 PM),

[7] Burt, supra note 3.

[8] 17 U.S.C. 101 §§ et. seq.

[9] See Complaint, Microsoft Corp. v. John Does 1-2, No. 1:20-1171,at 20–21 (E.D. Va. Oct. 6, 2020).

[10] Microsoft Corp. v. John Does 1-2, supra note 8, ¶ 59.

[11] Id. ¶¶ 47, 64.

[12] Burt, supra note 3.

[13] Frank Bajak, Microsoft Attempts Takedown of Global Criminal Botnet, AP News (Oct. 12, 2020), (quoting Paul Vixie of Farsight Security).

[14] Catalin Cimpanu, TrickBot Botnet Survives Takedown Attempt, but Microsoft Sets New Legal Precedent, ZDNet (Oct. 12, 2020, 5:51 PM),

[15] Jay Greene, Security Firms Call Microsoft’s Effort to Disrupt Botnet to Protect Against Election Interference Ineffective, Wash. Post (Oct. 16, 2020, 7:57 PM),

[16] Carrie Cordero, Intelligence Officials are now Warning About Election Interference in Real Time, Wash. Post (Oct. 22, 2020, 6:34 PM),

[17] Id.  

[18] Josephine Wolff, Why are Private Companies Telling us More about Election Interference than the Government is?, Slate (Sept. 14, 2020, 5:44 PM),

Share this post