Hacker attacks and disinformation campaigns could influence the federal elections, experts warn. The first incidents show that the threat is real.
Attacks increased every time the delegates voted online. When the CDU elected a new party leadership online in January, hackers attempted a series of massive cyber attacks to plunge the online party conference into chaos. The attackers, mostly from abroad, repeatedly bombarded the party’s website in order to breach its server. The attempt was successful: the page shut down. The live stream of the event suspended.
Eventually the party succeeded to restore the connection by blocking access from abroad as well as from some locations within the country. Delegates, unaffected by the attacks, meanwhile, voted for their new party leader through a voting system that ran on a separate server – a security measure to protect the process.
The repulsed attack shows that Germany is facing the cyber threats this year with six Landtag elections and the Bundestag election in September. “The threat level in cyberspace remains high,” says a spokesperson for the The Federal Office for Information Security (BSI). The BSI observed an increase in both hacker attacks and data leaks. Both could “have an impact on the various elections this year.”
Microsoft, which advises German authorities on securing the election campaign against cyber threats, also warns that attackers are increasingly combining more than one strategy. Cyber threat can be thought of as a triple threat. First, that is hacking. Due to Corona restrictions, parties are planning to organise a lot of events within their election campaign online instead of holding them on the streets. That makes them vulnerable to attacks like that one during the CDU federal party congress.
Attackers could also try to disrupt the September election process by hacking programs used to count ballot papers or provide initial results. The BSI therefore advises authorities and candidates on how they can protect themselves better.
But even the best security measures do not help against the second central threat that experts warn against: the dissemination of misleading or false information within the network in order to manipulate the minds or behavior of voters.
Tankred Schipanski, CDU/CSU spokesman on digital policy in the Bundestag, calls such disinformation campaigns “our greatest challenge” and emphasizes that they are “often organized and financed by foreign states, (…) but domestic actors such as the AfD in particular contribute to the spread”.
According to studies, in 2017 the spread of false information online helped the right-wing populist party to win votes before it entered the Bundestag. Campaigns that use disinformation to influence public opinion formation are skyrocketing around the world. Many are now so professional and complex that experts speak of an “infodemy”.
And then there is a third form of cyber threat: complex so-called “hybrid attacks” that mix hacking with information campaigns. According to Microsoft, “phishing” attacks have increased and become more professional, with actors who “operate from Russia and China, but also from North Korea and Iran (…) staying behind the majority of attacks on our customers worldwide,” says Neutze.
And “it is legitimate to say that actors from these countries all have both the skills and, at least partially, a geopolitical interest to become active in the federal elections,” said Neutze. Stolen information is later leaked online. Once online, it develops a life of its own. Internet users share it in social networks or on messenger services, usually without knowing where they come from. As soon as they reach a certain number of people, they are picked up by political candidates or commentators with a large online following. In turn, it is quoted then by professional journalists. This is how the stolen information reaches the mass media from the depths of the Internet. The fact that the stolen information is often not false per se but authentic to some extent being deliberately falsified or taken out of context in order to cause the greatest possible damage makes the fight against such “hybrid” campaigns particularly difficult.
The situation is made even more complicated by the fact that – apart from the rules that social media themselves have for their platforms – political online election campaigns in Germany are practically unregulated.
Strict election campaign rules for the analog world are unsuitable for the network. A new set of rules for digital election campaigns proposed by the European Union will come into force in a few years at the earliest. And for national legislation in Germany it is too late in view of the upcoming elections.
Behind the scenes discussions about whether parties – and possibly also social platforms – agree on a common, voluntary code of conduct for the election campaign are going on.
This could, for example, include an obligation to mark every online political advertising as such or to pass up purchased followers and likes. A decision in this regard could be adopted in the upcoming weeks, and if certain parties refuse to take part in it, that speaks volumes.