Russia launched ambitious cyberattacks during the recent German elections. The offensive flopped.
Germany’s cyber defenses proved resilient. Russian disinformation attempts failed to find strong audiences. German voters rejected extremists and crowded the center in the September 26 election.
Ahead of the ballot, a hacker group known as “Ghostwriter” targeted Bundestag MPs with widescale phishing attacks. Ghostwriter aimed to collect compromising private dirt on the parliamentarians, according to German Interior Ministry officials, who linked the hackers to the Russian secret service, the GRU.
Although the Russian attacks were designed to collect ammunition for disinformation campaigns, no incriminating data about German MPs were leaked — neither during the election campaign nor during the current ongoing coalition talks.
Ahead of the election, German security authorities identified MPs as the weakest link in the country’s cyber defense. Various institutions — including the Federal Office for Information Security (BSI) and the Federal Office for the Protection of the Constitution (BfV) — erected strong defenses. They began tracking Russian cyber-attacks back in 2017 and warned Bundestag and family members that they were at risk of kompromat.
When the Russians struck, the authorities responded fast. A pre-election attack on the data systems and servers of the Federal Statistics office — whose director serves as the Federal Election commissioner — was identified and plugged before the hackers stole any data.
Germany also poured political pressure on Russia. It encouraged the European Union to step up and the EU’s chief diplomat, Josep Borrell, condemned the attacks against Germany, calling them a threat to European “democratic values and principles.”
Admittedly, it remains unclear whether the combined German cyber defense and EU diplomatic offensive beat back the Russians, or whether the Russians refrained on purpose from spreading kompromat. Ghostwriter attacks are easily recognized and attributed to Russia since the group does not disguise its attacks. In its offensive against German MPs, Ghostwriter did not wield elaborate hacking methods, relying instead on simple phishing.
According to cybersecurity experts, Russia could calculate that the attacks served a useful purpose even if they failed. The more Western media and policymakers talk about Russian capabilities to influence elections, the more Russia can portray itself as being a formidable cyber power.
Despite their success, the Germans themselves preach vigilance. Thomas Haldenwang, BfV President, has warned in the newspaper Frankfurter Allgemeine Zeitung that Russian hackers could take advantage of the inexperience of new Bundestag members.
The West feeds this Russian “great cyberpower” narrative by failing to respond with force. European strategy in countering Russian cyberattacks often consists of naming and shaming, without any concrete countermeasures.
The US also appeases. Washington recently shared sensitive information with the Russian National Coordination Center on Computer Incidents, which was created by the director of the FSB secret service. While the US aims at fostering cooperation with the Kremlin, the center has a well-documented history of cooperation with Russian hackers.
Recent developments in Europe could prove to be a game-changer. In 2020, the EU-imposed sanctions following cyberattacks on several occasions and it has prolonged sanctions against Russian hackers until May 2022. “Functioning deterrence can be achieved when the adversaries have a better awareness of the possible countermeasures,” argues Urmas Paet, the former Estonian Foreign Minister and now a European parliamentarian specializing in cybersecurity.
Europe’s sanctions process remains weak and lengthy, as all the 27 EU member states must unanimously agree. Governments have implemented the bloc’s inaugural 2017 cybersecurity directive in different ways. Paet and other European lawmakers want to ensure uniform compliance and reinforce the sanctions tools. The European Commission proposed a new law last month to expand the number of “essential sectors” which are obliged to implement cyber defense measures.
It remains to be seen whether Europe will succeed in enforcing its cyber defense. But, as the German electoral experience shows, it is possible to beat back Russian hacking, provided strong, rapid measures are put in place.
Oliver Noyan is the Germany correspondent for Euractiv.
November 15, 2021