Want to influence an election? All you need is about $400,000, according to cyber-security consultant Trend Micro Inc.
That’s the sum it takes to buy followers on social media platforms like Facebook and Twitter, hire companies to write and disseminate fake news postings over a period of 12 months and run sophisticated websites to influence public opinion, according to Udo Schneider, a security expert for the German-speaking market at Trend Micro.
“Hacking the actual voting process isn’t worth it as it leaves traces, is very expensive and technologically challenging,” Schneider said Wednesday at a security conference organized by Deutsche Telekom in Berlin. Yet influencing public opinion via fake news and data leaks, as is believed to have happened during the U.S. and French election campaigns, is relatively simple and “could also happen ahead of the German elections.”
German politicians are increasingly concerned that outside forces will try to influence the country’s Sept. 24 vote, in which Chancellor Angela Merkel is seeking a fourth term. Senior security officials have pointed to Russia as pushing fake news and silently supporting hackers who have targeted the German parliament as well as two think tanks associated with the Christian Democrats and the Social Democrats, Germany’s two main parties. Russia has repeatedly denied it’s hacked foreign governments.
Germany’s political parties are “completely transparent” for motivated hackers because their infrastructure usually isn’t well protected, according to Frank Rieger, a spokesman for the Chaos Computer Club, a German collective of about 5,500 hackers that acts as a tech watchdog in Europe’s biggest economy. Manipulating preliminary results on the eve of the elections is “entirely possible,” he said at the same event.
Germany is trying to shore up its defenses, from the armed forces setting up a new cyberdefense security unit that will soon have 13,500 staff to placing cyber security experts with the federal election commissioner. In May the BSI, the country’s top technology security agency, held talks with counterparts such as France’s online security agency to gather information on thwarting attacks like one that targeted the presidential campaign of Emmanuel Macron.
German authorities are confident they can protect the vote-counting process, which is largely done by hand and the telephone, and have warned regional and local election officials about the potential threats involved, said Andreas Koenen, who heads an IT security division at the German Interior Ministry.
Deutsche Telekom this year released a cybersecurity product for free to all major German parties, and several members of Merkel’s CDU are already using it to protect their mobile phones, according to Shridhar Mittal, the chief executive officer of Zimperium Inc., the company that developed the app called Mobile Protect Pro. “Mobile devices are the next frontier for hackers,” as they’re usually the weakest link in the portfolio of digital devices, Mittal said by phone.
Yet even if Germany’s defenses are up now, things may be too late already. Pawn Storm, a hacker group believed to be linked to Russia, in 2015 successfully hacked into the IT network of Germany’s Bundestag parliament, stealing about 16 gigabytes of emails and other data. There have been no leaks yet, but most lawmakers expect to see those 16 gigabytes again shortly before the elections. What that will mean remains to be seen.
If the hackers gathered explosive content, then it will be dumped shortly before the vote, Rieger of the Chaos Computer Club said.
“But I actually am not too worried that they have much,” he said. “German parties are inherently boring.”