The spate of hacks on election campaigns and political parties included the release of private information, and proliferation of fake news that aimed to disrupt and skew public opinions of candidates and their political parties. The candidates of these elections reflect a stark contrast in the current political sphere of globalisation versus populist and nationalistic leanings. The hacks thus far have favoured populist candidates, which is unsurprising considering their origin.
The man behind the (Iron) Curtain
The Russian hacker group attributed to these attacks is known by many names – Pawn Storm, APT28, Fancy Bear, Sofancy, and Stronium. They are reportedly affiliated with the Russian military intelligence agency GRU, or directly to the Russian government itself.
>See also: Hacking the upcoming General Election
The group’s origins date back to 2004 with attacks on opposition activists in Russia and neighbouring countries such as Ukraine. Recent attacks have become increasingly visible, targeting most notably the recent elections in Western countries. Their goal is to steal confidential information from specific targets, spread misinformation, and seed distrust. These mass-coordinated attacks require a significant investment in time and resources, of a kind that’s unlikely without government backing.
What this means for the UK election
Theresa May’s call for a snap election was met with favour by parliament in April. This is a direct contradiction of her earlier promises not to call one, but the political gamble could result in a larger majority standing within Parliament. This would aid in negotiations for Brexit, which is scheduled to occur in March of 2019. As leader of the Conservative Party Theresa May is projected to win.
Whereas Jeremy Corbyn is seen as the candidate most likely to be favoured by Fancy Bear. Corbyn has called for better relations and a de-escalation of tensions with Moscow, which would likely entail a de-militarisation of the Baltic region. Increased military presence among the US, UK, and Russia has incited each side to further expand their operations, leading to the largest deployment of troops within Poland since the end of the Cold War. Corbyn has been quoted as stating that de-escalation is necessary to prevent a return to Cold War relations between multiple nuclear-armed powers. His opposition has responded that he is likelier to comply with Russian aggression than to stand by NATO allies.
In order to win the election, May, Corbyn, or their opponents would have to reach an overall majority of 326 Members of Parliament (MPs), which is exactly one more than half of them. The Queen then traditionally invites the leader of the party to form the new government, and the party leader to become the Prime Minister.
The UK’s election process itself will prove difficult for Fancy Bear to tamper with as each vote is cast and counted by hand. Temporary staff are hired to count the ballots by hand, each constituency famously competing to see who can finish their count finish.
The validity of these votes are determined by acting returning officers (AROs), who are responsible for nominations, distribution of poll cards and ballot papers, conducting of the polls, and counting votes. Should any errors occur, they are legally and financially liable.
The UK has assured its citizens that adequate cyber security measures are in place to stop attempts to undermine or sway polls, and that they are prepared for mass-attacks such as those most recently seen on the Macron campaign. Unfortunately, the propagation of false and slanderous news is still likely to occur.
Election tampering across the globe
In the months prior to the 2016 US presidential election, thousands of stolen emails and documents were leaked from the Hillary Clinton campaign and the Democratic National Convention (DNC).
The release of negative information regarding a candidate is common practice, but this attack is unique in its volume and possible intent. Hillary Clinton’s campaign blamed Russia not only for the hack but also of deliberately attempting to help Trump win the election. On October 7th of 2016 the Obama administration officially accused the Russian government of releasing sensitive information in an effort “to interfere with the U.S. election process.”
For an in-depth exploration of the events surrounding the 2016 US presidential election, download Anomali’s whitepaper Election Security in an Information Age.
In the Netherlands’ March election, concerns over security were so great that every vote was counted by hand. Interior Minister Ronald Plasterk directly cited Russia as a factor in this decision, along with insecure and outdated counting software.
Prime Minister Mark Rutte defeated anti-Islam and anti-EU candidate Geert Wilders. Many see Rutte’s victory as a dam to the populist wave seen with Brexit and Donald Trump’s election within the US.
France’s May 7th election saw the victory of Emmanuel Macron against Marine Le Pen. A former banker and Economy Minister, Macron favours a strong European Union with France at its centre.
Conversely, Le Pen wished to reinstate stricter borders and lessen immigration, hold a referendum for withdrawing France from the EU, and strengthen ties with Russia. She has openly admitted that her campaign benefitted from Russian finance.
Cyber security firm Trend Micro found evidence that Fancy Bear targeted the campaign of Emmanuel Macron. They created at least four different domains with addresses similar to the official name of his party, En Marche, and his official website, en-marche.fr, in a practice known as typosquatting. The phishing emails included the actual names of campaign staff, making them likelier to succeed in their deception.
Knowing that a targeted attack was inevitable, the Macron campaign engaged in a “cyber-blurring” strategy, whereby fake email accounts were seeded with false documents to slow down hackers.
Fancy Bear has found success previously in creating false domains to launch phishing campaigns which resulted in the United States’ John Podesta and Colin Powell giving away their passwords. This primarily led to a storm of negative publicity for the Clinton campaign.
The French government cyber security agency ANSSI confirmed attacks on the Macron campaign but has not officially named Russia as the culprit. Kremlin spokesman Dmitry Peskov is quoted as stating “We didn’t have and do not have any intention of interfering in the internal affairs of other countries, or in their electoral processes in particular. That there is a hysterical anti-Putin campaign in certain countries abroad is an obvious fact.”
Germany’s parliamentary election will take place September 24th, 2017. The current Chancellor, Angela Merkel, has warned of imminent cyber attacks as the election approaches. Whether or not she is targeted, her recent victory in elections within the state of North Rhine-Westphalia show promise for her re-election.
Should a populist candidate instead claim victory in Germany, it could prove disastrous for the European Union. At the least, it would give the populist movement a strong resurgence within Europe.
What can be expected going forward?
It’s unclear as of yet what effect Fancy Bear’s influence will have on the UK election. Disruptive tactics that proved successful in the US election were largely thwarted in France’s election as governments and political parties incorporated more effective cyber strategies.
So far we’ve seen large-scale operations focused on credential phishing, which will likely continue. However, as more precautions are taken and more collaboration encouraged, groups like Fancy Bear may have to change their methodology.
Companies involved in media such as Facebook are attempting to do their part to mitigate the spread of fake news, having already suspended 30,000 accounts and launching a News Feed tool to help spot fakes.
Regardless of which tactics they employ, it’s clear that Fancy Bear will continue their efforts to encourage victory for candidates that are pro-Russia and in favour of weakening the European Union.
The UK finds itself in the unique position of already having chosen to leave the EU with Brexit. What’s at stake in this election is not whether or not to stay, but how abrupt and disruptive that departure will be.
Sourced by Travis Farral, director of security strategy at Anomali