Is Moscow Planning Something? Germany Prepares for Possible Russian Election Meddling
Two years ago, Russian hackers conducted a cyberattack against the German parliament. Will the data they stole make a sudden appearance before the election? Officials are doubtful, but there may be an even greater threat.
In recent weeks, officials inside Germany's security agencies have been fondly circulating an article from the website of Foreign Policy magazine that was published on Aug. 3 with the headline, "Russian Hackers Can't Beat German Democracy."
The article speculates about what Russia could do to disrupt the German federal election, which takes place on Sept. 24, and argues that the Russians will certainly attempt to interfere. Notably, though, the magazine concludes that the Kremlin is unlikely to succeed. Germany, the article argues, is excellently prepared for dealing with any attack because politicians and voters alike have been sensitized to the threat -- and because the country's media system provides a protective shield against disinformation campaigns.
Sign up for our newsletter -- and get the very best of SPIEGEL in English sent to your email inbox twice weekly.
Hans-Georg Maassen, the head of the Office for the Protection of the Constitution, which is responsible for counterintelligence, has been vocal in warning against Russian threats, but he recently told the Welt am Sonntag newspaper that it is doubtful that a disinformation campaign directed at Germany would "fit with the Kremlin's current political agenda." After months of incessant warnings that Moscow might try to conduct an influence campaign in Germany, the Süddeutsche Zeitung newspaper even reported last week of a "cautious all-clear." Sources inside Germany's security agencies told the newspaper they "no longer consider it likely that there would be any attempts at sabotage."
It's Too Soon for the All-Clear
But it seems premature for complacency. A new, little-discussed scenario has recently come into focus -- one which envisions certain people attempting to sow doubt about the election results. Similar to other concerns regarding election tampering, the U.S. presidential elections provide insight into this scenario as well. Following Donald Trump's surprising victory, Green Party candidate Jill Stein's objections reinforced people's already considerable doubts about the election results.
The Federal Office for Information Security (BSI), which is responsible for election security, believes that similar efforts will be undertaken in Germany. The German electoral system's reliance on paper and pen votes, to be sure, makes it less vulnerable to the kinds of problems experienced with electronic ballot systems in some U.S. states. But BSI President Arne Schönbohm told DER SPIEGEL that hacking attacks on sensitive candidate data and parties remains the greatest threat to the election process and that "perpetrators could attempt to attack IT systems used for the election."
This could include, for example, the election software that compiles the results from the different constituencies. The influential weekly newspaper Die Zeit reported that a computer scientist in the German state of Hesse found weaknesses in the compiling software, as have members of the Chaos Computer Club, a hacker group.
Schönbohm also warns, "Even after the federal election, perpetrators could attempt to undermine voters' trust in the election outcome by spreading false statements about irregularities."
Even if such a scenario does not come to pass, an additional eventuality continues to loom: a well-timed attack on the parliamentary election fueled by data that was pilfered from Germany's parliament, the Bundestag, in a 2015 cyberattack. Many have long suspected that the data purloined by Russian hackers would be leaked during the next election. Some 16 gigabytes of data were stolen at the time -- mostly from email in-boxes. The offices of at least 16 members of parliament, including Chancellor Angela Merkel's constituency office, are known to have been hit.
A well-timed leak of the information would be far from unprecedented. The same thing happened with the emails from Hillary Clinton's campaign staff and with data from French President Emmanuel Macron's campaign shortly before that country's presidential election.
Plus, the hacking group that attacked the Bundestag is known to be the same one responsible for the attacks on the campaigns of Clinton and Macron. Within the hacking scene, the group goes by names like APT28, Fancy Bear or Pawn Storm. Western security agencies believe the group is connected to Russia's GRU military intelligence service.
Germany remains one of the group's primary targets. In 2016, the group conducted an attack against the center-left Social Democratic Party's (SPD) parliamentary group in the Bundestag as well as the state offices of Merkel's conservative Christian Democratic Union (CDU) in Saarland. Security researchers also detected traces left by APT28 in attempted attacks on political foundations aligned with the CDU and SPD.
Russia's Strategic Aims
German authorities are furthermore united in the belief that Angela Merkel is an important target of Russian politicians. Merkel is a driving force behind sanctions against Moscow and one of Putin's few remaining geopolitical opponents. It's also conceivable that such strategic goals go beyond efforts to topple the chancellor. They also likely include efforts to cast divisions in society and to promote forces that support friendlier policies toward Russia, like the right-wing populist Alternative for Germany (AfD) party and elements within the center-left SPD.
German authorities' official position, including that of the BSI, on the threat posed by the Bundestag hacking attack is that something might still happen with that data. "It cannot be ruled out that the stolen data will be published in the run-up to the federal parliamentary election or that further attacks on institutions or parties will take place," says Schönbohm.
For a long time, the BSI president had been more reserved in his warnings than counterterrorism chief Maassen. But despite the apparent recent decrease in concern, he says that his agency is still taking the potential threat very seriously. "Regardless of the risk assessment of others, BSI has intensified its efforts to monitor the situation and will continue to do so until the end of the 2017 federal elections," Schönbohm says, "and it will have reserve crisis-reaction capacities on hand in the event of possible incidents."
Why a Bundestag Leak May Be Unlikely
Despite the continued caution, people are emphasizing certain factors suggesting the data hacked from the Bundestag will not emerge as a disruptive force shortly before the election:
- First of all, the parliamentary election is not in great doubt. In contrast to presidential elections in the U.S. and France, there aren't two candidates running directly against each other. In Germany, voters elect a parliament, which in turn votes in the chancellor, thus making the system here much more difficult to influence. And in contrast to the polls at the beginning of the year, there no longer seems to be any chance that Merkel will lose the election. Her party's lead in the polls appears to be stable, making it seemingly impossible for Russian intelligence services to influence the situation in ways that could sway the outcome of the election.
- Actions taken by France during its election this summer may also have had a deterrent effect. The leak shortly before the election of emails stolen from Macron's campaign by Russian hacker groups did little to damage the candidate, nor was it helpful to his Kremlin-friendly opponent, Marine Le Pen of the Front National. France was prepared and Macron's staff had even planted useless, fake data among the mails the hackers purloined. The leak didn't produce anything politically explosive.
- German voters are also prepared for such attacks. By now, people are familiar with methods like strategic leaks and disinformation campaigns and the issue has been debated exhaustively since the U.S. election. Some media organizations have even built fact-checking teams that can respond to waves of false information. The large internet platforms, like Facebook and Twitter, are also working with the German authorities to protect the accounts of politicians and political parties from hacking.
- There is also the fact that the data stolen from the Bundestag is already over two years old. One of the members of parliament whose office was attacked says the data stolen is "past its sell-by date." He contacted the authorities at the start of the year to find out if there had been any new developments and has since filed it all away as a thing of the past.
Independent of the individual assessments and speculation, the German authorities are united in their view that Russia is pursuing its strategic interests in Germany through disinformation tactics and attempts to sow division. The case of a 13-year-old Russian-German girl in January 2016 illustrated just how vulnerable the country's large Russian population can be to manipulation from Moscow. The Russian media reported widely on false claims the girl had been kidnapped and raped by migrants, sparking numerous protests by members of the Russian community in Germany, despite vehement denials by German government officials that anything had happened.
Even after the sometimes hysterical debate over "fake news," the steady stream of false information coming from the social-media accounts of people friendly to Russia as well as state-run media remains a serious problem. The German-language offerings of Russian state media like RT or Sputnik are important social media influencers and plug into a network comprised of everyone from pro-Russian activists to far-right accounts in Germany and in the U.S. The target is often Angela Merkel and her, real and alleged, immigration policies.
As before, German authorities consider such disinformation campaigns to be the greatest threat in the final stretch of the election campaign.