For those of you who know me, Henry was my basset hound, and the fictitious name used during (ahem) special research. I'm a former intelligence officer, a professional analyst, and a blogger since 2004 writing about my experiences on the journey --information security, cyber intelligence, education, thoughts. Some love my writings others hate it. If you like it, follow me!
Saturday, November 05, 2016
Cyber influencers on next week's elections?
We blogged last week on activity that we believe may be indications of potential upcoming election tampering. Tonight it was on the news. And while I'm sure they didn't get it from us, we've been watching election activities in Eastern Europe since the last Ukrainian Presidential election.
We witnessed election tampering (hacking, DDoS, and telephone DoS) in the Ukraine, and then again DDoS in Bulgaria. We're also paying attention to Macedonia and Moldova --not because we had a dog in either fight but because there are massive lessons to be learned from watching the cyber interactions when we have customers who operate in both areas... and we have a global customer base that we believe have interests in the areas, and want to know.
In October (last month), Wapack Labs watched as Montenegro was hit with a DDoS and insurgency preparations as pro-Russian opposition tried to take hold in October 2016 elections.
Wapack Labs believes with high confidence that there will be additional election tampering, but analytic rigor dictates that more data be collected. We have five major elections in the near future where foreign interests may be manifested by some cyber activity – Bulgaria, USA, Macedonia, Moldova, Transnistria and France:
06 November 2016 - Bulgaria. Presidential elections will be held in Bulgaria on 6 November 2016. Bulgaria is a NATO member but has very strong pro-Russian fraction of the population. The incumbent President, Rosen Plevneliev, announced in May 2016 that he would not be running for re-election. Last year Bulgarian Central Election Commission and other governmental institutions were DDoSed as the country held municipal elections.
08 November 2016 - USA. Hacking of Democratic organizations, with release of the data, as well as intrusions to the Arizona and Illinois election commissions were mostly attributed to Russian APT hackers.
11 December 2016 - Macedonia. Early parliamentary elections will be held in Macedonia in on 11 December 2016, having originally been planned for 24 April and later 5 June. The elections were called as part of an agreement brokered by the European Union to end the protests against the government. From 20 October 2015, a transitional government was installed including the two main parties.
Leading Moldovian Presidential candidate Igor Dodan meets with Putin (2014)
13 November 2016 - Moldova. Second round of presidential elections will take place on 13 November 2016. The Socialist Party leader Igor Dodon, fell just short of the majority needed to secure outright victory and faces a runoff election. Wapack Labs believes that Moscow will radically increase its influence on the ex-Soviet republic. Russia has troops in unrecognized Transnistria and this development might similar to country Georgia where pro-Western government lost land to Russia and then lost its power to more Russia-oriented coalition.
Soviet-like Transnistria coat of arms
11 December 2016 - Transnistria. Presidential elections, 11 December 2016.  Transnistria is part of Moldova, an unrecognized state with Russian military base and strong military influence.
Moscow is courting both leading presidential candidates but is worried that their fierce rivalry and worsening economic conditions might lead to destabilization of this pro-Russian region.
April and May 2017 - France. The next French presidential election is scheduled to be held in April and May 2017. But the first primaries are this month already. Marine Le Pen who’s National Front was taking Russian funding is predicted to gather between 28% and 30% in the first round, ranking first or second, and so to be qualified for the run-off.
There's been much in the news about the potential for DDoS next week during the elections. We do not see this as much of a stretch. There are many who'd like to disrupt voting next week, including just about any kid who's got access to a botnet and credentials to the sensors in your thermostats and refrigerators.
There are however, many geopolitical influencers supporting the idea that there will be cyber activities --Wikileaks is preparing to dump what Assange is calling the most damning dump yet. That's yet to be seen.
In the mean time, get ready folks. You've heard me say it before.. welcome to the new normal.