June 1, 2017
-
Anissa Khalid
,

Global Elections, Global Problems

<p>The next in a series of pivotal elections is set to take place on June 8th in the United Kingdom, replacing Members of Parliament (MPs) and the Prime Minister. Previous elections in the United States, the Netherlands, and France were marked by an unprecedented number of cyber attacks, releases of private information, and proliferation of fake news that aimed to disrupt and skew public opinions of candidates and their political parties. The candidates of these elections reflect a stark contrast in the current political sphere of globalization versus populist and nationalistic leanings. The hacks thus far have favored populist candidates, which is unsurprising considering their origin.</p><h2>The Man Behind the (Iron) Curtain</h2><p>The Russian hacker group attributed to these attacks is known by many names- <a href="https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/espionage-cyber-propaganda-two-years-of-pawn-storm" target="_blank">Pawn Storm</a>, APT28, Fancy Bear, Sofancy, and Stronium. They are reportedly affiliated with the Russian military intelligence agency GRU, or directly to the Russian government itself.</p><p>The group’s origins date back to 2004 with attacks on opposition activists in Russia and neighboring countries such as Ukraine. Recent attacks have become increasingly visible, targeting most notably the recent elections in Western countries. Their goal is to steal confidential information from specific targets, spread misinformation, and seed distrust. These mass-coordinated attacks require a significant investment in time and resources, of a kind that’s unlikely without government backing.</p><h2>What this means for the U.K. election</h2><p>The U.K.’s general election would traditionally take place every five years, but Prime Minister Theresa May’s call for a <a href="https://www.nytimes.com/2017/04/19/world/europe/uk-general-election.html?_r=0" target="_blank">snap election</a> was met with favor by parliament in April. This is a direct contradiction of her earlier promises not to call for a snap election, but the political gamble could result in a larger majority standing within Parliament. This would aid in negotiations for Brexit, which is scheduled to occur in March of 2019. As leader of the Conservative Party Theresa May is <a href="https://www.nytimes.com/2017/04/18/world/europe/britain-snap-election-brexit-theresa-may-questions.html?action=click&amp;contentCollection=Europe&amp;module=RelatedCoverage®ion=EndOfArticle&amp;pgtype=article" target="_blank">projected to win</a>.</p><p>Labour Party front-runner Jeremy Corbyn is seen as the candidate most likely to be favored by Fancy Bear. Corbyn has called for better relations and a de-escalation of tensions with Moscow, which would likely entail a <a href="https://www.theguardian.com/politics/2016/nov/13/jeremy-corbyn-hints-at-reducing-nato-presence-russia-putin" target="_blank">de-militarization</a> of the Baltic region. Increased military presence among the U.S., U.K., and Russia has incited each side to further expand their operations, leading to the largest deployment of troops within Poland since the end of the Cold War. Corbyn has been quoted as stating that de-escalation is necessary to prevent a return to Cold War relations between multiple nuclear-armed powers. His opposition has responded that he is likelier to <a href="https://www.theguardian.com/politics/2017/jan/12/army-minister-accuses-corbyn-of-siding-with-russia-against-nato" target="_blank">comply with Russian aggression</a> than to stand by NATO allies.</p><p>In order to win the election, May, Corbyn, or their opponents would have to reach an overall majority of 326 Members of Parliament (MPs), which is exactly one more than half of them. The Queen then traditionally invites the leader of the party to form the new government, and the party leader to become leader to become the Prime Minister.</p><p>The U.K.’s <a href="http://www.parliament.uk/education/about-your-parliament/general-elections/" target="_blank">election process</a> itself will prove difficult for Fancy Bear to tamper with- each vote is cast and counted by hand. The U.K. is divided into 650 areas, called constituencies, that vote on the same day across England, Wales, Scotland, and Northern Ireland. The MPs voted in will represent each area within the House of Commons in London. Temporary staff are hired to count the ballots by hand with each constituency famously competing to see who can finish their count first.</p><p>The validity of these votes are determined by Acting Returning Officers (AROs), who are responsible for nominations, distribution of poll cards and ballot papers, conducting of the polls, and counting votes. Should any errors occur, they are legally and financially liable.</p><p>The U.K. has assured its citizens that adequate cyber security measures are in place to stop attempts to undermine or sway polls, and that they are prepared for mass-attacks such as those most recently seen on the Macron campaign. Unfortunately, the propagation of false and slanderous news is still likely to occur.</p><h2>Election Tampering Across the Globe</h2><h3>United States</h3><p>In the months prior to the 2016 U.S. presidential election, thousands of stolen emails and documents were leaked from the Hillary Clinton campaign and the Democratic National Convention (DNC). The release of negative information regarding a candidate is common practice, but this attack is unique in its volume and possible intent. Hillary Clinton’s campaign blamed Russia not only for the hack but also of deliberately attempting to help Trump win the election. On October 7th of 2016 the Obama administration officially accused the Russian government of releasing sensitive information in an effort “to interfere with the U.S. election process.”</p><p>For an in-depth exploration of the events surrounding the 2016 U.S. presidential election, download our whitepaper <a href="{page_3450}">Election Security in an Information Age</a>.</p><h3>The Netherlands</h3><p>In the Netherlands’ March election, concerns over security were so great that every vote was <a href="https://www.nytimes.com/2017/02/01/world/europe/netherlands-hacking-concerns-hand-count-ballots.html" target="_blank">counted by hand</a>. Interior Minister Ronald Plasterk directly cited Russia as a factor in this decision, along with insecure and outdated counting software.</p><p>Prime Minister Mark Rutte defeated anti-Islam and anti-EU candidate Geert Wilders. Many see Rutte’s victory as a dam to the populist wave seen with Brexit and Donald Trump’s election within the U.S.</p><h3>France</h3><p>France’s May 7th election saw the victory of Emmanuel Macron against Marine Le Pen. A former banker and Economy Minister, Macron favors a strong European Union with France at its center. Conversely, Le Pen wished to reinstate stricter borders and lessen immigration, hold a referendum for withdrawing France from the EU, and strengthen ties with Russia. She has openly admitted that her campaign benefitted from Russian finance.</p><p>Cyber security firm Trend Micro found <a href="https://www.theguardian.com/world/2017/apr/25/hackers-have-targeted-election-campaign-of-macron-says-cyber-firm" target="_blank">evidence</a> that Fancy Bear targeted the campaign of Emmanuel Macron. They created at least four different domains with addresses similar to the official name of his party, En Marche, and his official website, en-marche.fr, in a practice known as <a href="https://www.anomali.com/blog/why-brand-monitoring-is-a-security-issue-typosquatting">typosquatting</a>. The phishing emails included the actual names of campaign staff, making them likelier to succeed in their deception.</p><p>Knowing that a targeted attack was inevitable, the Macron campaign engaged in a <a href="https://www.nytimes.com/2017/05/09/world/europe/hackers-came-but-the-french-were-prepared.html" target="_blank">“cyber-blurring” strategy</a>, whereby fake email accounts were seeded with false documents to slow down hackers.</p><p>Fancy Bear has found success previously in creating false domains to launch phishing campaigns which resulted in the United States' John Podesta and Colin Powell giving away their passwords. This primarily led to a storm of negative publicity for the Clinton campaign.</p><p>The French government cyber security agency ANSSI confirmed attacks on the Macron campaign but has not officially named Russia as the culprit. Kremlin spokesman Dmitry Peskov is quoted as stating “We didn’t have and do not have any intention of interfering in the internal affairs of other countries, or in their electoral processes in particular. That there is a hysterical anti-Putin campaign in certain countries abroad is an obvious fact.”</p><h3>Germany</h3><p>Germany’s parliamentary election will take place September 24th, 2017. The current Chancellor, Angela Merkel, has warned of imminent <a href="http://www.dw.com/en/merkel-warns-of-russian-cyber-attacks-in-german-elections/a-36314197" target="_blank">cyber attacks</a> as the election approaches. Whether or not she is targeted, her recent <a href="http://www.dw.com/en/what-does-the-victory-of-merkels-cdu-in-a-regional-election-spell-for-germany/a-38838076" target="_blank">victory in elections</a> within the state of North Rhine-Westphalia show promise for her re-election.</p><p>Should a populist candidate instead claim victory in Germany, it could prove disastrous for the European Union. At the least, it would give the populist movement a strong resurgence within Europe.</p><h2>What can we expect going forward?</h2><p>It’s unclear as of yet what effect Fancy Bear’s influence will have on the U.K. election. Disruptive tactics that proved successful in the U.S. election were largely thwarted in France’s election as governments and political parties incorporated more effective cyber strategies. So far we’ve seen large-scale operations focused on credential phishing, which will likely continue. However, as more precautions are taken and more collaboration encouraged, groups like Fancy Bear may have to change their methodology.</p><p>Companies involved in media such as Facebook are attempting to do their part to mitigate the spread of fake news, having already suspended 30,000 accounts and launching a News Feed tool to help spot fakes.</p><p>Regardless of which tactics they employ, it’s clear that Fancy Bear will continue their efforts to encourage victory for candidates that are pro-Russia and in favor of weakening the European Union. The United Kingdom finds themselves in the unique position of already haven chosen to leave the E.U. with Brexit. What’s at stake in this election is not whether or not to stay, but how abrupt and disruptive that departure will be.</p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.