Articles about voting issues in Europe.

United Kingdom: Hackers hit UK political parties with back-to-back cyberattacks | Jack Stubbs/Reuters

Hackers hit Britain’s two main political parties with back-to-back cyberattacks on Tuesday, sources told Reuters, attempting to force political websites offline with a flood of malicious traffic just weeks ahead of a national election. The attacks come after Britain’s security agencies have warned that Russia and other countries may attempt to disrupt the Dec. 12 vote with cyberattacks or divisive political messages on social media, a charge Moscow denies. The opposition Labour Party said on Tuesday morning it had “experienced a sophisticated and large-scale cyberattack on Labour digital platforms,” but that the attack was repelled and no data was compromised. Just hours later, the party’s website and other online services came under a second digital bombardment, followed by a third attack on the website of the governing Conservative Party shortly before 1600 GMT, according to two people with knowledge of the matter and documents seen by Reuters. The sources said there was currently nothing to link the attacks on either party to a foreign state. One of sources said the attack on the Conservatives was larger and appeared to be conducted by different hackers, but did not take down any party websites.

Full Article: Hackers hit UK political parties with back-to-back cyberattacks - Reuters.

United Kingdom: Labour Party hit by second cyber-attack | BBC

Labour is reportedly suffering a second cyber-attack after saying it successfully thwarted one on Monday. The party says it has “ongoing security processes in place” so users “may be experiencing some differences”, which it is dealing with “quickly”. The Distributed Denial of Service (DDoS) attack floods a computer server with traffic to try to take it offline. The BBC’s Gordon Corera has been told Monday’s attack was not linked to a state. Earlier, a Labour source said that attacks came from computers in Russia and Brazil. Our security correspondent said he had been told the first attack was a low-level incident – not a large-scale and sophisticated attack. A National Cyber Security Centre spokesman said the Labour Party followed the correct procedure and notified them swiftly of Monday’s cyber-attack, adding: “The attack was not successful and the incident is now closed.” Meanwhile, Labour has denied that there has been a data breach or a security flaw in its systems after the Times reported the party’s website had exposed the names of online donors.

Full Article: General election 2019: Labour Party hit by second cyber-attack - BBC News.

United Kingdom: Tech companies rush to fight misinformation ahead of UK vote | David Klepper & Dabica Kirka/Associated Press

Facebook is opening up a war room to quickly respond to election hoaxes. Twitter is banning political ads. Google plans to crack down on bogus videos on YouTube. Social media platforms say they are mounting a vigorous campaign against misinformation in the lead up to next month’s general election in the United Kingdom. But digital misinformation experts believe British voters remain vulnerable to the same type of misleading ads and phony claims that played a role in the vote to leave the European Union three years ago. Government inaction on online misinformation and digital ad regulations have added to the pressure internet companies are under as they face growing criticism for amplifying false claims during the run up to the 2016 Brexit referendum and the 2016 election in the U.S. Prime Minister Boris Johnson pushed for the snap Dec. 12 election, in which voters will choose 650 representatives to the House of Commons, hoping his Conservative Party will gain enough seats to break a stalemate over his plan to take Britain out of the EU. And with campaigns barely under way, falsehoods are already spreading online.

Full Article: Tech companies rush to fight misinformation ahead of UK vote.

Europe: On the front line in Europe’s war against Russian election interference | Ellie Zolfagharifard/The Telegraph

The hackers who fought against Russia in the first ever nationwide cyber attack are today hailed as heroes. “I’ve been to parties where people would discuss how they fought in the cyber war,” says Pactum’s Kristjan Korjus, with a combination of pride and envy. “They had to try to get to the main server rooms and hack for several days and nights… it was really cool.” It may not sound as dramatic as aiming a gun on a battlefield, but the work of these cyber warriors was crucial in thwarting a Russian assault that could have brought down a nation. Today, as the UK prepares for a General Election, Estonia believes Britain can learn from its efforts in defending against online attacks and misinformation. “This is a country that is on the front line of digital warfare,” says Scott Dodson, Lingvist’s chief growth officer, who moved from Seattle to Tallinn several years ago. “It’s kind of a fact of life that, you know, I don’t think people in the UK or the US really appreciate… essentially this region is kind of a firewall [against Russian attacks].” That’s partly thanks to Nato’s Cooperative Cyber Defence Centre of Excellence, codenamed K5, which sits in the shadow of grey Soviet high-rises in the suburbs of Tallinn.   Surrounded by barbed wire and armoured trucks, K5 looks like something out of a spy film. “We get people asking if they can tour this as part of their stag party all the time,” laughs Aari Lemmik, who heads up the centre’s communications team.

Full Article: On the front line in Europe’s war against Russian election interference.

United Kingdom: Prime Minister accused of cover-up over report on Russian meddling in UK politics | Dan Sabbagh and Luke Harding/The Guardian

Boris Johnson was on Monday night accused of presiding over a cover-up after it emerged that No 10 refused to clear the publication of a potentially incendiary report examining Russian infiltration in British politics, including the Conservative party. Downing Street indicated on Monday that it would not allow a 50-page dossier from the intelligence and security committee to be published before the election, prompting a string of complaints over its suppression. The committee’s chairman, Dominic Grieve, called the decision “jaw dropping”, saying no reason for the refusal had been given, while Labour and Scottish National party politicians accused No 10 of refusing to recognise the scale of Russian meddling. Fresh evidence has also emerged of attempts by the Kremlin to infiltrate the Conservatives by a senior Russian diplomat suspected of espionage, who spent five years in London cultivating leading Tories including Johnson himself.

Full Article: PM accused of cover-up over report on Russian meddling in UK politics | Politics | The Guardian.

Russia: The Russian attempt to swing 2020 for Trump | James Adams/Spectator USA

American intelligence is warning of a concerted effort overseen by Russian president Vladimir Putin to swing next year’s presidential election in favor of Donald Trump. Reports prepared by the National Security Agency and the Central Intelligence Agency are unequivocal, detailing a two-pronged Russian strategy: sow dissension inside America by manipulating social media and attack the voting process itself. There is also concern that a new front could be opened in this battle by the use of deepfakes, videos generated using artificial intelligence that recreate the image and voice of anyone, who can be made to say and do anything. The leading Democratic candidate, for example, could be seen to suggest pardoning Patrick Crusius, the man who killed 22 people in El Paso in August. Such fake videos are both easy to make and difficult to detect, and they could undermine any candidate. Already in the Democratic primaries, trolls have been hard at work influencing the conversation. One fake meme that proved popular, for example, declared that every Democratic candidate had changed his or her name. ‘Democrats are so fraudulent and corrupt that they don’t even use their real names with the American people,’ claimed the meme, which said Cory Booker’s real name is Tony Booger and Bernie Sanders’s is Bernard Gutman.

Full Article: The Russian attempt to swing 2020 for Trump | Spectator USA.

United Kingdom: How cyber criminals and fake news could ruin Britain’s next election | James Cook/The Telegraph

Elections in the UK are more likely to bring to mind visions of kindly pensioners in church halls ticking names off lists than shadowy hacking groups attempting to subvert democracy. But hackers, with terrifying powers to spread fake news on a massive scale, are fast becoming a reality of British politics. Last year, ahead of the local elections, the National Cyber Security Centre (NCSC), a division of spy agency GCHQ, published a starkly worded report for local authorities which warned of “insider activity” that could attempt to “manipulate or compromise electoral information or processes for financial gain [or] ideological reasons.” The report urged local authorities to make regular backups of the electoral roll and to keep these backups in secure facilities to make it more difficult for hackers to access them. Ask spies and security experts about the digital threat to elections and you’ll encounter the curious lexicon of intelligence agencies. Hackers are known as “threat actors” who engage in either overt or covert influence campaigns. And when hackers manage to break into a computer network, they typically create an “implant” which allows them to return or to funnel data out without anyone noticing. A series of government departments have found themselves at the frontline of the battle to keep elections secure. In recent months, committee hearings in the Houses of Parliament and briefings by spy agencies have outlined how the government keeps elections safe.

Full Article: How cyber criminals and fake news could ruin Britain's next election .

Europe: EU to take action against fake news and foreign electoral interference | Emerging Europe

MEPs have warned that foreign electoral interference seriously threatens European democratic societies to the benefit of anti-EU, right-wing extremist and populist forces. Attempts to influence decision-making in the EU will put European democratic societies at risk, the European Parliament declared in a resolution passed on October 10. Parliament points out that foreign interference has a systematic pattern, be it through campaigns on social media, cyber-attacks on infrastructure related to elections or financial support to political parties in the run-up to all major national and European elections. Much of this interference benefits anti-EU, extremist and populist candidates. Despite member states fully or partially banning foreign donations to political parties or candidates, foreign actors find ways to circumvent those rules, say MEPs, singling out cases of the Front National in France, and allegations reported by media on the Freedom Party in Austria, Lega in Italy and in the UK.

Full Article: EU to take action against fake news and foreign electoral interference - Emerging Europe | News, Intelligence, Community.

Russia: How Russian operatives also used Google to influence Americans in 2016 | Jeff Stone/CyberScoop

While Russian propagandists relied heavily on Facebook and Twitter to spread disinformation before the 2016 U.S. presidential election, a new congressional report elaborates on how they also used Google and YouTube to sway Americans’ public opinion in favor of Donald Trump. The Senate Intelligence Committee on Tuesday released a report detailing expansive, and ongoing, information warfare directed against American internet users. The 85-page explanation confirmed much of what was already known about Russian operations: a Kremlin-directed effort utilized an array of social media networks, with their targeted advertising capabilities, to provoke and confuse likely voters ahead of a contentious presidential election. Facebook, Instagram and Twitter were the most crucial aspects of this effort, though Russia’s Internet Research Agency also leveraged Google and its subsidiaries for its own gain. “Periodically, particularly in the context of fast breaking news, Google’s algorithm can elevate extremist content or disinformation to the top of certain searches,” the Senate report said. “Days after the 2016 presidential election, a falsified media account of President-elect Donald Trump having won the popular vote briefly ranked higher than stories that accurately reflected the U.S. popular vote result.”

Full Article: How Russian operatives also used Google to influence Americans in 2016.

Russia: CIA source pulled from Russia had confirmed Putin ordered 2016 meddling | Zack Budryk/The Hill

A CIA asset reportedly pulled from Russia in 2017 played a major role in the agency’s determination that Russian President Vladimir Putin personally ordered Moscow’s meddling in the 2016 election, according to The New York Times. The informant, while not in Putin’s inner circle, interacted with him regularly and was privy to decisionmaking at high levels of the Russian government, according to the Times. Information on the informant’s identity was so carefully guarded that it was kept out of then-President Obama’s daily security briefings in 2016, instead transmitted in separate sealed envelopes. In 2016, high-level CIA officials ordered a full review of the source’s record and grew suspicious he might have become a double agent after he rejected an offer of exfiltration from the agency, according to the Times. Other officials said these concerns were alleviated when the source was offered a second time and accepted.

Full Article: CIA source pulled from Russia had confirmed Putin ordered 2016 meddling: NY Times | TheHill.

Russia: Masked man tasers Russian election chief before regional vote | Reuters

A masked man broke into the home of Ella Pamfilova, the head of Russia’s Central Election Commission, in the early hours of Friday morning and repeatedly tasered her, Russia’s Ministry of Internal Affairs said. The attack came two days before Russians vote in regional elections, including in Moscow. The vote in the Russian capital has triggered weeks of protests after Pamfilova and her colleagues refused to register a slew of opposition-minded candidates. Election officials said the barred candidates had not collected enough genuine signatures to take part in Sunday’s election, an allegation the candidates denied. “The masked intruder broke in through a window and got onto the house’s terrace and repeatedly tasered the home owner (Pamfilova) and then fled,” the ministry said in a statement.

Full Article: Masked man tasers Russian election chief before regional vote - Reuters.

Russia: Anger over alleged Moscow election tampering spurs protest | Nataliya Vasilyeva/Associated Press

Thousands of people marched across central Moscow on Saturday to protest the exclusion of some city council candidates from the Russian capital’s local election, but did not result in riot police making mass arrests and giving beatings like at earlier demonstrations. Opposition-led protests erupted in Moscow this summer after election officials barred more than a dozen opposition and independent candidates from running in the Sept. 8 election for the Moscow city legislature. Some marchers on Saturday held placards demanding freedom for political prisoners: 14 people arrested in earlier protests face charges that could send them to prison for up to eight years. The only police seen along the route to Pushkin Square were traffic officers, a contrast to the previous unsanctioned demonstrations where phalanxes of helmeted, truncheon-wielding riot police confronted demonstrators. At earlier protests, authorities did not allow key opposition figures to get anywhere near the places they were held. Individuals were detained outside their homes and sent them to jail for calling for an unpermitted protest. This time, the protest leaders attended the gathering unhindered.

Full Article: Anger over alleged Moscow election tampering spurs protest - The Boston Globe.

United Kingdom: “Highly likely” cross-government cell will be used to monitor interference and threats if election called | Derek du Preez/Diginomica

Senior civil servants giving evidence to the House of Lords Committee on Democracy and Digital Technology today gave insight into cross-Government work being carried out to monitor interference, disinformation and threats during elections – including the creation of an ‘election cell’ on the day of voting. Natalie Bodek, the acting deputy director of the elections division within the Cabinet Office, and Sarah Connolly, director of security and online harms at DCMS, both shared insights into how the government is collaborating across departments and agencies, as well as with social media giants, to monitor interference. Defending democracy from misinformation and digital interference has become a huge area of concern for governments across the world. Whilst no evidence has been found of online foreign interference in UK elections, it has been highlighted as a top priority by senior politicians and experts. Evidence on the topic has been collected by Parliamentary committees for some time now. A Commons Select Committee recently said that the “UK is clearly vulnerable to covert digital influence campaigns”.

Full Article: “Highly likely” cross-government cell will be used to monitor interference and threats if election called.

Estonia: E-voting workgroup recommends more audits and observers | ERR

Experts put forward suggestions and recommendations at the second meeting of the e-election working group on Wednesday, commissioned by minister Kert Kingo (EKRE). Over the past month, committee members have submitted 30 suggestions for improvements. At the second meeting suggested proposals were put forward in three areas. Head of the working group Raul Rikk said that firstly more resources should be made available so that several independent auditors can check the processes of e-voting. He said this would increase their credibility in Estonia and around the world. The group is also proposing that the number of people involved in conducting and supervising elections should increase and to raise the number of independent observers at election counts. Rikk said this could be done, for example, by making it obligatory for a representative from each political party to attend the election counts. Experts could also be invited to follow the process or IT students could be encouraged to write reports. These changes would help to increase the number of people in society who have received training in the electoral process and understand the structure of the system, Rikk said.

Full Article: E-voting workgroup recommends more audits and observers | news | ERR.

Finland: Security agencies collaborate after cyber attacks | Gerard O’Dwyer/Computer Weekly

Finland’s National Bureau of Investigations (NBI) has joined forces with the National Cyber Security Centre (NCSC) to investigate a series of significant cyber attacks against state-run public services websites in the country in August. The most serious targeted attacks left the national police service and other public websites inaccessible to users. The NBI and the NCSC now plan to work more closely with public and private organisations to increase expertise and capability to better defend Finland’s critical IT infrastructure against cyber attacks. Hackers launched a sustained denial-of-service (DoS) assault on a number of popular public websites on 21 August that caused serious disruption to server functionality, connectivity and public services. The DoS strike was latest hostile cyber assault by hackers targeting high-profile public services websites in Finland. Previously, hackers had launched attacks against the City of Lahti’s municipal computer system and the IT system managing the official online results for the Finnish parliamentary elections in April.

Full Article: Finland’s security agencies collaborate after cyber attacks.

Italy: The Five Star digital voting platform that could threaten a government deal in Italy | Franck Iovene/AFP

If Italy’s political parties can agree on a government deal, it would still need to clear a final hurdle: the online voting platform of the Five Star Movement (M5S), which has long championed so-called ‘digital democracy’.
The platform, named after the 18th-century French philosopher Jean-Jacques Rousseau, is supposed not only to empower ordinary citizens but guarantee transparency — but it has been slammed as secretive and vulnerable to cyber attacks. Launched in 2016, it currently has some 100,000 members, M5S chief Luigi Di Maio said in July. But critics have lamented a lack of official documentation or certification from a third party to attest that this figure is correct. The M5S’s blog says the number of people registered on “Rousseau” rose from 135,000 in October 2016 to nearly 150,000 in August 2017, before dropping to 100,000 a year later. But political analysts say it cannot be seen as representative of M5S supporters, as the membership numbers are a drop in the ocean compared to the 10.7 million Italians who voted for M5S in the 2018 general election.

Full Article: The Five Star digital voting platform that could threaten a government deal in Italy - The Local.

Russia: Moscow’s blockchain-based internet voting system uses an encryption scheme that can be easily broken | Sugandha Lahoti/Security Boulevard

Russia is looking forward to its September 2019 elections for the representatives at the Parliament of the city (the Moscow City Douma). For the first time ever, Russia will use Internet voting in its elections. The internet-based system will use blockchain developed in-house by the Moscow Department of Information Technology. Since the news broke out, security experts have been quite skeptical about the overall applicability of blockchain to elections. Recently, a French security researcher Pierrick Gaudry has found a critical vulnerability in the encryption scheme used in the coding of the voting system. The scheme used was the ElGamal encryption, which is an asymmetric key encryption algorithm for public-key cryptography. Gaudry revealed that it can be broken in about 20 minutes using a standard personal computer and using only free software that is publicly available. The main problem, Gaudry says is in the choice of three cyclic groups of generators. These generators are multiplicative groups of finite fields of prime orders each of them being Sophie Germain primes. These prime fields are all less than 256-bit long and the 256×3 private key length is too little to guarantee strong security. Discrete logarithms in such a small setting can be computed in a matter of minutes, thus revealing the secret keys, and subsequently easily decrypting the encrypted data. Gaudry also showed that the implemented version of ElGamal worked in groups of even order, which means that it leaked a bit of the message. What an attacker can do with these encryption keys is currently unknown, since the voting system’s protocols weren’t yet available in English, so Gaudry couldn’t investigate further.

Full Article: Moscow’s blockchain-based internet voting system uses an encryption scheme that can be easily broken - Security Boulevard.

Russia: Prominent journalist Alexey Venediktov has accused ‘Meduza’ of cheating to prove Moscow’s online voting system is hackable. He’s wrong. | Mikhail Zelenskiy/Meduza

This September’s elections for the Moscow City Duma have already gained renown for inspiring regular mass protests, but they are also remarkable for another reason: In three of the Russian capital’s districts, voters will be able to use an online system to select their new representatives. Moscow’s Information Technology Department held intrusion tests on GitHub in late July to verify the integrity of the system: Officials gave programmers several opportunities to attempt to decrypt mock voting data, and each round of data was subsequently published so that it could be compared to the results of those hacking attempts. On August 16, Meduza reported on French cryptographer Pierrick Gaudry’s successful attempt to break through the system’s encryption. To confirm that the encryption keys used in the system are too weak, we also implemented Gaudry’s program ourselves. City Hall officials responded to the successful hackings by refusing to post its private keys and data, thereby preventing outsiders from confirming that the system had indeed been hacked. Instead, Ekho Moskvy Editor-in-Chief Alexey Venediktov, who is also leading the citizens’ board responsible for the elections, accused Meduza of abusing the testing process. Here’s why he’s wrong.

Full Article: Prominent journalist Alexey Venediktov has accused ‘Meduza’ of cheating to prove Moscow's online voting system is hackable. He's wrong. — Meduza.

Switzerland: Swiss post rolls out more secure version of e-voting platform | SWI

The publicly-owned company Swiss Post, which had abandoned its electronic voting system in July over security concerns, has developed a new version. “We have already proposed a solution” to cantons, said general manager Roberto Cirillo in an interview published by the La Liberté newspaper on Friday. According to Cirillo, the company is in the process of defining the rules for testing the new system with cantons. He stressed that the new version will “contain universal verifiability”. At the beginning of July, Swiss Post abandoned its electronic voting system, which means it now cannot be used for the October federal parliamentary elections. The decision was made after subjecting the e-voting system to an intrusion test by thousands of hackers last spring. According to Swiss Post, they were unable to penetrate the electronic ballot box, but found serious errors in the source code, which had to be corrected. The cantons of Neuchâtel, Fribourg, Thurgau and Basel City had adopted this e-voting system, which only offered individual verifiability. Three of them already plan to demand compensation from Swiss Post for failure to deliver.

Full Article: Swiss post rolls out more secure version of e-voting platform - SWI

Russia: Moscow’s blockchain voting system cracked a month before election | Catalin Cimpanu/ZDNet

A French security researcher has found a critical vulnerability in the blockchain-based voting system Russian officials plan to use next month for the 2019 Moscow City Duma election. Pierrick Gaudry, an academic at Lorraine University and a researcher for INRIA, the French research institute for digital sciences, found that he could compute the voting system’s private keys based on its public keys. This private keys are used together with the public keys to encrypt user votes cast in the election. Gaudry blamed the issue on Russian officials using a variant of the ElGamal encryption scheme that used encryption key sizes that were too small to be secure. This meant that modern computers could break the encryption scheme within minutes. “It can be broken in about 20 minutes using a standard personal computer, and using only free software that is publicly available,” Gaudry said in a report published earlier this month. “Once these are known, any encrypted data can be decrypted as quickly as they are created,” he added.

Full Article: Moscow's blockchain voting system cracked a month before election | ZDNet.