Ahead of election, Germany looks to U.S. for intel about DNC hackers
German defense officials are in Washington this week to discuss lessons learned by Congress, the U.S. intelligence community and private American technology firms about protecting federal elections from foreign interference.
Intelligence agencies across Europe — in Germany, France, Norway and the Netherlands, where elections will take place later this year — are currently working together in a joint effort to share relevant cyberthreat data, some of which links back to hacking operations that affected U.S. political organizations, explained Arne Schönbohm, president of Germany’s Federal Office for Information Security, or BSI.
The BSI can be understood as an equivalent to the National Institute of Standards and Technology, or NIST, but with the added ability to enforce security standards for German government computer networks and systems.
The U.S. intelligence community recently shared classified reports about APT28, otherwise known as “Fancy Bear,” with several foreign allies, said Schönbohm. The Office of the Director of National Intelligence has described APT28 as a Russian espionage outfit, responsible for hacking into the Democratic National Committee.
In the past, Germany’s own intelligence agencies have stopped short of directly attributing APT28 to either Russian intelligence forces or Russian government officials, said Schönbohm, who spoke with a small group of reporters in a closed briefing Monday.
“We, our secret service, have only said that APT28 comes from inside Russia … we have the IPs … but we do not know who is behind the PC[s],” Schönbohm said. “We haven’t gone that far.”
Federal elections in Germany will take place on Sept. 24. The country relies on a paper-and-pencil ballot system instead of electronic voting machines like those employed in the U.S.
Schönbohm broadly described that the German government is focused on countering complex influence operations that manifest through carefully engineered leaks, which are consequently spread via social media and augmented by so-called “fake news” outlets.
“When fake news is being done by a machine and not by a person,” it becomes a cybersecurity issue, Schönbohm said, referencing the influence of automated bots to distribute messages on social media.
German government officials have been in contact with American social media companies to express their concerns regarding fake news and other propaganda efforts directed at the country’s upcoming elections.
Elsewhere in Europe, Facebook and Google disclosed on Monday a partnership with French news organizations to launch a new fact-checking tool that will help disrupt the spread of fake news targeting the country’s presidential election, which will take place on April 23. Schönbohm said he expects the German government to consider similar private-public partnerships.
“We know of spear phishing attacks on the German parliament, we know which members have been targeted. But we have not yet seen information released into the public,” said Schönbohm. “What I am most afraid … is that [the hackers] use this information like a spin doctor.”
The BSI has also been in regular, non-contractual contact with multiple U.S. cybersecurity firms, including IBM, FireEye, Crowdstrike, Palo Alto Networks and Proofpoint, said Schönbohm. These firms are providing German forces with insight into the operations of known actors.
Private U.S. cybersecurity firms played a vital role in attributing APT28 to Russian forces. Following the DNC breach and prior to an official statement by the White House, several firms like FireEye and Crowdstrike published comprehensive, analytical intel reports about the supposed Kremlin-backed hacking group.
Schönbohm did not say whether the BSI had awarded business contracts to any of the aforementioned security brands.