Eyeing Russia, EU girds for cyberthreats to Parliament vote

PARIS (AFP) – With campaigning for May’s European Parliament elections shifting into high gear, security officials are preparing for potential attempts by Russia-linked hackers to sway the vote – and potentially deepen divisions in the bloc.

“There’s a strong likelihood that people will try to manipulate the debates and falsify the European election results,” the European Union’s (EU) Security Commissioner Julian King told France’s Alsace newspaper last week.

The vote is shaping up as a continental clash between populist and eurosceptic movements on the one hand, and pro-European internationalists on the other.

“It is already clear this will be the most consequential parliamentary vote in the EU’s history,” the European Council on Foreign Relations wrote in a recent report.

Moscow has long denied allegations of hacking and meddling in foreign elections through social media disinformation campaigns thought to be piloted by Russia’s GRU military intelligence agency.

But suspicions are rife that Russia has much to gain by helping populist and eurosceptic movements, some of which want to end EU sanctions on Moscow over its annexation of Crimea from Ukraine.

The biggest threat, officials say, is a three-pronged attack seen in other high-stake votes: the hacking of a political party; targetted leaks of any sensitive data, either raw or manipulated; and surreptitious social media campaigns to keep the information in the headlines.

That was the scenario that played out in the US presidential election of 2016, when Russian hackers are suspected of trying to tilt the outcome by hacking the Democratic Party. Russian hands were also seen behind an 11th-hour hacking of Emmanuel Macron’s party ahead of the 2017 French presidential elections, when thousands of files were leaked online.

So-called “state actors” are also thought to have been involved in Britain’s Brexit vote, and in the hacking of Australian political parties last month.

“We stand a good chance of being hit with something big” ahead of the May 23-26 election, said a source in the French security services, who requested anonymity to discuss the risks.

In January the European Commission urged platforms like Google and Twitter, but also advertising firms, to make more progress on their pledge to fight “fake news” by removing bogus accounts and curbing suspect sites.

“Several actions are being taken or already implemented to allow the EU and member states to react quickly, efficiently and in coordination in case of attacks,” according to an internal report by a European security service seen by AFP.

“But for now they are mainly declarations of intent that have yet to be tested,” it said.

One cyber-spying group in particular – known as APT28, Pawn Storm, Fancy Bear or other monikers – is thought to have staged many of the recent attacks targetting European institutions and political groups, including NATO and the German Parliament.