Europe’s Most Hackable Election

Uploaded on 2019-01-29 in INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW, NEWS-Cybersecurity News

The EU faces hackers, trolls and foreign agents as it gears up for a vote in May. Three years after Russian disinformation campaigns disrupted the 2016 US presidential election and possibly influenced the result of the Brexit vote, European officials are worried the European Parliament election in May is next.

“In 2016 we stopped being naive,” said Liisa Past, a former chief research officer at the Estonian Information System Authority who coordinated security preparations across Europe last year. “Since then we have tested national systems for the security environment as we now know it. But the last European election was 2014 and that system hasn't been tested in this new security environment.”

The election, in which voters in 27 countries will install a new European Parliament and by extension a new crop of top EU officials, is uniquely vulnerable, officials say.

“Given the dispersed nature and comparatively long duration of the European Parliament elections, they present a tempting target for malicious actors,” European Commissioner for Security Julian King told Politico. “Everyone needs to take responsibility for this, a system is only as secure as the weakest link in the chain.”The “European election” is in fact a series of simultaneous elections that will take place on May 23-26, in which the integrity of the vote depends on how 27 national governments fend off hackers and other threats. 

While some governments are better prepared than others, it would only take one successful act of disruption to cast doubt on the composition of the next European Parliament.

“A successful campaign against one-member state that includes cyber-enabled elements could mean that the assignment of seats cannot be confirmed thus compromising the entirety of election processes,” said a recent EU report into the cyber risks to the election. A security incident "could impact the ability of the European Parliament to convene and thus could affect the very functioning of the European Union.”

Threats to the integrity include disinformation campaigns, cybersecurity breaches and digital tampering with the outcome of the votes.

Trolling the Election
Experts are most worried about the threat of disinformation. In Europe, automated bots, sometimes backed by governments, have shaped and shifted the online conversation.

Bots have been used to influence the debates regarding independence in Catalonia and immigration in Italy. Misinformation linked to Russia's Internet Research Agency in St. Petersburg was deployed in the Netherlands to influence Dutch opinion against Ukraine, investigative news website Bellingcat reported. Disinformation and "fake news" has also been weaponised by domestic groups, used to influence the discussion around the Yellow Jacket protests in France and derail the hotly debated UN migration deal.

“If you're successful in your information operations you don't need to do decent cybersecurity or operational security,” said Past. Using disinformation “is the lower-hanging fruit right now,” she said. The proliferation of fake news is a top concern among European citizens, according to a poll conducted in September: Seventy-three percent of respondents said they are concerned or very concerned about disinformation or misinformation.

Companies like Twitter and Facebook acknowledge that fake accounts are a threat to the integrity of elections. Twitter added figures on “platform manipulation” in 2018 to its biannual transparency reports, hoping to increase public understanding of what it calls "attempts to disrupt the health of the public conversation via malicious automation and spam tactics."

Between January and June 2018, the social media company detected more than 232,450,000 suspected fake accounts worldwide (the company doesn’t provide a regional breakdown of the data). Seventy-five percent of the accounts were eventually suspended.

Under pressure from the European Commission, social media platforms adopted a fake news code of practice. Google, Facebook, Twitter and Mozilla and a range of umbrella associations and industry groups are expected to release new figures on their fight against disinformation later this month.

The report will include social media companies’ statistics on who has bought political advertisements, deployed fake news campaigns or spread disinformation through bot accounts and so-called troll farms. The tech firms will provide monthly updates from now until May.

"The European Commission's exercise of soft power has already pushed the platforms further than is legally required of them," said Rasmus Kleis Nielsen, director of the Reuters Institute for the Study of Journalism. Tech companies are often not legally liable for what happens on their platforms — though electoral law is slowly being updated to include the online sphere.
But, Nielsen added, “commitments of more transparency, public scrutiny and third-party compliance are vague still.”

The Commission also asked national authorities to monitor disinformation and share their findings with other EU capitals through a “rapid alert system” that would be set up by March and would warn countries and media about a wave of fake news stories.

Data Dumps
With just months to go before Europeans head to the polls, recent news from Berlin highlighted another threat to the integrity of the May election: the hacking of politicians' data. German authorities this month arrested a 20-year-old student who confessed to having illegally accessed information about more than 1,000 public figures, including high-ranking politicians like the country's president, Frank-Walter Steinmeier, Green Party leader Robert Habeck and Chancellor Angela Merkel.

The German breach is just the latest report of IT networks getting hacked, and its provenance illustrates just how easy it can be for cyber crooks to gather sensitive information that can disrupt a campaign. The investigation is ongoing, but Seehofer indicated that the hacker took advantage of politicians' poor password security to access a handful of online accounts to gather private conversations, mobile numbers and other personal information.

“The European political parties are one of the potential weak links,” said Fabrice Pothier, senior adviser for the Transatlantic Commission on Election Integrity. In addition to careless politicians allowing hackers access to sensitive information, he said there’s a lack of transparency in how foreign influencers fund and support political parties in Europe.

The source of the threat is widespread. Political rivals have an interest in hacking each other, in a modern-day version of the Watergate scandal. And cybersecurity companies, too, have an interest in demonstrating their services and counter-services in election times.

US intelligence officials have accused Russia, China, Iran and North Korea of seeking to influence the country’s election process. And the German hack revealed that even so-called script kiddies acting alone can be a threat.
Microsoft said technologies used in 11 EU countries shows the majority of governments stick to paper ballots and counting on paper. But many countries keep a voter registry online and disseminate results of the vote on the web.
Countries like Belgium use voting computers for some citizens to cast their ballot, and many use electronic means to aggregate votes, whether it is to count paper ballots or send the result from local polling stations to a central electoral authority that does a final count.

Estonia is the only EU country allowing for citizens to cast their vote online through its “i-voting” system. The tech-savvy country uses similar security checks deployed for a series of e-government services and claims the process is largely safe from hacking.

Some countries like the Netherlands and Germany previously decided to cut computers from large parts of its electoral process. The Netherlands did so in 2017, after years of back-and-forth between the election organizers and hacktivists that kept coming up with new vulnerabilities.

The European Commission has gathered national electoral councils for a meeting next Monday in Brussels. It is the first gathering of the councils since the Commission announced its plans to beef up election security in September. A second meeting is scheduled for February.

Politico

You Might Also Read:

Neither US, Russia Or China Will Sign Macron's Cyber Pact:

 

« Connecting African IT & Software Developers With Top Tech Companies
How Blockchain Technology Can Improve US Infrastructure »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Konfidas

Konfidas

Konfidas provide high-level cybersecurity consulting and professional tailored solutions to meet specific cybersecurity operational needs.

Oodrive

Oodrive

Oodrive is the first trusted European collaborative suite allowing users to collaborate, communicate and streamline business with transparent tools that ensure security.

Morphus Information Security

Morphus Information Security

Morphus is an information security company providing Red Team, Blue Team and GRC services as well as conducting research in cybersecurity and threat analysis.

Danish Maritime Cybersecurity Unit

Danish Maritime Cybersecurity Unit

The Danish Maritime Cybersecurity Unit is tasked with delivering the initiatives set out in the Cyber and Information Security Strategy for the Maritime Sector.

Netsecurity AS

Netsecurity AS

Netsecurity is a Norwegian owned company focused and specialised within IT security and cybersecurity-as-a service.

Bellvista Capital

Bellvista Capital

Bellvista Capital connects entrepreneurs with capital and unmatched business expertise in the technology areas of Cloud Computing, Cyber Security and Data Analytics.

Google for Startups

Google for Startups

Google for Startups is Google’s initiative to help startups thrive across every corner of the world.

ePLDT

ePLDT

ePLDT delivers best-in-class digital business solutions that include Cloud, Cyber Security, purpose-built Data Center facilities and Managed IT Services.

N8 Identity

N8 Identity

N8 Identity helps organizations realize the vision of Autonomous Identity Governance™ with AI-driven Identity solutions.

Barikat Cyber Security

Barikat Cyber Security

Barikat is a provider of information security solution and services including security analysis and compliance, security testing, managed security services, incident response and training.

Tracepoint

Tracepoint

Tracepoint provide full-service cyber incident response, remediation and recovery solutions for the most time-sensitive situation your company may ever face.

Easy Dynamics

Easy Dynamics

Easy Dynamics is a leading technology services provider with a core focus in Cybersecurity, Cloud Computing, and Information Sharing.

Strategic Technology Solutions (STS)

Strategic Technology Solutions (STS)

Strategic Technology Solutions specialize in providing Cybersecurity and Managed IT Services to the legal industry.

Reveald

Reveald

Reveald is making Exposure Management a reality to solve the biggest challenges in cybersecurity with a trailblazing ‘offense to defense’ approach that gives the advantage back to the business.

NetSfere

NetSfere

NetSfere provides next-generation messaging and mobility solutions to carriers and enterprises globally including its enterprise-grade, secure mobile messaging platform NetSfere Enterprise.

Taktika

Taktika

Taktika stands at the forefront of cybersecurity defense, offering cutting-edge integration and managed Security Operations Center (SOC) services.