How hostile state actors are influencing democracy

Over the last few years, attempts to meddle in election processes through cyberattacks have increased drastically, and the methods with which hostile actors try to infiltrate society are continually evolving. Cybersecurity professionals have a role to play in this trend by educating the general public about these risks so that more stakeholders can act as a defense against hostile state actors.

In the weeks leading up to its presidential election, Taiwan faced a flood of cyberattacks. These mainly consisted of DDoS attacks, which shut down entire networks and services in Taiwan by overwhelming them with requests.

The Chinese government, most likely behind these attacks, did not limit itself to cyberspace in its election interference. In the months prior, cyber threat intelligence services found a notable increase in espionage operations. In addition, Reuters reported that China sponsored cheap trips to China for hundreds of Taiwan politicians in the pre-election season, and Politico reported that authorities observed four alleged Chinese spy balloons above the island of Taiwan.

While China failed in influencing the Taiwanese people to vote for its preferred candidate and the Democratic Progressive Party was able to declare its third consecutive victory on January 13, the preceding events made it abundantly clear that China will leave no measures unscathed in their push for the so-called One China Principle, in which it claims Taiwan as its territory.

Meddling in democracy

While the Chinese government’s actions might be more visible than actions from other state actors, the election interference is not unlike anything we’ve seen in other countries.

Without a doubt, the first turning point was seen in the 2016 US elections, in which Russian actors hacked the Hillary Clinton campaign, released politically damaging information on the Internet, staged rallies, set up meetings with members of the Trump campaign, and spread propaganda on social media.

While these efforts were unprecedented, attacks during election season have been more frequent. During the 2019 election in the UK, the UK Labour Party was hit with a DDoS attack. In Latvia’s 2018 election, a social network was targeted, filling its homepage with pro-Russia content.

While the presidential candidates are gearing up for the US elections this year, hostile state actors are undoubtedly doing the same. For example, in the current age of AI, cyberattacks on the campaign could include successful deepfakes of politicians or other ways of spreading misinformation through manipulated imagery. But there is also the old-fashioned spreading of misinformation. There have been many campaigns, overwhelmingly on the right side of the political spectrum, to question the validity of the election process, the voting machines being used, and even the patriotism of election workers. These campaigns seemingly originate from within the US. Right-wing media and politicians perpetuate them, but their seeds are often planted by Internet trolls and bots orchestrated by hostile, foreign actors.

Targeting organizations and individuals

It has become clear that attacks don’t just happen during election season – the run-up to an attack is a long process. In August 2023, the UK Electoral Commission announced that it had been the victim of a “complex cyber-attack,” potentially affecting millions of voters. As part of the attack, hostile actors were able to access reference copies of the electoral registers, which included the name and address of anyone in Great Britain, Northern Ireland, and overseas who was registered to vote. The attack was found in October 2022 through the detection of suspicious activity, more than a year after cybercriminals had first been able to access the systems in August 2021.

While the UK democratic process is still largely based on paper documentation and counting, which means that it would be hard to influence the actual voting by cyberattacks, the successful attack highlighted that organizations involved in elections “remain a target, and need to remain vigilant to the risks to processes around our elections,” the Electoral Commission noted.

High-risk individuals

At the end of last year, the UK’s National Cyber Security Centre (NCSC) also warned of a Russian cyber campaign that was focused on interfering in the UK’s democracy. The threat group, Star Blizzard, seemed to have targeted UK parliamentarians since 2015 by spear phishing. The group also targeted journalists, universities, and civil society organizations, by selectively leaking information to undermine trust in politics.

In response to these trends, the NCSC released new guidelines for high-risk individuals to enhance their resilience to these potential cyber threats. The NCSC defines a high-risk individual as someone whose work or public status means they have access to, or influence over, sensitive information that could be of interest to nation-state actors. The guidance includes information about potential types of attacks, explanations on how to protect accounts and devices, and information on what to do when attacked.

Knowledge is power

To what extent do these trends play a role in the Netherlands? The consequences of meddling in our democracy might be more significant than many think. While the Dutch elections might not be as important as the US ones, the influence of hostile actors in our government and business sector can reach far. A decade ago, a consular officer at the Dutch Ministry of Foreign Affairs, Raymond P., was sentenced to 12 years in prison for selling hundreds of documents to two Russian illegals (fully integrated spies who live under a false identity) in Germany.

Apart from conventional espionage, there is no reason to believe that Russia, which allegedly funded the campaign against the Association Agreement with Ukraine a decade ago, isn’t compensating political parties, individual politicians, or influencers who simply question support for Ukraine or NATO and EU membership. This way, Moscow even influences the topics on the agenda in the election season.

Fortunately, election meddling is high on the priority list of the National Coordinator for Security and Counterterrorism (NCTV), which focuses on disruptions, espionage, sabotage, and attempts to influence voters. Yet, looking at the extent to which the actors are attempting to infiltrate society through an extensive range of cyberattacks, it is vital to spread the responsibility.

It should not merely be the NCTV or any governmental organization to act to diminish these threats. Political parties, high-risk individuals, and civil organizations should also act as a line of defense. Responsible media should keep emphasizing the influential role that state actors play on social media and in less serious media outlets and, by extension, our public discourse. Researchers should keep tabs on these efforts and publicize their findings in accessible ways.

Cybersecurity professionals have a significant role to play here. By being vocal about the developments and risks and educating the general public, the topic will be further engrained in society, and other stakeholders will be able to pick up their part of the responsibility.