Show Hide image

Delude and conquer: inside the Russian messaging strategy

Cyberattacks, leaks and fake news have changed the electoral landscape. Dr Lucas Kello and Philipp von Saldern wonder if, this year, Russia will win every election in Europe.


The French television network TV5 Monde is the Francophone equivalent of CNN or BBC World News – a global, 24-hour current affairs network. It claims to be one of the three most widely available TV networks in the world. On 8 April 2015, without warning, all of TV5’s international channels went off-air.

It quickly became clear that the outage was the result of a cyberattack. Responsibility for the hack was claimed almost immediately by a group called the ‘Cyber Caliphate’, ostensibly from the Islamic State; the group also hacked TV5’s website and Facebook page, where it posted jihadist propaganda. However, the sophisticated methods used – systems were compromised weeks in advance using espionage techniques, custom software was written to target the encoders used by the TV station – pointed elsewhere. French and US security services found that the most likely perpetrator was a group that had previously launched cyberattacks on the White House and other NATO governments. The hackers collectively referred to themselves at the time as “Pawn Storm” or “APT28”. More recently, the group has identified itself by another name: Fancy Bear.

Following its actions against the World Anti-Doping Agency, the Democratic National Congress, and the governments of the Netherlands, Germany and the Ukraine, Fancy Bear has been linked by security researchers to Russian foreign intelligence, with a number of security firms stating publicly that it is likely to be sponsored by the Russian government.

At the time, the motive for the TV5 hack was unclear. It was suggested that Russia – if it was Russia – may have been testing its capabilities. In the light of other attacks, however, it could be viewed as having been a test not only of Fancy Bear’s ability to disable a major TV network, but also of its ability to push a message – about immigration and French military involvement in Syria – into other media and social networks.

Since TV5, other major cyberattacks have displayed this two-pronged form. The theft of data from the servers of the Democratic National Congress prior to the US presidential election was not just a theft; the stolen emails and documents were not exploited privately but released publicly, in a manner and to a schedule that benefited Russia’s preferred candidate in the US presidential election. A declassified version of the findings of the CIA, FBI and NSA recognised the two-pronged approach, stating that it “blends covert intelligence operations—such as cyber activity—with overt efforts by Russian government agencies, state-funded media, third-party intermediaries, and paid social media users”.

It is impossible to say exactly how many votes were decided by the “Russian messaging strategy,” described in the US intelligence community’s report. But it is certainly true that Moscow’s preferred candidate won.

Towards the end of the intelligence report, the Russian messaging strategy is described as “the new normal”. Following its (real or perceived) success in the US, “Moscow will apply lessons learned from its campaign aimed at the US presidential election to future influence efforts in the United States and worldwide.” This year, the Russian messaging strategy could bring down a target more valuable to Putin than even the US presidency: the EU.

In March and April, the Dutch and French elections offer the chance for Russia to “boost”, in the language of social media marketing, candidates that would call referendums on their EU membership.

“There are at least four ways in which a foreign adversary can subvert the democratic elective process”, says Dr Lucas Kello, senior lecturer in international relations and director of the Cyber Studies programme at Oxford University. An adversary can manipulate voters using an overt public message – “disseminating unfavourable news, real or fake, about the target candidate to diminish his or her popular support,” or “by unobstructively but demonstrably penetrating voting or registration machines with malware in order to erode public confidence in the voting outcome.” They can affect how many people vote, “by attacking voter registration systems to diminish turnout among sectors of the electorate that tend to favour the target candidate,” and, finally, they can directly compromise the result by “attacking voting or vote counting machines with malware to alter the voting results.”

In Holland, voter confidence may already have been eroded. Earlier this month, the interior minister Ronald Plasterk announced that all votes in the March election will be counted by hand. Elections become more complicated under the Russian messaging strategy; a government that protects itself against one of the attacks Kello describes automatically calls into question the integrity of its own electoral process.

In France, ANSSI director Guillaume Poupard described last month “a real strategy that includes cyberattacks, interference and leaked information.” The current favourite – strongly pro-European candidate Emmanuel Macron – has become the main target. Macron’s campaign manager, Richard Ferrand, said this month that “hundreds and even thousands” of direct hacking attempts had been made from within Russia. At the same time, Macron has been subject to a deluge of unsubstantiated coverage, including reports that he is an “agent of the American banking system”, and that he is backed by a “very rich, gay lobby”. Wikileaks – the website that released the hacked emails of the DNC – claims to have thousands of hacked documents on Macron. If this is true, it is likely that they will be released at a time designed to cause maximum damage to his campaign. Votes that do not go to Macron may then head further right, to the vociferously anti-EU Marine Le Pen.

One of the things that makes the Russian messaging strategy so effective is that it is at least partly legal. As Dr Lucas Kello points out, “International law does not prohibit interstate espionage. Although almost all domestic penal codes criminalise the unauthorised access to a computer system to seize its data, no international treaty forbids this activity. Disruptive or destructive cyberattacks may breach treaty obligations, but only if they produce consequences that are similar to an act of war or a use of force.” This, says Kello, is new territory for diplomacy. For the first time, one nation can replace another’s government without invading. “One of the distinguishing features of virtual weapons is that they can significantly affect national security – for example, if they alter electoral outcomes – without satisfying those rigid legal criteria.”

Following the Dutch and French elections, the grand prize for the Russian messaging strategy will become available in September, when Germany elects its next Chancellor. The relationship between Angela Merkel and Vladimir Putin has never warmed beyond a frosty mutual tolerance. Merkel grew up behind the Iron Curtain in East Germany. In a Stasi document from 1984, an informant described the young Merkel as “very critical” of the Soviet Union, which she saw as “a dictatorship”. Putin was an agent of that dictatorship, as a KGB agent in Dresden. As heads of state, the tone for their meetings was set in 2007, when Putin had his large black labrador brought into a meeting with Merkel – who is known to have a profound phobia of dogs. The German Chancellor’s response was withering. “He’s afraid of his own weakness,” she explained of the incident, reflecting that “Russia has nothing, no successful politics or economy. All they have is this.” As the most powerful woman in the EU, Merkel presided over an economy 13 times the size of Russia and enjoyed a strong relationship with the US. A decade later, with a pro-Putin president installed in the White House and the EU’s second-largest economy preparing to leave, Merkel does not hold so many aces.

“There is a serious threat of interference in our upcoming federal elections,” agrees Phillipp von Saldern, President of the Cyber Security Council of Germany. “But, and this is very important, such attempts can come from everywhere. Different parties could be interested in attacking our elections. These could be private actors - script-kiddies, hacker-syndicates, criminal organisations or even companies. On the other hand we have other states or organisations with strong ties to a state.”

The first step in protecting elections against attacks, says von Saldern, is to consider “every attacker, no matter what background he has. To avoid direct attacks as the one on our Bundestag, we have to keep our security-measures as up-to-date as possible. This requires constant knowledge transfer between different authorities on a federal level, as well as with our “Länder”[local government] authorities, but also with our economy and with international partners.”

“Protection against fake news,” he adds, “is just possible, if we cooperate with the platforms where they are posted, such as Twitter or Facebook, and if we find clear regulations about their responsibilities. We also need to sensitise our society to the subject of fake news, so that our citizens proof properly what they read and are willing to report suspicious information.”

Facebook and Twitter, he says, have “a responsibility to prevent [fake news]. Major platforms, such as Facebook currently have already announced, that they will do more to prevent fake news on their pages, but it is still unclear how this should work. To my opinion the only way to hold such online-platforms to their responsibility are clear regulations from our state.”

“Time is running out,” he concludes. “It is very urgent that our government acts here as soon as possible.”

Will Dunn is the New Statesman's Special Projects Editor. 

Show Hide image

Investing in a secure future

Increased training and investment in cyber security infrastructure are essential in the digital age.

It is easy to underestimate how crucial the internet is to our everyday lives. It has become an essential tool in the way we communicate with others and conduct business both at home and abroad. More than 1.6m people work in the digital sector or in digital tech roles in the United Kingdom and the internet continues to provide individuals and businesses with huge opportunities.

However, we know that criminals seek to exploit the many benefits of the internet for their own personal gain, often at great expense to others. The WannaCry ransomware attack, which hit the NHS as well as other organisations, highlights the seriousness of the threat and reinforces the need to properly protect ourselves online.

In the recent Cyber Security Breaches Survey 2017, just under half (46 per cent) of all businesses identified at least one breach or attack in the last year. Although it is difficult to put an exact figure on how much this cost the UK economy, it is likely to be in the billions.

We are also all too aware of attacks by hostile state actors who look to exploit the UK through intellectual property theft, in order to further their own interests and prosperity. We take these attempts to disrupt our national security very seriously.

That is why this the government set up the National Cyber Security Centre (NCSC), which provides cyber security at a national level. In its first year of being operational, the NCSC responded to 590 significant cyber incidents, more than 30 of which were sufficiently serious to require a cross-government response.

It is not just large organisations and our national infrastructure that are targeted by online criminals; individuals also face the daily threat of being scammed in their own homes. It is now the case that British citizens are 20 times more likely to be defrauded at their computer than mugged in the street.

It is a threat we all face. I strongly believe that we – individuals, businesses and the government – must play our own part to mitigate the risk and ensure that the internet is a safe and secure space for everyone. The government has legislated within the Serious Crime Act 2015 to create a new offence that applies where an unauthorised act in relation to a computer results in serious damage to the economy, the environment, national security or human welfare, or a risk of such damage occurring.

Legislating against online criminality goes some way to tackling the problem; however, close collaboration between the government, business and international partners is essential in combating the increasingly sophisticated attacks that the UK faces.

We work closely with the NCSC, which acts as a bridge between industry and government, providing a unified source of advice and the management of cyber-related incidents. It is at the heart of the government’s 2016 National Cyber Security Strategy, which is supported by £1.9bn of transformational investment to 2021.

Our law enforcement agencies across England and Wales also play a vital role in disrupting the activities of cyber criminals and bringing them to justice. They now operate as a single networked resource with the National Crime Agency (NCA) and Regional Cyber Crime Units using shared intelligence and capabilities. The NCA also has a dedicated Dark Web Intelligence Unit which targets those criminals who exploit hidden areas of the internet.

But we also want people to take their own preventative measures, so that they don’t become a target by criminals operating in the cyber space. We are running a series of campaigns and programmes which aim to encourage individuals and businesses to adopt more secure online behaviours.

Cyber Aware works with over 320 public and private sector partner organisations to encourage us all to take simple steps to protect ourselves online including using a strong, separate password for our email accounts and installing the latest software and app updates on our electronic devices.

The NCSC has also recently launched expert guidance on how small businesses can easily avoid common online breaches and attacks. Should organisations seek to improve their cyber security further, they can get certification through the Cyber Essentials Scheme.

To further support the efforts of SMEs in improving their cyber security, regional cyber crime prevention coordinators engage with businesses and members of the public to provide customised cyber security advice based on the latest technical guidance from the NCSC.

We must also look to the future – we now have a whole generation that have grown up immersed in tech. It is hugely important that we harness their talents and put them to good use rather than letting them wander down a path towards criminal online activities.

We must train and engage with the next generation of cyber security experts and is why the NCSC is taking a leading role in promoting a culture where science and technology subjects can flourish within the education system. Their CyberFirst programme identifies and nurtures young talent through a series of summer workshops and competitions. In addition, their CyberUK 2018 programme focuses on encouraging more women to enter into the technology industry, a sector that is largely seen as male-dominated.

There is a great effort across government and law enforcement to pursue online criminals, prevent
those that are headed on a path towards criminal activity, protect the public and prepare for the many threats we face online. We will continue to invest in law enforcement capabilities at a national, regional and local level to ensure agencies have the capacity to deal with the increasing threat from cyber crime.

However, this is not a threat that we can tackle alone. It is everybody’s responsibility, from top to bottom, to follow the guidance provided and increase their awareness of cyber security in order to create a safe space to communicate and conduct business online.