In a recent blogpost, Microsoft announced that Fancy Bear hackers are ramping up their efforts to influence the upcoming European parliamentary elections through cyber espionage and disinformation. The Russian-affiliated group, also referred to as Strontium or APT28, are best known for their hack of the Democratic National Committee during the 2016 US presidential elections. The persistent and growing attacks demonstrate the need to fill the gaping security holes in the European democratic system before 350 million voters head to the polls.
The Efficiency of Russian Cyber Attacks
Fancy Bear represents one of the elite Advanced Persistent Threat groups (APT) coming out of Russia, whose ability for total disruption cannot be underestimated. Cybersecurity company CrowdStrike reported this year that Russian APTs have an average “breakout” time of just over 18 minutes to go from initial compromise to lateral movement within the network. This is almost eight times faster than the second-place APTs from North Korea, with an average time of 2 hours and 20 minutes.
Fancy Bear alone has been named responsible for the phishing and hacking attacks that took place during the French and German presidential elections in 2017, the hack of Republican think-tanks in 2018 and the data breach within Germany’s Parliament in 2015, to name a few. The group launches wide-spread and highly effective espionage and influence campaigns to sow chaos and discord around the world.
In this recent event, Microsoft claims it detected attacks targeting the credentials of 104 employees in Belgium, France, Germany, Poland, Romania and Serbia, using malicious websites and phishing emails. The employees were from a variety of think-tanks and non-profit organisations, many of which focused on trans-Atlantic policies, democracy and electoral integrity. Such information would be valuable for hackers as these employees often have close contact with government officials.
The group is widely believed to be affiliated with Russian military intelligence, despite Russia’s denial of any connections. Regardless, former NATO Secretary-General Anders Fogh Rasmussen pointed directly at Russia as a “major malign actor” in what he expects to be an unprecedented disruption of the European parliamentary elections. Rasmussen was also quick to point out “other malign actors might have learned lessons from the Russian playbook, including China or Iran”.
Are They Adequately Prepared & Protected?
In the blog post, Microsoft emphasized how crucial it was that “organizations underpinning the democratic process have access to state-of-the-art cybersecurity protection”. Cybersecurity experts met ahead of the Munich Security Conference (MSC) to discuss the vulnerabilities in Europe’s critical infrastructure, pointing out the unacceptably high amount of chinks in the armour.
Oliver Rolofs, Co-Founder of the MSC, found that the issue comes down to a lack of a single authority for cybersecurity, stressing the need to create an agency capable of orchestrating all responses to a potential risk. Similarly, the Chair of the Global Commission on the Stability of Cyberspace (GCSC), Marina Kaljurand, explains that while there is increased political attention to the topic and greater awareness than 10 years ago, politicians across Europe are still not “aware to the level that we can be satisfied”. Politicians can no longer simply be Ministers of their specific field; instead they all must be IT ministers as well, Kaljurand states.
However, it is not only up to these individuals to protect themselves. Security experts, technology companies and social media sites are responsible for thwarting these attacks as well, and some are stepping up to the challenge. Facebook, for example, has recently announced new measures to prevent election meddling across the site by bolstering ad transparency and establishing new regional defence centres. From March onwards, political and issue ads will need special authorisation before their launch and will also require a “paid for by” disclaimer which will link to a public searchable database showing who paid for the add, how much and what type of people viewed it.
Then there is Cloudflare, the San Francisco based security company offering the Athenian Project – a free cloud service to any US election authority for the 2018 polls.
Similarly, Microsoft recently ramped up security by developing AccountGuard, a “state-of-the-art cybersecurity service available at no extra cost to all political candidates, parties, and campaign offices operating at a local or national level. It is also available to think tanks, non-profits, and non-governmental organizations working on issues related to democracy and electoral integrity”.
Can It Ever Be Stopped?
These attacks are an epidemic, and the battle has been waging for years. In August last year, Microsoft announced that it had taken down 84 websites associated with Fancy Bear, using the sinkholing technique. The company has had a specialised team in charge of conducting these counter-attacks for years, working carefully to gain domain control quietly and conduct reconnaissance before bringing the site down for good.
While the efforts are effective, they are not capable of stopping the unending torrent of attacks from the multitude of adversaries they face. It’s almost akin to fighting a house fire with a bucket of water. Well-resourced and motivated threat actors will forge ahead continuously, evolving their attacks and finding new ways to manipulate and influence their targets. Alone, companies like Microsoft and Facebook can only slow down these attacks or make them less effective. Together, however, this could be different. In the end, stopping them may be impossible but it is undeniable that a more concerted effort from experts, specialists, technologists, scientists, staff members and affiliates would make a huge impact in protecting the integrity of elections.
Author: Elsa Chapple, Agilient Consultant