Update December 06, 13:40 EST: On Friday, the Romanian constitutional court (CCR) annulled the presidential elections based on information showing the first round of elections was affected by a TikTok influence campaign linked to Russia.
A declassified report from Romania’s Intelligence Service says that the country’s election infrastructure was targeted by more than 85,000 cyberattacks.
Threat actors also obtained access credentials for election-related websites and leaked them on a Russian hacker forum less than a week before the first presidential election round.
Attacks originating from 33 countries
The Romanian Intelligence Service (SRI) says that on November 19 the IT infrastructure of the country’s Permanent Electoral Authority (AEP) was the target of a cyberattack.
The attacker compromised a server with mapping data (gis.registrulelectoral.ro) that was connected to both the public web and the AEP’s internal network.
Following this incident, account credentials for Romanian election sites, including bec.ro (Central Election Bureau), roaep.ro, and registrulelectoral.ro (voter registration), were leaked on a Russian cybercrime forum.
According to SRI, the attacker obtained the logins by either targeting legitimate users or by exploiting vulnerabilities in the training server for operators at voting sections.
The Romanian intelligence agency says that the 85,000 attacks continued until November 25th, the night after the first presidential election round, and the goals ranged from gaining access to the election infrastructure and compromising it to altering election information for the public and denying access to the systems.
SRI notes in the declassified report that the threat actor tried to breach the systems by exploiting SQL injection and cross-site scripting (XSS) vulnerabilities from devices in more than 33 countries.
The agency is also warning that Romania's election infrastructure is still affected by vulnerabilities that could be exploited to move laterally on the network and establish persistence.
Influence campaign
Although SRI does not attribute these attacks to a specific threat actor, the agency believes that the modus operandi and resources required for the activity point to a state actor.
In another declassified report seen by BleepingComputer, SRI describes an influence campaign targeting the Romanian presidential election, where more than 100 TikTok Romanian influencers with over 8 million active followers were manipulated to distribute election content promoting presidential candidate Calin Georgescu.
The influencers received amounts starting from $100 for 20,000 followers, to distribute videos with hashtags describing Georgescu’s presidential profile.
Romania’s Ministry of Internal Affairs (MAI) says the visibility of these videos increased sharply starting November 13th and culminated with 9th place in top trending content, with hundreds of millions of views on November 26th.
MAI notes that some of the text the influencers distributed for Georgescu’s campaign was the same as the one promoting the pro-Russian presidential candidate in Moldova.
SRI says that Georgescu’s campaign benefited from 25,000 TikTok accounts that became “very active” about two weeks before election day.
Almost 800 of these accounts were created in 2016 and were barely active until November 11th, when they started to push Georgescu’s campaign messages.
SRI does not specifically point to Russia orchestrating the attacks and the influence campaign but the Romanian Foreign Intelligence Service (SIE) points to an analysis of Russia’s recent history of interference in elections in other countries.
SIE notes that Moskow perceives Romania as an enemy state because it provokes and threatens Russia’s security by allowing NATO’s military presence on the eastern flank of the alliance.
Along with other eastern countries, Romania is the target of Russia’s effort to influence democratic elections through propaganda and disinformation and by supporting eurosceptics and shaping the public agenda to its interests.
UPDATE [November 6th]: The Constitutional Court of Romania (CCR), which decides that laws, decrees, and bills are in agreement with the country's Consitution, cancelled the results of the first round in the presidential election and decided that new elections will be held.
The court's decision comes after declassified reports from Romanian intelligence services showed Russian interference in the election process through an influence campaign for supporting Georgescu.
Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.
Comments
EndangeredPootisBird - 1 year ago
Just a reminder that Russian interference resulted in BREXIT and also helped Trump get elected.
Winston2021 - 1 year ago
"Just a reminder that Russian interference resulted in BREXIT and also helped Trump get elected."
In news of this elsewhere it specifically says 85,000 ATTEMPTED cyberattacks which could be anything. Exploratory pings?
"Initially viewed as a minor candidate with little chance of victory, Georgescu quickly gained significant support through campaigning on non-traditional media outlets such as TikTok, receiving particular popularity among those disaffected with current Romanian politics, ***including youth, farmers, rural voters, and members of the working class.*** He was considered the frontrunner in the race and polling conducted after the first round of voting found him to be the most popular figure in the country's politics."
A NATIONALIST, POPULIST candidate, just like Trump. GOSH, can't have that, right?
The "interference" in this case wasn't via "hacking," it was via a social media campaign. And when the population bypasses their controlled media, government controlled in the UK, and elect someone not in line with the oligarchy's desires, it must be "hacking."
If "hacking" is so often the cause of election results, then we should put ZERO trust in election systems and NO candidate elected can EVER be trusted as valid, right?
Throwdown - 1 year ago
EndangeredPootisBird - 1 year ago
Trump added trillions to the US's debt via his tax cuts of his wealthy corporate friends which had negligible impact on their economy. He restricted basic civil liberties and essential healthcare such as trans care and abortion, pushed religious ideology into places where it does not belong such as schools and the state, and downplayed a virus which ended up causing one of the deadliest pandemics in human history. Then we have all the pseudoscientific classics such as climate change denialism and anti-vaxx paranoia. I can go on like this, but my point is that you can't find a more morally bankrupt person than him and his copycats.
bearchills247 - 1 year ago
""Just a reminder that Russian interference resulted in BREXIT and also helped Trump get elected."
In news of this elsewhere it specifically says 85,000 ATTEMPTED cyberattacks which could be anything. Exploratory pings?
"Initially viewed as a minor candidate with little chance of victory, Georgescu quickly gained significant support through campaigning on non-traditional media outlets such as TikTok, receiving particular popularity among those disaffected with current Romanian politics, ***including youth, farmers, rural voters, and members of the working class.*** He was considered the frontrunner in the race and polling conducted after the first round of voting found him to be the most popular figure in the country's politics."
A NATIONALIST, POPULIST candidate, just like Trump. GOSH, can't have that, right?
The "interference" in this case wasn't via "hacking," it was via a social media campaign. And when the population bypasses their controlled media, government controlled in the UK, and elect someone not in line with the oligarchy's desires, it must be "hacking."
If "hacking" is so often the cause of election results, then we should put ZERO trust in election systems and NO candidate elected can EVER be trusted as valid, right? "
First of all, populism is often bad than it is good. Actually, in the Romanian dictionary, the word populism is defined also as a "Russian political movement from the end of the 19th century which opposed the occident's industrialism". It is also defined as "conjectural" and "demagogic", which, in practice, is true in the vast majority of the cases, including Calin Georgescu. He said some absolutely idiotic things like he met with aliens, water is not H2O, Gaza strip got its name from "gaz" which means gas in Romanian. He also said he is happy Romania didn't join Schengen Area yet. Which is absolutely illogical if you have the country's best interest in mind, as he claims. Now he has backed off from all of these stupid claims.
Secondly, the campaign was not according to law and was not fair by any moral justification you can find. The tiktokers were not aware they were campaigning for this guy. They posted a hashtag something along the lines of: "equilibrium and verticality", which then was used for a commenting campaing coordinated through Telegram, to post comments to all clips that had this tag. The comments were all something like: "I will vote for Calin Georgescu". Which lead to his sudden popularity among the TikTok users. The clips were not intended to campaign for him, according to what the TikTokers were made to believe when they accepted the deals. You are also supposed to have a tag on the video if you are campaiging, which was not respected here. Also, the campaign legal period was over.
All in all, there were and still are so many things wrong with this obviously Russian backed person, from his political history and antourage, to his absolutely idiotic and antidemocratic, contradictory claims. The recounting was legitimate. Poor job on the Romanian authorities that didn't do their job to prevent this from happening in the first place. Then again, TikTok was informed that this is not legal, but they didn't comply. TikTok representatives are being audited in some European court about this, but basically they either don't give a shit, or actually can't stop this from happening because of too many users and no automated way to check this.