How Europe's elections could be hacked

Russian hackers meddled in the U.S. election campaign. Now they're turning their attention to Europe.

France, Germany and the Netherlands are holding elections later this year, and experts agree with former U.S. Vice President Joe Biden that Moscow will try to sway the results.

The voting infrastructure is expected to be relatively secure since all three countries use paper ballots.

But here's how Russian hackers (and others) could influence the outcome:

 

Phishing for dirt

The most common and successful election hacking strategy involves revealing embarrassing information about candidates, which could sway public opinion, say security experts.

Hackers generally find this information using phishing -- encouraging victims to click on malicious email links or download shady attachments. This allows hackers to gain access to a computer system where they can snoop around for dirt on candidates and their associates.

"In the U.S., the hacks were a result of phishing," said Oren Falkowitz, co-founder and CEO of Area 1, and former director at the U.S. Army's Cyber Command. "If there are to be hacks in the European political process, they will be as a result of phishing."

Several cybersecurity experts predict Germany's parliament is the likely next target for a Russian hack-and-leak campaign similar to the one suffered by the American Democratic National Committee.

Germany's top IT security agency said it intercepted about 44,000 infected emails per month in early 2016, with attacks up fourfold compared to 2015. The agency said it caught about 20 "highly specialized attacks each day" on government networks.

 

Political parties most at risk

Small European political parties could be particularly vulnerable to these kinds of attacks because they don't always have the resources to fend them off, experts say

"Political parties are responsible for their own IT security, and sometimes they can be lax," said Charles Lichfield, a European associate at the political risk firm, Eurasia Group. "The integrity of democracy is threatened if the IT is not secure."

France's top national security agency told CNNMoney it held a seminar for French political parties late last year to teach them about protecting themselves from hacking. But it doesn't impose any strict regulations in this area to avoid being accused of political interference.

NATO, in an attempt to warn its member nations, continues to publish books documenting how Russia has steadily targeted Western states with information warfare -- and the important role of simple attacks like email phishing.

 

Spreading fake news

Misinformation campaigns against candidates are also a big threat to the political process. Social networks are used to spread rumors and influence voters.

"Even if such information is later corrected, this false information lives forever on the Internet, with the potential to inform opinions and as a result misinform -- and potentially direct the actions of -- the electorate," warned Forcepoint Security Labs in a 2016 report.

German Chancellor Angela Merkel is particularly at risk of fake news campaigns because of the hardline stance she's taken against Russia, said Eurasia's Lichfield.

"We don't know the methods that the Russian government will use. But we expect them to get involved," he said. "Russia has a clear interest in dividing up the European Union."

Merkel is a key figure in the struggle to keep the EU together, making her a prime target.

Facebook (FBTech30) said in December it would begin applying warning labels to some "fake news" stories that users share on the social network in an effort to stop or slow the spread of malicious rumors. But there's no guarantee this will work. Twitter (TWTRTech30) bans users for hateful speech and harassment, but it doesn't block people for spreading falsehoods.

 

Moving the needle

Phishing, leaking information and spreading fake news may not move the needle much, but it could still be enough to change history.

"A lot of it comes down to 'head hacking', which is just psychological for people," said Steve Armstrong, founder and technical security director at the UK-based firm, Logically Secure.

"I don't think it's going to be massive, but 2% to 3% [of voters] is enough if it's going to be a close election, as we saw with Brexit," he said.