Skip to content

Trending tags

The Best Defense Against Election Hacks?

Jason Sattler

10.05.17 5 min. read

You could argue that the attempt to “hack” the French elections was a failure.

This argument makes sense because Emmanuel Macron — the target of the a leak of hacked documents revealed just hours before the “silent period” of the campaign began — won the presidency by a larger margin than predicted by the polls. This is the exact opposite result of 2016’s U.S. election, which saw Hillary Clinton shockingly defeated after years of her campaign chairman’s emails were leaked.

Of course, there’s no evidence that any votes in either election were “hacked.” Campaign officials’ email accounts, in both cases, were compromised, in attempt to cast doubt on the candidates’ motives, the validity of the elections and possibly democracy itself.

These kinds of disinformation campaigns, Laura Galante argues, turn the greatest asset of free societies — an open mind — against itself. And this latest cyber intrusion into a election proves that hackers are refining their techniques for using cyber intrusions to spread uncertainty like a virus.

The stolen data — which was related to the Marcon campaign but did not include any emails from the candidate himself — was presented to the press in a way that maximized doubt and media coverage. Likewise, the decision to release the emails when the candidate was about to be silenced by law could have effectively dominated social media conversation for the hours leading up to the vote.

If the hacks failed, that’s because the French proved particularly adept at minimizing foreign interference into their elections due to press restraint combined with government warnings to the media. Some old-fashioned French cynicism, knowledge of what had happened in the U.S. and a lack of any truly scintillating stories probably didn’t hurt either.

Marcon’s campaign also scored a PR win by casting doubt on the leaks by suggesting that it had planted fake documents and phished credentials for the hackers. But it’s unlikely the campaign had more time or resources to spend on fooling the hackers than the hackers did to try to penetrate the campaign’s networks accounts, if the attackers behind the hack were truly backed by a nation-state, as one report suggests.

If you believe the report from U.S. intelligence community on the 2016 election interference offered earlier this year, Russia spends $200 million a year on “disinformation and propaganda” — about 4 percent of the cost of one new aircraft carrier. Of course, only circumstantial evidence connects Russia to both the Clinton and Marcon attacks. Evidence pointing to FancyBear, a hacking group that may be associated with Russian military, was found in the hack of the Democratic National Committee in 2015 and the Marcon hack, but definitive attribution of the leaked materials is nearly impossible.

“Does it even matter who hacked it?”

This was Vladimir Putin answer last year when Bloomberg TV was asked who hacked the Democrats during the 2016 U.S. election, F-Secure Chief Research Officer Mikko Hypponen pointed out during his speech on hackers and politics at Web Summit earlier this year.

“The important thing is the content of the emails,” Putin said. “There’s no need to distract the public about who did it.”

President Donald Trump’s assertions that we can’t know who hacked the Democrats — it could be China, a 14-year old kid or a 400-pound guy in New Jersey — have been roundly mocked. But they aren’t entirely untrue.

The fact that the leaders of two of the most powerful nations on Earth seem unwilling to take any definitive stand on these attempts to meddle in democracy combined with the plausible deniability inherent in nearly all cyber attacks suggest that at least one candidate in Germany’s upcoming election can expect to be the target of a hack.

What should German politicians, especially ones that may not be particularly popular in Moscow, do to secure their data?

First, get your security basics right:

  • Strong, unique passwords
  • Two-factor authentication on everything
  • Keep sensitive information out of your inbox

These attacks — like the attacks that have made ransomware an epidemic — aren’t all that advanced or even new. And they mostly succeed, like ransomware attacks, because you only need one person in your organization to make an error that can expose a wealth of email or possibly even a poorly secured network, along with terabytes of data.

And even if your security is perfect, which it never is, that may not be enough. Any organization that you or your campaign deals with may also be target. A large dump of data, no matter what is inside it, can seem incriminating in itself. And hacking a campaign isn’t the only way to sew doubt about an election.

That’s why the only to truly neutralize these attacks it to educate the public to dull the impact of such leaks.

How you do that seems unique to each country and depends a lot on how partisan and fractured the media landscape is in each country. Already, there seems diminishing returns for these hacks now that much of the public is aware of these patterns, as the element of surprise dims. Unfortunately for President Putin, voters seem increasingly interested in who did the hacks and why than the actual content of the leaks, which has tended to reveal the typical machinations of a high-stakes campaign.

But until the costs of hacking democracy are bigger than potential benefits, the public should expect the worst.


Jason Sattler

10.05.17 5 min. read


Related posts

Newsletter modal

Thank you for your interest towards F-Secure newsletter. You will shortly get an email to confirm the subscription.

Gated Content modal

Congratulations – You can now access the content by clicking the button below.