Comparison & Perspective; Fielding Election Hacks Outside of the USA (Part III of IV)
Part III of IV takes us out of the USA to shed some light on the digital influencing of election processes and voting systems. Parts I and II have led us up to this point and now it is time to add some perspective and talk a bit about how other countries have handled these kinds of situations. How have they fielded election hacks/interference? Were they successfully influenced? What kinds of efforts or countermeasures were enacted? Did any of it make a difference?
COMPARISON & PERSPECTIVE
The Center for Strategic & International Studies (CSIS), a respected think tank in Washington, D.C., has compiled an up-to-date list of significant cyber incidents worldwide. While “significant” is, of course, varied based on perspective, specifically their focus is “ cyber attacks on government agencies, defense and high tech companies, or economic crimes with losses of more than a million dollars.”
The complete list can be found here. For our purposes, I have selected a few particular countries as mini case studies. We will examine the facts and separate out the fictions.
Case #1: Ukraine
In 2014, a cyberattack known as a “distributed denial-of-service,” or DDoS, was launched in Ukraine cyberspace and caused a lot of chaos.…all the more chaotic because Ukraine was currently in the middle of a revolution. At the same time as the DDoS attack, pro-Russian rebel troops armed with Russian-funded weapons seized control of the Crimean peninsula, just south of mainland Ukraine. Following this annexation by Russia, the Kremlin immediately began a political manipulation campaign targeted towards its illegally annexed “state,” Crimea.
One of the first things pro-Russian troops did after arriving in Crimea was seize the television transmitters to control the media - Ukrainian channels were taken off the air and replaced with Russian state channels. Russian broadcasters "strategically played" the already-existing “fears and prejudices” that Ukrainian citizens had about the revolutionaries in their capital, Kiev. According to this article from Wired, “ the website of Ukraine’s Central Election Commission [was compromised] to declare the winner as ultra-right candidate Dmytro Yarosh.” Even though officials spotted the attack before it was to be released, Russian state media (in apparent collusion with this hacker operation) “broadcast the fake results regardless.”
Without a doubt, Ukraine has been relentlessly targeted by Russian cyber-attacks. Things like systematic probing for vulnerabilities of Ukrainian banks and energy companies, false news articles proliferated by government-run bots and trolls, bombarding of any political opposition leader’s websites during a campaign...all are common occurrences. The effects of this manipulation campaign on the Ukrainian AND Russian public - “lies, bullying, and propaganda” - are still resonant and ongoing today.
Case #2: Germany
In the months leading up to Germany’s election in 2017, German Chancellor Angela Merkel’s allies recorded “thousands” of cyber attacks. It lined up with a pattern of similar strategic attacks against the CDU party (Christian Democratic Union) of Germany, a playbook that probed smaller state and local electoral systems in a search of vulnerabilities. One such attack occurred in 2015 on Germany's Parliament, Bundestag, and large amounts of data were stolen from several different departments. Later evidence pointed to Russia’s GRU military intelligence’s hand in this. Germany and Russia’s relationship has “soured” since German policymakers realized that “Moscow was still hoping to put NATO out of business and push the U.S. out of Europe.” Chancellor Merkel’s efforts have worked towards a growing NATO and EU unification, which are misaligned with Russian interests.
Additionally, there was another influencing group on this German election. According to a USA Today article, alliances of “anonymous online trolls and extremist agitators” supporting the far right movements flooded popular apps like Reddit, 4chan, and YouTube. Simon Hegelich, a professor of political science data at the Technical University of Munich, stated that “A lot of the stuff we are seeing in Germany can be linked to, or is at least inspired by, the ‘alt-right’ movement in the U.S.,” a group defined by racism and white nationalism. The German equivalent, Alternative for German (AfD) party, had never before won enough votes to be included in Germany’s parliament. Hours before the election in 2017, researchers at the Digital Research Forensic Lab found “automated social media accounts also linked to Russia…[which] amplified right-wing messages in favor of the Alternative for German party (AfD) which won enough votes Sunday to enter Germany’s national parliament for the first time.”
As of present day, the AfD party now currently holds 89 out of 709 seats in the Bundestag.
Case #3: United Kingdom
The United Kingdom’s case-study is recent being that a relevant, 50-page report called “The Russia Report” was just released to the public in July after a controversial 9 month delay. Compiled by the Parliament’s Intelligence and Security Committee (ICS), its delayed release by PM Boris Johnson aroused legitimate suspicions as to what kind of information the PM may be trying to hide.
After the report’s release, this article summed it up nicely: “The report, in many ways harder on British officials than the Russians, did not answer the question of whether Russia swayed one of the most consequential votes in modern British history: the 2016 referendum on leaving the European Union [Brexit]. But it was unforgiving about who is protecting British democracy. ‘No one is,’ the report’s authors said. ‘The outrage isn’t if there is interference,’ said Kevan Jones, a Labour Party member of Parliament who served on the intelligence committee that released the report. ‘The outrage is no one wanted to know if there was interference.’ ’’
It’s also interesting to note the scrutinization of potential “dirty Russian money” that has supported the UK’s political system, and how in the past British politicians have “welcomed” Russian oligarchs to London and facilitated money laundering.
Case #4: France
The French presidential election of 2017 was targeted with the same kind of tactics that had been seen in other Western countries - a few days before France’s elections, hackers leaked nine gigabytes of emails from candidate Emmanuel Macron’s campaign. However, an in-depth, insightful breakdown of this election written by French scholar Jean-Baptiste Jeangène Vilmer discusses how “Russian interference succeeded neither in interfering with the election nor in antagonizing French society. France successfully withstood the disinformation and interference.” His detailed examination attributes much of this success to a combined effort on tactics - the country having “anticipated, reacted, and coordinated its response between the Macron campaign staff, the [French] government, and civil society.”
It is important to also highlight the emphasis this same report and CSIS brief puts on the lessons learned from this experience. They include vital points such as actions carried out by authorities “independent and nonpolitical”; pressure put on digital platforms (i.e. Facebook) regarding action against disinformation; transparent & timely communication about hacking attempts; the use of humor to mock “amateurish attempts to influence the election” which delegitimized leaks of stolen/fake emails; and a strong and truthful campaign social media presence.
This French election sets a precedent that authorities CAN and HAVE demonstrated the ability to ensure integrity across the full timeline of the election process.
What perspective do these international case studies offer?
In sum, it’s not just the United States that has suffered and continues to be challenged.
A number of countries with democratic systems and election processes have been targeted by outside influence campaigns. Hackers with a variety of tech skill sets and financially backed by larger scale, organized threat groups have their “digital fingerprints on foreign elections.” And even with a metaphorical LANDSLIDE of evidence pointing to the Kremlin as the biggest player of this “unreality show,” they are not the only ones. Recent intelligence reports that similar cyber activity and intent has been tracked in both China and Iran.
It seems like more and more cyber threats with each passing year. Month. WEEK, even. It’s hard to wrap your head around.
As noted, before, it is not just the U.S. that’s affected. It’s democracy itself.
More on that next week.
Stay tuned for the CONCLUSION of our IV Part August series on #Election2020!
Part IV of IV: OUTLOOK & ACTION ITEMS…looking ahead to our future, how can we - individuals, families, interest groups, communities, businesses, etc - prevent these kinds of outside manipulations and intrusions from happening again? What can we learn from our own history and the history of other countries’ elections? What are the most important messages here and what is this whole “4-part series” even getting at?
For more information on protecting, preventing and securing all systems, please reach out to ProtectedIT here.