The information captured by the cyberattacks carried out against Bundestag lawmakers during Germany’s federal election by a hacker group said to be associated with the Russian secret service GRU was not used for disinformation but could still give Russia a strategic edge, officials and experts have said.
Already before the 26 September election, Germany’s interior ministry classified the possibility of cyberattacks as a “serious threat.”
During the ballot, a hacker group attributed to the Russian secret service GRU known as “Ghostwriter” targeted Bundestag MPs. But fears that the captured information could be used for disinformation campaigns have not been confirmed so far.
“I think it’s relatively clear now, after the federal election, that there were no disinformation campaigns that used some of the material that was captured by Ghostwriter,” said Sven Herpig, head of international cybersecurity policy at the think tank Stiftung Neue Verantwortung.
In the run-up to the election, both federal and state parliamentarians were targeted by phishing attacks – emails purporting to be from reputable companies to induce people to reveal their private data.
The attacks served as “preparatory acts to possibly influence operations such as disinformation campaigns,” an interior ministry spokesperson told EURACTIV.
Although the Russian disinformation campaigns were at a low level, the ministry does not rule out the possibility of the stolen data being used in the future – especially as the coalition negotiations are now ongoing.
To prevent the illegitimate influence of foreign states on the Bundestag election campaign, Germany took a broad approach during the election, focusing on prevention, detection and counter-reaction to cyberattacks involving various stakeholders.
Various institutions – including the Federal Office for Information Security (BSI) and the Federal Office for the Protection of the Constitution – worked closely together.
The hackers mainly focused on Bundestag MPs.
“We pointed out from the beginning, back in 2017, that there is a risk that the accounts of members of the Bundestag and their family members will be attacked because these are the easiest target,” said Herpig.
The BSI had therefore paid special attention to raising awareness among Bundestag MPs about the risks of cyber-attacks and tried to minimise security risks by offering a variety of information, support and advisory services.
As there have been no reports indicating that “large amounts of data have been leaked and then used to intimidate candidates or to stir up disinformation”, the strategy seems to have worked, Herpig added.
The damage was also minimised due to the rapid response time of the federal authorities in detecting cyberattacks.
This was the case with the quick identification and prevention of a hacker attack against the federal statistical office – whose head also acts as the federal election commissioner – a few days before the federal elections.
The attack, aimed at gaining external access to data systems and servers, was quickly identified and the hackers were unable to steal any data.
However, the Bundestag’s reconstitution is also a gateway for possible future cyberattacks.
The President of the Federal Office for the Protection of the Constitution, Thomas Haldenwang, warned in the FAZ that there was a risk Russian hackers could take advantage of the inexperience of the new Bundestag members.
Harsh rhetoric against Russia could play in its favour
The federal election also brought a strategic change in the way cyberattacks are dealt with as the diplomatic response was uploaded to the EU level.
For example, EU chief diplomat Josep Borrell condemned the attacks shortly before the federal election, calling them a threat to European “democratic values and principles”.
However, this harsh rhetoric, which was not followed by concrete action, could even play into Russia’s hands.
Ghostwriters attacks can usually be recognised quickly and easily attributed to Russia since the group is not concerned much with disguising their activities.
According to cybersecurity expert Herpig, there could be a strategic calculation behind this approach, as political capital can also be drawn if Russian cyber operations are detected, especially since Russia does not have to fear retaliation.
Russia’s gains are that either sensitive material is captured, giving Moscow a strategic advantage in the “cyberwar”, or the whole of Europe is talking about Russia trying to influence the election, “which is, of course, a very strong narrative,” Herpig pointed out.
[Edited by Luca Bertuzzi/Zoran Radosavljevic]