How Cyber Propaganda Influenced Politics in 2016

Uploaded on 2017-01-31 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

Throughout history, politically motivated threat actors have been interested in changing the public opinion to reach their goals.In recent years the popularity of the Internet gave these threat actors new tools. Not only do they make use of social media to spin the news, spread rumors and fake news, but they also actively hack into political organisations.

Political organisations are a relatively easy target for threat actors who want to cause harm. By their very nature, political parties must be able to communicate openly with their members, the press and the general public.

A political party is particularly vulnerable to spying campaigns and cyber-attacks during a hectic election period, where security measures might be considered a burden to daily operations. Recent events in 2016 have demonstrated how important security is for political organizations.

In 2016, we saw at least eight different high-profile attack campaigns against political organisations in countries like the United States, Germany, Ukraine, Turkey, and Montenegro. These campaigns were not meant for espionage alone, but for active interference with political processes and to influence public opinion.

WikiLeaks and mainstream media were used to get the general public to learn about alleged scandals that may or may not have happened in the political organizations that were targeted. Stolen data was published, but the authenticity of the data was usually not confirmed. This leaves room for threat actors to alter the stolen data to their own benefit and present it as if it was real and unaltered.

By publishing carefully selected pieces of unaltered stolen data, threat actors can better influence public opinion towards a direction that is favorable to their interests.

In 2016 the Democratic Party in the US was allegedly hacked by Pawn Storm, a threat actor group known for targeting people and organizations that might be perceived as a threat to Russia.

For example, between 2014 and 2016 Pawn Storm set up dedicated campaigns against the armed forces of at least a dozen countries. Pawn Storm’s activities show that foreign and domestic espionage and influence on geopolitics are the group’s main motives, and not financial gain.

It is a fact that e-mails were stolen from members of the Democratic Party. These e-mails were leaked by WikiLeaks and dcleaks[.]com, a website that’s likely controlled by the Pawn Storm actors.

We can confirm that in March and April of 2016, Pawn Storm launched an aggressive credential phishing campaign against corporate and free webmail accounts of various high ranking members of the Democratic Party in the US.

During the campaign, dozens of politicians, Democratic National Committee (DNC) staff, speech writers, data analysts, former staff of the Obama campaign, staff of the Hillary Clinton campaign, and even corporate sponsors were targeted multiple times.

We know this because we have been tracking credential phishing attacks by Pawn Storm since 2014. We were able to obtain a substantial amount of click statistics on tens of thousands of individual phishing URLs, and published an early analysis of this data in 2015.

In June 2016, we discovered a serious compromise of the website of the DCCC (Democratic Congressional Campaign Committee) that showed fingerprints of the Pawn Storm actor group. We believe we were one of the first ones to discover the compromise, and we disclosed it responsibly to US authorities immediately. Within hours after we reported the issue, the compromise was addressed and the DCCC website got cleaned up.

There have been instances when Pawn Storm uses mainstream media to get the general public to know about their brazen attacks. It has been confirmed by several mainstream media outlets that they were offered exclusive access to data that was stolen by Pawn Storm.

This shows that apart from WikiLeaks, mainstream media are also attempted to be used by threat actors who want to influence public opinion and cause harm to political organisations.

The US is not the only country where political organisations got targeted in 2016.  In fact, the problem is much more widespread. In April and May 2016 German Chancellor Angela Merkel’s political party, the Christian Democratic Union (CDU), was targeted by Pawn Storm.

We don’t know whether the attacks were successful, but they were confirmed by German authorities. No information has been leaked yet, but in other cases, Pawn Storm waited more than a year before they started to publish stolen data.

Early February 2016 Pawn Storm targeted the Turkish parliament. Other researchers have noted that a particular threat actor targeted political parties between March and August 2016, including the Die Freiheit party in Germany, the AK party in Turkey, and two other parties in Ukraine.

We do not know whether these attacks were carried out by Pawn Storm as well. However, one of the e-mail addresses that was used in these attacks was also targeted and likely compromised by Pawn Storm just a few days before the campaign against the Turkish AK party started. Regardless of who the threat actor was in these cases, it is clear that several political parties outside the US were targeted.

Attacks against political parties are not likely to stop any time soon.

In October 2016, a special credential phishing attack was launched against the parliament of Montenegro, most likely by Pawn Storm once again.

In the spring of 2017, several European countries are scheduled to hold elections, including Bulgaria, France, Germany, the Netherlands, and Norway. Political organisations and other high profile organizations are urged to take measures to avoid becoming the next victim of foreign threat actors who want to influence elections and public opinion.

Trend Micro:       Hackers Target France’s Presidential Election:     

German Spy Chief Fears Russian Interference In 2017 Elections:

 

 

« US Army Wants To 3D-Print Mini-Drones
Nissan Self-Drive Trial Begins In London »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

DigiCert

DigiCert

DigiCert is the only provider of enterprise-grade SSL, IoT and PKI solutions. Our certificates are trusted everywhere, millions of times every day, by companies across the globe.

Veridify Security

Veridify Security

Veridify Security (formerly SecureRF), develops and licenses quantum-resistant, public-key security tools for the low-resource processors powering the Internet of Things.

Baffle

Baffle

Baffle is pioneering a solution that makes data breaches irrelevant by keeping data encrypted from production through processing.

Invest Ottawa

Invest Ottawa

The IO Accelerator Program is designed to rapidly and systematically accelerate the development and commercial success of high growth technology firms.

FraudLabs Pro

FraudLabs Pro

FraudLabs Pro detects fraud and helps merchants to reduce e-commerce chargebacks by identifying high risk transactions.

SightGain

SightGain

SightGain is the only integrated risk management solution focused on cybersecurity readiness using real-world attack simulations in your live environment.

StateRAMP

StateRAMP

StateRAMP reduces risk from unsecure cloud solutions and protects data by providing State and local governments a standardized approach for verifying and monitoring security postures.

UncommonX

UncommonX

UncommonX offers enterprise-class cybersecurity protection for mid-size organizations by combining adaptive threat and intelligence software with 24/7 industry experts.

LANCOM Systems

LANCOM Systems

LANCOM Systems is the leading European manufacturer of secure, reliable and future-proof networking (WAN, LAN, WLAN) and firewall solutions for the public and private sectors.

SpiderOak

SpiderOak

SpiderOak's portfolio of Secure Communication & Collaboration products ensure the confidentiality, integrity, and availability of your most sensitive data in any environment.

Think|Stack

Think|Stack

Think|Stack is a managed IT services company specializing in cloud and cybersecurity with human-centered design.

NexGen Cyber

NexGen Cyber

NexGen Cyber helps customers in commercial SMB markets with IT security, security integration, service management, outsourced service transition, and transformative security solutions.

Varutra Consulting

Varutra Consulting

Varutra Consulting is an Cyber Security Consulting, Solutions and Training services firm, providing specialized security services for software, mobile and network.

Professional Labs

Professional Labs

Professional Labs specialize in simplifying complex problems for our customers with Cloud Services, Managed Services and Cyber Security.

Digital & Intelligence Service (DIS) - Singapore

Digital & Intelligence Service (DIS) - Singapore

DIS is the fourth Service of the SAF, here to defend and dominate in the digital domain, and achieve peace and security for our land.

Kali Linux

Kali Linux

Kali Linux is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing.