Democracy-focused cyber attacks targeting civil society


Election officials need more resources to address voting system security challenges, according to a new report from experts at the Alliance for Securing DemocracyBrennan Center for Justice at NYU LawPitt Cyber, and R Street Institute:

Defending Elections: Federal Funding Needs for State Election Security examines projects that state officials are pursuing across the country with $380 million in federal funds appropriated last year by Congress, such as replacing outdated machines. The Election Assistance Commission estimates that 85 percent of this money will be spent by the 2020 election. Without additional federal support, substantial election security needs will likely go unaddressed. 

Tech giant Microsoft says it has detected more than 740 infiltration attempts by nation-state actors in the past year targeting U.S.-based political parties, campaigns and other democracy-focused organizations including think tanks and other nonprofits, AP reports.

However a company spokeswoman would not name or further characterize the targets. All of them subscribe to Microsoft’s year-old AccountGuard service, which provides free cyberthreat detection to candidates, campaigns and other mostly election-related groups.

“Cyberattacks continue to be a significant tool and weapon wielded in cyberspace,” Microsoft said. “In some instances, those attacks appear to be related to ongoing efforts to attack the democratic process,” it added, arguing that ElectionGuard and Microsoft’s Defending Democracy Program, as well as tools from other providers, are needed more than ever to help defend democracy.

Many of the democracy-focused attacks we’ve seen recently target NGOs and think tanks, and reflect a pattern that we also observed in the early stages of some previous elections, Microsoft adds:

In this pattern, a spike in attacks on NGOs and think tanks that work closely with candidates and political parties, or work on issues central to their campaigns, serve as a precursor to direct attacks on campaigns and election systems themselves. We saw such attacks in the U.S. presidential election in 2016 and in the last French presidential election. In 2018 we announced attacks targeting, among others, leading U.S. senatorial candidates and think tanks associated with key issues at the time. Earlier this year we saw attacks targeting democracy-focused NGOs in Europe close to European elections

Social media manipulation often relies on fake accounts ranging from the simple (without pictures or content) to the elaborate (“aged” accounts with long histories meant to be indistinguishable from genuine users), notes Sebastian Bay, a senior expert at the Technical and Scientific Development Branch of the NATO Strategic Communications Centre of Excellence in Riga, Latvia:

As part of an ongoing research project, the NATO Strategic Communications Centre of Excellence has been experimenting with buying fake engagement on social media platforms to learn more about the subjects targeted, actors involved, and vulnerabilities that authoritarian influence campaigns aim to exploit. The results have been alarming: in February 2019, researchers at the Centre discovered that it is possible to buy engagement with the social media accounts of a United States senator without being stopped or even noticed by social media companies. Even after the researchers reported the fake activity to the platforms, the companies largely failed to identify and remove it in a timely fashion.

So far, this research has resulted in four conclusions, he writes for Power 3.0, the blog of the International Forum for Democratic Studies at the National Endowment for Democracy:

  • The scale of the infrastructure for developing and maintaining social media manipulation software, generating fictitious accounts, and providing mobile proxies is greater than previously understood.
  • The openness of this industry is striking: rather than a shadowy underworld, researchers found an easily accessible marketplace that most web users can reach with little effort through any common search engine. In fact, providers advertise openly on major platforms.
  • Russian service providers seem to dominate the social media manipulation market. Virtually all of the major software and infrastructure providers identified by this research were of Russian origin.
  • The size of individual service providers is troubling. In a relatively short observation period, researchers identified many providers with more than 10 employees and significant revenue.


In 2015, the Beacon Project developed >versus<, a unique proprietary media monitoring tool, adds Alex Tarascio, IRI’S 

The tool is used by our in-house experts and media monitors across Europe to track malign narratives and disinformation campaigns in the online media space, analyze their dynamics, and how they are discussed online. Using >versus<, we are able to monitor narratives around topics such as traditional values, the European Union, NATO, the transatlantic alliance, and migration. Narrative monitoring includes gauging how prevalent narratives are in online media and in broader public discussion. This allows us to map the online media landscape over a given timeframe. IRI publishes the analysis of >versus< monitoring conducted directly or by our partners.


Print Friendly, PDF & Email