The French television network TV5 Monde is the Francophone equivalent of CNN or BBC World News – a global, 24-hour current affairs network. It claims to be one of the three most widely available TV networks in the world. On 8 April 2015, without warning, all of TV5’s international channels went off-air.
It quickly became clear that the outage was the result of a cyberattack. Responsibility for the hack was claimed almost immediately by a group called the ‘Cyber Caliphate’, ostensibly from the Islamic State; the group also hacked TV5’s website and Facebook page, where it posted jihadist propaganda. However, the sophisticated methods used – systems were compromised weeks in advance using espionage techniques, custom software was written to target the encoders used by the TV station – pointed elsewhere. French and US security services found that the most likely perpetrator was a group that had previously launched cyberattacks on the White House and other NATO governments. The hackers collectively referred to themselves at the time as “Pawn Storm” or “APT28”. More recently, the group has identified itself by another name: Fancy Bear.
Following its actions against the World Anti-Doping Agency, the Democratic National Congress, and the governments of the Netherlands, Germany and the Ukraine, Fancy Bear has been linked by security researchers to Russian foreign intelligence, with a number of security firms stating publicly that it is likely to be sponsored by the Russian government.
At the time, the motive for the TV5 hack was unclear. It was suggested that Russia – if it was Russia – may have been testing its capabilities. In the light of other attacks, however, it could be viewed as having been a test not only of Fancy Bear’s ability to disable a major TV network, but also of its ability to push a message – about immigration and French military involvement in Syria – into other media and social networks.
Since TV5, other major cyberattacks have displayed this two-pronged form. The theft of data from the servers of the Democratic National Congress prior to the US presidential election was not just a theft; the stolen emails and documents were not exploited privately but released publicly, in a manner and to a schedule that benefited Russia’s preferred candidate in the US presidential election. A declassified version of the findings of the CIA, FBI and NSA recognised the two-pronged approach, stating that it “blends covert intelligence operations—such as cyber activity—with overt efforts by Russian government agencies, state-funded media, third-party intermediaries, and paid social media users”.
It is impossible to say exactly how many votes were decided by the “Russian messaging strategy,” described in the US intelligence community’s report. But it is certainly true that Moscow’s preferred candidate won.
Towards the end of the intelligence report, the Russian messaging strategy is described as “the new normal”. Following its (real or perceived) success in the US, “Moscow will apply lessons learned from its campaign aimed at the US presidential election to future influence efforts in the United States and worldwide.” This year, the Russian messaging strategy could bring down a target more valuable to Putin than even the US presidency: the EU.
In March and April, the Dutch and French elections offer the chance for Russia to “boost”, in the language of social media marketing, candidates that would call referendums on their EU membership.
“There are at least four ways in which a foreign adversary can subvert the democratic elective process”, says Dr Lucas Kello, senior lecturer in international relations and director of the Cyber Studies programme at Oxford University. An adversary can manipulate voters using an overt public message – “disseminating unfavourable news, real or fake, about the target candidate to diminish his or her popular support,” or “by unobstructively but demonstrably penetrating voting or registration machines with malware in order to erode public confidence in the voting outcome.” They can affect how many people vote, “by attacking voter registration systems to diminish turnout among sectors of the electorate that tend to favour the target candidate,” and, finally, they can directly compromise the result by “attacking voting or vote counting machines with malware to alter the voting results.”
In Holland, voter confidence may already have been eroded. Earlier this month, the interior minister Ronald Plasterk announced that all votes in the March election will be counted by hand. Elections become more complicated under the Russian messaging strategy; a government that protects itself against one of the attacks Kello describes automatically calls into question the integrity of its own electoral process.
In France, ANSSI director Guillaume Poupard described last month “a real strategy that includes cyberattacks, interference and leaked information.” The current favourite – strongly pro-European candidate Emmanuel Macron – has become the main target. Macron’s campaign manager, Richard Ferrand, said this month that “hundreds and even thousands” of direct hacking attempts had been made from within Russia. At the same time, Macron has been subject to a deluge of unsubstantiated coverage, including reports that he is an “agent of the American banking system”, and that he is backed by a “very rich, gay lobby”. Wikileaks – the website that released the hacked emails of the DNC – claims to have thousands of hacked documents on Macron. If this is true, it is likely that they will be released at a time designed to cause maximum damage to his campaign. Votes that do not go to Macron may then head further right, to the vociferously anti-EU Marine Le Pen.
One of the things that makes the Russian messaging strategy so effective is that it is at least partly legal. As Dr Lucas Kello points out, “International law does not prohibit interstate espionage. Although almost all domestic penal codes criminalise the unauthorised access to a computer system to seize its data, no international treaty forbids this activity. Disruptive or destructive cyberattacks may breach treaty obligations, but only if they produce consequences that are similar to an act of war or a use of force.” This, says Kello, is new territory for diplomacy. For the first time, one nation can replace another’s government without invading. “One of the distinguishing features of virtual weapons is that they can significantly affect national security – for example, if they alter electoral outcomes – without satisfying those rigid legal criteria.”
Following the Dutch and French elections, the grand prize for the Russian messaging strategy will become available in September, when Germany elects its next Chancellor. The relationship between Angela Merkel and Vladimir Putin has never warmed beyond a frosty mutual tolerance. Merkel grew up behind the Iron Curtain in East Germany. In a Stasi document from 1984, an informant described the young Merkel as “very critical” of the Soviet Union, which she saw as “a dictatorship”. Putin was an agent of that dictatorship, as a KGB agent in Dresden. As heads of state, the tone for their meetings was set in 2007, when Putin had his large black labrador brought into a meeting with Merkel – who is known to have a profound phobia of dogs. The German Chancellor’s response was withering. “He’s afraid of his own weakness,” she explained of the incident, reflecting that “Russia has nothing, no successful politics or economy. All they have is this.” As the most powerful woman in the EU, Merkel presided over an economy 13 times the size of Russia and enjoyed a strong relationship with the US. A decade later, with a pro-Putin president installed in the White House and the EU’s second-largest economy preparing to leave, Merkel does not hold so many aces.
“There is a serious threat of interference in our upcoming federal elections,” agrees Phillipp von Saldern, President of the Cyber Security Council of Germany. “But, and this is very important, such attempts can come from everywhere. Different parties could be interested in attacking our elections. These could be private actors – script-kiddies, hacker-syndicates, criminal organisations or even companies. On the other hand we have other states or organisations with strong ties to a state.”
The first step in protecting elections against attacks, says von Saldern, is to consider “every attacker, no matter what background he has. To avoid direct attacks as the one on our Bundestag, we have to keep our security-measures as up-to-date as possible. This requires constant knowledge transfer between different authorities on a federal level, as well as with our “Länder”[local government] authorities, but also with our economy and with international partners.”
“Protection against fake news,” he adds, “is just possible, if we cooperate with the platforms where they are posted, such as Twitter or Facebook, and if we find clear regulations about their responsibilities. We also need to sensitise our society to the subject of fake news, so that our citizens proof properly what they read and are willing to report suspicious information.”
Facebook and Twitter, he says, have “a responsibility to prevent [fake news]. Major platforms, such as Facebook currently have already announced, that they will do more to prevent fake news on their pages, but it is still unclear how this should work. To my opinion the only way to hold such online-platforms to their responsibility are clear regulations from our state.”
“Time is running out,” he concludes. “It is very urgent that our government acts here as soon as possible.”