On the eve of the 2016 United States presidential election, a scandal broke involving a devastating hack of the Democratic National Committee (DNC). The news caused the ground to shift under Hillary Clinton, affecting her momentum against Republican candidate Donald Trump. This hack changed history forever.
Since then, political cyberattacks have multiplied, along with their impact. The 2020 US Election, the 2021 Labour Party hack, Solar Winds, the Pegasus scandal, and the 2017 French elections are just a few on a long list of politically motivated cyberattacks that represent a direct attack on democracy.
“The incidents are not isolated events, but rather part of a larger, more concerning trend,” leaders from Cyber Rights Organization (CRO) told Moonlock in an interview.
CRO — working under the same entity that runs the groups Help Ransomware and Reputation Up — has hands-on, real experience with cyberattacks. “Over the past decade, we’ve seen a significant uptick in cyberattacks targeting political institutions and elections,” CRO experts said. “This isn’t a mere coincidence, but a reflection of the changing dynamics of both politics and cyber warfare.”
Moonlock also spoke to Blake Darché, Head of Threat Intelligence at Cloudflare. “Events and headlines in the physical world have resonance in cyberspace,” Darché said. “Election and political targeting are no different, with larger volumes of attacks taking place in the run-up to and around elections.”
So which of these politically motivated cyber attacks were the most consequential? What hacks and leaks have had a profound impact on governments and nations? And how exactly have they shaped global politics?
The first probe: Ukraine elections, 2014
On May 2014, prior to the Ukrainian presidential elections, a pro-Russian hacktivist group known as CyberBerkut launched a series of cyberattacks to influence and manipulate the election. The European Parliament revealed that CyberBerkut hackers invaded the network and breached the systems of the Central Election Commission. Once inside, they installed malware that could have changed election results.
This attack failed, as the malware was removed minutes before the election began on May 25. The Central Election Commission was hit again a couple of months later in October, when hackers took down its website ahead of a parliamentary vote.
Security experts agree that these incidents represent the first serious cyberattacks on democratic elections executed by foreign interests.
Many argue that the attacks also served as a trial run for Russia, which they used to gain valuable insights into how to run cyberattacks on elections. Experts also believe the attacks helped Russia develop more sophisticated techniques.
Interference with US elections
Two events immediately stand out in the discussion of politically driven cyberattacks. The 2016 and 2020 US election attacks not only influenced election outcomes but revealed that hostile foreign governments are willing to cross a dangerous line, using cyberwar to attempt to influence elections and shape politics even in the world’s most powerful countries.
2016: The DNC leaked emails scandal
In 2016, the DNC breach resulted in a leak of over 30,000 emails and hundreds of thousands of attachments, phone numbers, and personal data of high political figures in the DNC, including Hillary Clinton.
The CIA and the FBI both confirmed that the emails were stolen by hackers linked to Russian intelligence in an effort to help Donald Trump win the election. While the emails did not contain evidence of any illegal activity conducted by the DNC or Hillary Clinton, the sheer volume of sensitive data that was leaked and the press coverage that followed caused irreparable damage to Clinton’s reputation.
The 2016 attack was highly sophisticated. It began with what is known as an advanced persistent threat (APT). Experts now know that the ATP attacker was in the DNC system for about a full year, completely undetected, stealing sensitive data. But the final nail in the coffin came in April 2016 when yet another Russian hacker group breached the DNC. One month later, on June 15, the DNC announced the hack. And soon after, WikiLeaks published the first batch of leaked emails.
The 2016 DNC breach led to a massive overhaul of cybersecurity systems. Government and political parties implemented new threat intelligence detection software, leveled up network monitoring, and installed next-generation firewalls.
“This cyberattack was a game-changer in many ways,” CRO leaders said. “The attack, attributed to Russian state-sponsored actors, highlighted the vulnerability of political institutions to cyber threats. It also underscored the potential for such attacks to influence public opinion and election outcomes.”
Most believed the 2016 attack was a one-time event for the US. But in 2020, another tight US presidential election became ground zero for a new chapter in global political cyber warfare.
2020: Fake news, misinformation, and disinformation
For the US, the 2020 presidential election was a trial by fire. It would reveal to the world how new security efforts and policies fared against attacks on infrastructure.
The New York Times, echoing the words of the US government, assured that the United States Cyber Command “dived deep” into Russian, Iranian, and Chinese networks to shut down cyberattacks before they could do any damage.
According to Microsoft, attacks in 2020 were abundant but mostly unsuccessful. A few examples included:
- Russia-backed hacker group Strontium. The group attacked more than 200 organizations, including political campaigns, advocacy groups, parties, and political consultants.
- Chinese-supported hacker group Zirconium. Zirconium targeted high-profile individuals associated with the election, including people associated with the Joe Biden for President campaign and prominent leaders in the international affairs community.
- Iranian group Phosphorus. The group attacked the personal accounts of people associated with the Donald J. Trump for President campaign.
However, despite the successful security efforts, disinformation and misinformation through social media sites like Twitter and Facebook were unstoppable. This turbulent climate soon established itself as the new norm, allowing fake news to proliferate online.
The mysterious 2019-2022 UK Labour Party attacks
When cyberattacks target political organizations, especially close to elections, it is clear that the attackers are not after money. Such incidents, which aim to disrupt or influence elections and government processes, are heavily investigated. The groups behind the attacks are identified and made public, often revealing foreign state-supported hacker groups as the perpetrators. Two noteworthy attacks on the Labour Party in the UK, however, left us with more questions than answers.
2019: DDoS Labor Party website attacks
In November 2019, one month before the country’s general elections, hackers hit the Labour Party in back-to-back attacks. The attackers aimed to shut down the Labour Party’s websites, flooding them with malicious traffic using a denial-of-service attack (DDoS).
Reuters reported that the attacks came after Britain’s security agencies warned that Russia and other countries could attempt to disrupt the December 12 vote. Moscow denied these charges, and they have never been fully confirmed.
A month after the attack, pro-Brexit Conservative Party leader Boris Johnson won the election in a landslide. To what degree the attack on the Labour Party affected the public’s opinion is unknown, along with the details of who was behind it.
2021: Ransomware leads to compromised Labor Party data
In 2021, the Labour Party was hit by another attack, this one unlike any other. Investigations concluded that it was ransomware. According to The Register, this type of attack on political groups, allegedly motivated by financial gain, was surrounded by mystery.
While a ransom was never paid for the stolen data, the Labour Party confirmed that the stolen information included personal data. The compromised data included people’s contact, financial, and electoral information. The Labour Party also disclosed that the compromised data contained information on individuals’ political views, such as what party they supported and information on political donations.
The investigations concluded that the cyberattack was “most likely” conducted by common cybercriminals and not nation-state groups. However, no official investigation with clear findings was ever released.
The era of digital politics and the rise of political cybercrime
Darché of Cloudflare spoke about how digital transformation opens a floodgate for cybercriminals.
“While there has certainly been an increase in attacks on election-related organizations and political parties over the last decade, digital transformation has also exploded,” Darché said.
“Organizations today use increasingly complex software systems to maintain business continuity, increase innovation, and keep up competitively,” Darché added. Darché explained that this innovation is a double edge sword, as digital transformation “ultimately draws the attention of threat actors and expands the digital attack surface.”
“As our world becomes increasingly digital, so do our political processes,” CRO said. “Elections are now run on digital platforms, government operations are conducted online, and data — lots of it — is stored in the cloud. This digitization, while beneficial in many ways, has also opened up new avenues for cybercriminals to exploit.”
Additionally, political organizations increasingly rely on digital means to reach voters. But it is a risky two-way street. On the one hand, it empowers politicians with new channels to communicate and campaign. On the other, it leaves them vulnerable to remote bad actors. And nothing is off the table. Even voting machines are vulnerable.
“Politically motivated actors are seldom interested in financial gain,” Darché said. “Often, they seek information to cause a desired outcome for whomever they represent through a ‘useful idiot.’ This is summed up in The Kremlin Playbook from the Center for Strategic and International Studies (CSIS).“
Note: In political jargon, “useful idiot” is a term associated with the Cold War, used to describe those susceptible to communist propaganda and manipulation.
What drives political cybercrime?
Attacks on political parties and governments are high-risk with little financial reward. While politics is clearly the motive, we wanted to know what really drives these attacks and what their primary goal is.
“The stakes in politics are high, and the potential for disruption is massive,” CRO experts said. “A successful breach can lead to the leaking of sensitive information, manipulation of voter data, or even the disruption of an entire election process. These attacks can sow seeds of discord, influence public opinion, and in some cases, even alter the course of an election.”
Unfortunately, as long as the rewards outweigh the risks for the attackers, this trend is likely to continue. “We are in a digital arms race, and the need for robust cybersecurity measures has never been greater.”
Motives behind political cyberattacks
CRO explained that the motives behind political cyberattacks often extend beyond money. They added that in the realm of political cyberattacks, the motivations can be as complex and varied as the political landscape itself.
CRO listed the main key drivers as:
- Geopolitical influence. State-sponsored actors often carry out attacks to gain a strategic advantage, disrupt democratic processes, or destabilize an adversary. The goal here isn’t financial gain but rather to exert influence, sow discord, or advance a particular geopolitical agenda.
- Ideological beliefs. Some cyberattacks are driven by ideological beliefs or political agendas. Hacktivist groups, for instance, may launch attacks to draw attention to a particular issue, influence public opinion, or promote a specific cause.
- Information warfare. In the digital age, information is power. By hacking political systems, attackers can gain access to sensitive information that can be used for blackmail, public manipulation, or reputational damage.
- Demonstration of power. Some attacks are carried out simply to demonstrate the cyber capabilities of a group or nation. It’s a way of flexing their cyber muscles, so to speak, and sending a clear message to adversaries.
While financial gain remains a significant motivator in the world of cybercrime, political cyberattacks often serve a broader range of objectives. These attacks are a form of modern warfare, and their impacts can be far-reaching and long-lasting.
How do these attacks affect you?
A question that is rarely asked in cybercrime investigations is how these attacks affect us on an individual level. What does political cybercrime mean to our global society, and what can we as citizens do?
“The general population is in a challenging position to judge whether the information portrayed by political candidates, news organizations, and social media is fact or fiction,” Darché said. “The advent of large language models and artificial intelligence will only increase the challenge in this area.”
CRO added that the impact of political cyberattacks on the general population can be profound and multifaceted.
“When political institutions are breached, it can lead to a significant erosion of public trust in these entities,” CRO experts said. “This can undermine the democratic process and create a sense of uncertainty and fear.”
Misinformation and fake news, which have reached concerning levels, are other issues that our global society has become accustomed to living with. And unfortunately, misinformation can influence election outcomes and create social divisions, even as more targeted attacks expose citizens’ personal data.
What can citizens do?
Experts at CRO stress the importance of staying informed. “Awareness is the first step. Understand the nature of these threats and how they can impact you. Follow reliable news sources and stay updated on the latest developments.”
Multi-factor authentication, strong passwords, responsible use of social media, and caution when sharing or downloading information are also recommended.
“Be critical of the information you consume, especially if it’s politically charged,” the team at CRO urged. “Check facts from multiple sources before forming an opinion.”
CRO also advocates for better laws and cybersecurity policies that will strengthen our digital infrastructure and protect everyone against these attacks.
If democracy is the participation of citizens in government and not the representation of special interest groups, the question we should all be asking is how to keep it safe from powerful bad actors, whether foreign or domestic. What the future holds for political cyberattacks is unclear. One thing is certain: They are not going away.