Cybersecurity | News | Attack Vectors
Hacked servers, leaked emails, millions of fabricated social media content and attacks on voting computers – these are the digital ways in which attempts were made to influence the last two US elections from the outside. In the run-up to the Bundestag elections, the question also arises in Germany: Can cybercriminals manipulate our elections? And if so, how? What are their strategies? And who can protect themselves and how? We give a small overview here.
How do you hack a paper-based election?
There are no voting computers in Germany. Whether in the polling booth or by mail, voting is done on paper. As a result, the election itself cannot be manipulated by cybercriminals. The crosses on our ballot papers remain where we made them.
Even the counting of the official final result cannot be manipulated by cybercriminals. This is because it is also recorded and transmitted in paper form. Because the ballot papers are physically available, the result is also verifiable.
Since the election itself cannot be hacked, cybercriminals mainly start before and after voting. They try to influence who gets more or fewer votes. In addition, their goal is to shake confidence in the candidates, the election and its results.
Important strategies of cybercriminals at a glance
It can be assumed that other states or their intelligence services are behind many cybercriminal attempts to manipulate elections. These acts of manipulation are not so much about a particular person winning or losing the election. Rather, the system behind the election – democracy – is to be attacked and weakened.
To put it very, very briefly, the overarching strategy is: If democracy is the rule of the people, it can be brought down by dividing the people. By exacerbating existing social conflicts and undermining the credibility of democratic processes and those standing for election. This strategy of political sabotage is not new. But the digital world offers it new means:
Disinformation: Creating confusion, fueling conflicts
Lies spread rapidly, the truth lags behind. Jonathan Swift had this insight as early as 1710 and in the digital world it is more true than ever. Lies, fake news and misinformation spread particularly quickly on social media. Fact checks and corrections, on the other hand, take time. They must be formulated responsibly and often start with basic knowledge of certain processes.
Regardless of the corrections, the misinformation continues to circulate. They achieve their goal when they affirm people in extreme attitudes, sow doubts or even just cause confusion, which is expressed, for example, in sentences such as “Who should we still believe?”
Targets: Each and every one of them.
Protection strategies: Common sense and targeted mistrust. In the case of specific misinformation about the Bundestag election, for example, look for a Correction of the Federal Returning Officers. More information for Voters, especially on the topic of fake news, are offered by the Federal Office for Information Security (BSI).
Discrediting: Credibility deliberately undermined
The candidates are also in the sights of the cybercriminals. Currently, many attempts are being observed to access candidates’ computers, data or email accounts through phishing emails. This is typical of so-called “hack and leak” operations. In the process, data is stolen and later published with the aim of discrediting. The published content can be authentic, misleading, mixed with fake content, or outright fakes such as deep fakes. The goal is not to make revelations, but to undermine the credibility of the candidates.
The same applies if fake messages are published in the name of the candidates, e.g. in a hacked Twitter account.
Targets: The candidates.
Protection strategies: Special attention to cybersecurity and phishing emails in particular. The candidates are warned by the security authorities of concrete waves of attacks.
Further information on how to increase IT security for candidates is provided by the BSI.
Attention: Relatives, partners, friends and acquaintances of the candidates can also be attacked by cybercriminals. If you are one of them, we recommend increased vigilance.
Sabotage: Stoking fears
As I said before, the election itself cannot be hacked because it is completely paper-based. But who knows for sure? In this regard, cybercriminal acts of sabotage can fuel existing fears and insecurities. For example, if cybercriminals succeed in hacking or disrupting virtual election campaign events.
Even if the preliminary results are announced immediately after the election, acts of sabotage by cybercriminals are at least theoretically possible. This is because for the provisional election result, the counts of the polling stations are not transmitted by post, but as quickly as possible – for example by telephone or e-mail. In order to bring together all the results, the counts of the individual polling stations are first bundled at the municipal level, then at the district level, then at the state level. Wherever electronic transmission takes place in this multi-stage process, attacks by cybercriminals are theoretically possible. But even if they were successful, they cannot change the official final result, which is checked and determined by mail and paper.
Targets: The electronic infrastructure of the electoral process. Phishing emails can also be used to steal access data, for example.
Conservation strategies: Increased attention to all parties involved, technical measures and education of the population to eliminate uncertainties.
Conclusion: Cybersecurity also protects a functioning democracy
As an IT security company, we at Perseus are committed to more cybersecurity every day. This is usually about protecting companies and their customers. However, the Bundestag election shows once again that raising awareness of phishing attacks, updates, security vulnerabilities and the like also has a political dimension. Not only when it comes to defending against industrial espionage and blackmail, but also when it comes to attacks on democracy.
The protective measures of personal and internal company cybersecurity are similar in many respects to the protective measures that are now important for candidates in the Bundestag election. We also advise all those who are not currently running for political office to familiarize themselves with these measures and use them for themselves.
Cyber security | News | Attack vectors
Hacked servers, leaked emails, millions of fabricated social media posts and attacks on voting machines – these are some of the digital methods used to try to influence the last two US elections from outside the country. With the German federal election coming up, the question arises: Can cybercriminals manipulate our elections? And if so, how? What are their strategies? And who can protect themselves, and how? Here we provide a brief overview.
How do you hack a paper-based election?
There are no electronic voting machines in Germany. Whether in the voting booth or by post, votes are cast on paper. This means that the election itself cannot be manipulated by cybercriminals. The crosses on our ballot papers stay where we put them.
The counting of the official final results cannot be manipulated by cybercriminals either. This is because it is also recorded and transmitted in paper form. Because the ballot papers are physically present, the result can also be verified.
Since the election itself cannot be hacked, cybercriminals mainly target the period before and after the vote. They try to influence who receives more or fewer votes. Their ultimate goal is to undermine confidence in the candidates, the election and its results.
An overview of important strategies used by cybercriminals
It can be assumed that other countries or their intelligence services are behind many cybercriminal attempts to manipulate elections. These acts of manipulation are not so much about a particular person winning or losing the election. Rather, the aim is to attack and weaken the system behind the election – democracy.
In a nutshell, the overall strategy is this: if democracy is rule by the people, it can be brought down by dividing the people. By exacerbating existing social conflicts and undermining the credibility of democratic processes and those standing for election. This strategy of political sabotage is not new. But the digital world offers new means of achieving it:
Disinformation: creating confusion, fuelling conflict
Lies spread rapidly, and the truth lags behind. Jonathan Swift recognised this as early as 1710, and it is truer than ever in the digital world. Lies, fake news and misinformation spread particularly quickly on social media. Fact-checking and corrections, on the other hand, take time. They must be formulated responsibly and often start with basic knowledge about certain processes.
Regardless of the corrections, misinformation continues to circulate. It achieves its goal when it confirms people’s extreme views, sows doubt or simply causes confusion, which is expressed, for example, in statements such as ‘Who can you believe anymore?’
Targets: Everyone and anyone.
Protection strategies: Common sense and targeted scepticism. For specific misinformation about the federal election, look for a correction from the Federal Returning Officer. Further information for voters, especially on the topic of fake news, is available from the Federal Office for Information Security (BSI).
Discrediting: deliberately undermining credibility
Candidates are also being targeted by cybercriminals. Currently, there are many attempts to access candidates’ computers, data or email accounts through phishing emails. This is typical of so-called ‘hack & leak’ operations. Data is stolen and later published with the aim of discrediting the candidate. The published content may be authentic, taken out of context, mixed with fake content or completely fabricated, such as deep fakes. The aim is not to reveal anything, but to undermine the credibility of the candidates.
The same applies if fake messages are published in the name of candidates, e.g. on a hacked Twitter account.
Targets: The candidates.
Protection strategies: Pay particular attention to cyber security and especially phishing emails. Candidates are warned by the security authorities about specific waves of attacks.
Further information on increasing IT security for candidates is available from the BSI.
Please note: Relatives, partners, friends and acquaintances of candidates may also be targeted by cybercriminals. If you are one of these people, we recommend increased vigilance.
Sabotage: stirring up fears
As already mentioned, the election itself cannot be hacked because it is entirely paper-based. But who can be sure? In this regard, cybercriminals can use acts of sabotage to fuel existing fears and uncertainties. For example, if cybercriminals succeed in hacking or disrupting virtual campaign events.
Even when the preliminary results are announced immediately after the election, acts of sabotage by cybercriminals are at least theoretically possible. This is because the preliminary election results are not transmitted by post, but as quickly as possible – for example, by telephone or email. To consolidate all the results, the counts from the individual polling stations are first pooled at municipal level, then at district level and finally at state level. Cybercriminals could theoretically launch attacks at any point in this multi-stage process where electronic transmission takes place. But even if they were successful, they would not be able to change the official final result, which is determined by post and paper.
Targets: The electronic infrastructure of the election process.
Phishing emails can also be used to steal access data, for example.
Protection strategies: Increased awareness among all parties involved, technical measures and public education to eliminate uncertainties.
Conclusion: Cybersecurity also protects a functioning democracy
As an IT security company, we at Perseus are committed to greater cybersecurity every day. This usually involves protecting companies and their customers. However, the federal elections have once again shown that raising awareness of phishing attacks, updates, security vulnerabilities and the like also has a political dimension. This is not only true when it comes to defending against industrial espionage and blackmail, but also when it comes to attacks on democracy.
The protective measures for personal and internal corporate cyber security are similar in many respects to the protective measures that are now important for candidates in the federal election. We also advise anyone who is not currently running for political office to familiarise themselves with these measures and use them for their own benefit.
