With campaigning for May’s European Parliament elections shifting into high gear, security officials are preparing for potential attempts by Russia-linked hackers to sway the vote — and potentially deepen divisions in the bloc.
“There’s a strong likelihood that people will try to manipulate the debates and falsify the European election results,” the EU’s security commissioner Julian King told France’s Alsace newspaper last week.
The vote is shaping up as a continental clash between populist and eurosceptic movements on the one hand, and pro-European internationalists on the other.
“It is already clear this will be the most consequential parliamentary vote in the EU’s history,” the European Council on Foreign Relations wrote in a recent report.
Moscow has long denied allegations of hacking and meddling in foreign elections through social media disinformation campaigns thought to be piloted by Russia’s GRU military intelligence agency.
But suspicions are rife that Russia has much to gain by helping populist and eurosceptic movements, some of which want to end EU sanctions on Moscow over its annexation of Crimea from Ukraine.
The biggest threat, officials say, is a three-pronged attack seen in other high-stake votes: the hacking of a political party; targeted leaks of any sensitive data, either raw or manipulated; and surreptitious social media campaigns to keep the information in the headlines.
That was the scenario that played out in the US presidential election of 2016, when Russian hackers are suspected of trying to tilt the outcome by hacking the Democratic Party.
Russian hands were also seen behind an 11th-hour hacking of Emmanuel Macron’s party ahead of the 2017 French presidential elections, when thousands of files were leaked online.
So-called “state actors” are also thought to have been involved in Britain’s Brexit vote, and in the hacking of Australian political parties last month.
“We stand a good chance of being hit with something big” ahead of the May 23-26 election, said a source in the French security services, who requested anonymity to discuss the risks.
– Bogus accounts –
In January the European Commission urged platforms like Google and Twitter, but also advertising firms, to make more progress on their pledge to fight “fake news” by removing bogus accounts and curbing suspect sites.
“Several actions are being taken or already implemented to allow the EU and member states to react quickly, efficiently and in coordination in case of attacks,” according to an internal report by a European security service seen by AFP.
“But for now they are mainly declarations of intent that have yet to be tested,” it said.
One cyber-spying group in particular — known as APT28, Pawn Storm, Fancy Bear or other monikers — is thought to have staged many of the recent attacks targeting European institutions and political groups, including NATO and the German parliament.
The common thread in all these attacks “is the exfiltration of information without being detected,” said Loic Guezo of the Japanese IT security firm Trend Micro.
“The group suspected in these operations always targets Western institutions involved in elections or political decision-making in Western countries that could have an impact on Russian government policy,” Guezo said.
The stolen data is then strategically leaked to discredit their target.
“The advantage is that because it’s intercepted information, it gives people the impression that they have access to the ‘truth’, to raw, unfiltered information,” according to a recent report by the French foreign and defence ministries.
While that may indeed be the case, often the stolen data is first tweaked or manipulated before being leaked and spread by viral social media campaigns.
– ‘Information arsenal’ –
“Russia has developed an information arsenal, with manipulation strategies that use bots and fake accounts” to propel the disinformation into the mainstream media, said Kevin Limonier, a researcher at the French Geopolitical Institute in Paris.
Media outlets and personalities are then charged with amplifying the leaked data or misinformation into the mainstream.
Limonier described “an ecosystem revolving around a few structures in Russia, hidden behind shell companies, that lead to Yevgeny Prigozhin,” a businessman with close ties to Russian President Vladimir Putin.
Such campaigns could be even more disruptive in an increasingly polarised Europe, where bitter divisions have emerged over the arrival of hundreds of thousands of migrants since 2015.
A recent French study, for example, found that “yellow vest” anti-government protesters are more prone than other citizens to conspiracy theories, including a belief that establishment elites are organising mass immigration to replace native populations.
Given the risks, French authorities in particular plan to move much more aggressively to keep potential interference efforts from crossing “red lines,” an intelligence agency source told AFP.
“But you have to be careful, because the more you publicise this war, the more you risk making the threat seem bigger than it is,” Limonier said.