Descubre
Blog
Soporte
September 28, 2017
-
Anissa Khalid
,

A Closer Look at the German Election

Cyber Threat Intelligence
<p>On September 24th, 2017, federal elections took place in Germany to elect Germany’s next parliament, the 19th Bundestag. The Christian Democratic Union (CDU) won the majority of votes with 33%, making this Angela Merkel’s fourth term in office.</p><p>Merkel has been a steadfast supporter of the European Union, and much of the E.U.’s viability can be credited to Germany’s economic prowess and political stability. This made Germany an appealing yet somewhat challenging target for the likes of Russian President Vladimir Putin, whose <a href="https://www.anomali.com/blog/global-elections-global-problems">interference in Western elections</a> has unfolded in a dramatic and unprecedented fashion. The question on much of the world’s mind was, could the German election successfully be hacked?</p><p>There are two primary ways that modern elections can be interfered with. The most direct method is to attack the election apparatus itself which is often easier said than done unless you happen to be a dictator in control of the entities delivering election results. The other method, and the one that has been the most prolific, is to attempt to influence the electorate to support or oppose candidates or initiatives of the attacker’s choosing. With the rise of the Internet and social media, it’s not hard to spool up tons of fake social media accounts and use them to spread rumors, lies, or even amplify real news when it benefits attackers’ motives. It’s often hard to gauge the true impact of these efforts on election results, however; even for the attackers.</p><h3>A Tale of Election Software</h3><p>Many German states use a software created by vote iT to count votes from local and national elections, called PC-Wahl. IT specialists Thorsten Schröder, Linus Neumann and Martin Tschirsich <a href="http://www.dw.com/en/hackers-find-flaws-in-german-election-vote-counting-software/a-40405681" target="_blank">analyzed the software and found numerous security flaws</a>. Neumann is quoted as stating "We did this in our spare time. Everybody's worried about state sponsors and professional hackers – if we can do this in a couple of evenings of sitting around in our apartments, you can imagine how easily this could be accomplished by a state actor."</p><p>Vote iT told German news magazine Der Spiegel that there were “no security-related weaknesses in the software.” Nevertheless, patches were soon issued. German hacker collective Chaos Computer Club (CCC) corroborated these findings, releasing a <a href="https://ccc.de/system/uploads/230/original/PC-Wahl_Bericht_CCC.pdf" target="_blank">report warning that this software is easily manipulated</a>. Passwords were either found online or easily guessed, and encryption methods were out of date. Germany’s top technology security agency, BSI, later ordered PC-Wahl’s security to be improved.</p><p><a href="https://www.bloomberg.com/news/articles/2017-09-07/white-hat-hackers-expose-security-gaps-in-german-voting-software" target="_blank">CCC previously uncovered vulnerabilities</a> in German election voting systems in 2006 by circumventing their security measures and reprogramming voting computers to play chess. The German Federal Constitutional Court has since eliminated use of voting computers, resulting in the return to pen and paper votes.</p><p>As a result of the move back to pen and paper, attacking the election apparatus in German elections poses a particular challenge. This analog system would require significant resources to affect the outcome of the election if trying to boost numbers directly at the polls.  <a href="http://www.dw.com/en/how-does-the-german-general-election-work/a-37805756" target="_blank">Each voter casts two votes</a> in a system that blends an additional member system with elements of a first-past-the-post system. Parties must win at least 5% of the second vote to enter parliament, a mandate put down to prevent splinter parties from bogging down the government such as with the Weimar Republic of the 1920s. The Weimar Republic was characterized by instability and short governing terms due to a large number of political parties that failed to compromise on key issues.</p><p>Individual voters, therefore, do not directly cast a ballot for the new chancellor as voters do for the President of the United States. Within the U.S. a disparity of results between the popular vote and electoral college is a sometimes expected, if not frustrating event for many voters. Any disparity of reported results and actual votes in Germany would instead incite a resoundingly more chaotic result, potentially leading to calls for another election.</p><p>Should someone look to meddle with the German election, their only realistic option would be to interfere with the software responsible for tallying or reporting the results. Votes are collected and disseminated through digitized means determined by each region. And, although the paper votes could always be recounted, any strife would likely degrade confidence in the democratic system.</p><h3>All Quiet on the Western (and Eastern) Front</h3><p>Russia’s two main weapons in the past round of Western elections have been cyber-attacks and misinformation. Merkel herself has directly <a href="http://www.dw.com/en/merkel-warns-of-russian-cyber-attacks-in-german-elections/a-36314197" target="_blank">warned of Russian cyber-attacks</a>, and for good reason.</p><p>In 2015, criminals stole 16 gigabytes of data from the German parliamentary network. Security firm Trend Micro Inc. <a href="https://blog.trendmicro.de/pawn-storm-nimmt-cdu-ins-visier/" target="_blank">linked the Bundestag attack</a> to a group with ties to Russia known as Pawn Storm.</p><p>Surprisingly, nothing has come of those linked documents, not even leading up to this pivotal election. Many believe that it’s possible the hackers couldn’t sift through the millions of emails to find anything salacious, or simply didn’t believe that exposing the information would have any substantial effect.</p><p>There was one flurry of cyber activity leading up to the election - sources close to Merkel reported that thousands of cyber-attacks hit Merkel’s website on the night of her campaign’s only nationally televised debate. Many of these attacks appeared to come from Russian IP addresses, although whether or not these were actually Russian attackers is <a href="https://www.anomali.com/blog/ips-arent-people">difficult to attribute</a>.</p><h3>Misinformation Nation</h3><p>The latter of Russia’s attack vectors, the spread of misinformation, is far easier to attribute. One of the more famous examples from the last year was the circulation by Pro-Russian news outlets of a story about a Russian-German girl who claimed to be kidnapped and raped by Arab migrants. She later recanted the story and confessed to having left home of her own volition, and to having made up the connection with any Arab men. Public outrage at the supposed story caused Germans to accuse Moscow of “political propaganda.”</p><p>Germany has taken a very firm stance against misinformation, directly calling out examples as they arise. In June of this year German lawmakers passed legislation that penalizes companies that fail to remove fake news from their websites with mutimillion-euro fines.</p><p>It’s no surprise though that Russia would attempt to highlight issues with integrating refugees, which remains a highly contested topic within Europe. Heightened tensions have increased support for the far-right, populist, and anti-immigrant Alternative for Germany (AfD), which won a landmark 13% of the vote. As with other far-right groups, the AfD also favors the abolishment of the European Union, and is staunchly anti-Muslim. This is the first time since 1961 that a <a href="http://www.cnn.com/2017/09/24/europe/german-election-results/index.html" target="_blank">far-right party has entered the Bundestag</a>.</p><p>Like many European countries, German political parties must form a coalition to create a majority governing body. To date, all parties have claimed they would not form such a coalition with the AfD. Merkel’s CDU party and traditional coalition allies now account for 45% of the overall vote, meaning that she will likely form a coalition with the Liberal Free Democrats (FDP) and the Greens. Such a coalition between parties from both the left and the right may struggle to be legislatively effective.</p><p>After preliminary results came out on the 24th, <a href="http://www.cnn.com/2017/09/24/europe/german-election-results/index.html" target="_blank">protesters positioned themselves in front of the AfD’s headquarters</a>, chanting “Nazis out!” and “say it loud, say it clear, refugees are welcome here!”.</p><h3>Final Thoughts on German Election Interference</h3><p>There were likely are a few unique and uncopiable factors keeping the peace before the German election:</p><ul><li>Germany took adequate security precautions</li><li>Russians overplayed their hand in previous elections</li><li>Merkel’s victory was very secure, making any last-minute upsets suspicious</li><li>Germany is a strong economic partner, and antagonizing Merkel could weaken trade relations</li></ul><p>Within these past elections Russia’s aim has undoubtedly been destabilization of Western alliances and building economic strength. An election is an excellent opportunity to apply influence that favors these outcomes. Russia has developed a particular proficiency in the area of voter influence.. What’s alarming is how simple the method they use really is. Evidence was found of <a href="http://mashable.com/2017/09/25/russia-botnet-german-election-twitter/#ulGsGclHNiqd" target="_blank">Twitter bots attempting to boost claims of voter fraud</a> going into the German election. Far-right Alternative for Germany (AfD) supporters  tweeted #Wahlbetrug (#ElectionFraud) in the week before the election, and the hashtag rose significantly in popularity the Friday and Saturday before voting day. This hashtag further degraded confidence in election results, whatever those results were going to be. Researchers claim the traffic was boosted by a Russian network of bots.</p><h3>Speaking of Bots</h3><p>Bots are everywhere. Bots are just pieces of code meant to automatically perform certain tasks or carry out commands. Not all bots are malicious or political in nature, but they can be used to amplify or distort arguments when applied to social media. It’s generally not too hard to tell if a social media account is, in fact, a bot and not representative of an actual human being. For example, there are a few questions one could ask to help determine if a Twitter account is actually a bot:</p><ul><li>Is an account posting too frequently, such as more than 50 times per day?</li><li>Does the account not reveal any personal information?</li><li>What kind of posts are they retweeting? Where are these posts originating?</li><li>Do they use a unique photo for their avatar?</li></ul><h3>Election Reality</h3><p>As a result of suspected interference in recent elections, we now find ourselves wondering if attackers will attempt to manipulate each major election. It may be the case that, for whatever reasoning, the recent German election seems to have been spared of any significant attempts at outside manipulation. Regardless, there will be more major elections soon in Western countries and we will once again be asking ourselves if attackers will try to influence the results.</p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.
Subscribe Today
__wf_reserved_heredar
__wf_reserved_heredar

Explore more topics

Anomali
Anomali Copilot
Anomali Cyber Watch
Anomali Match
Anomali Security Operations Platform
Compliance
Cyber Threat Intelligence
ISAC
Malware
Modern Honey Network
Research
SIEM
SOAR
STAXX
Splunk
Threat Intelligence Platform
ThreatStream
UEBA
Cyber Threat Intelligence
__wf_reserved_heredar