How It’s Meeting the Russian Threat
This year was different. Germany’s most senior federal intelligence officials presented a united front about the potential threat of Russian cyber-influence in their country’s September elections. Hans-Georg Maassen, the head of the Federal Office for the Protection of the Constitution (BfV)—Germany’s domestic intelligence service—did not mince words: “We expect further attacks,” he said, adding that they recognized the threat as “a campaign being directed from Russia.” Maassen was referring to the Russia-attributed 2015 hack that hoovered up massive amounts of e-mails, correspondence, and sensitive information from well-placed members of the German Bundestag. The decision of whether to release the tranches of data “will be made in the Kremlin,” Maassen said, implicating President Vladimir Putin personally in any decision to use doxxed material, disinformation, or other cyber-actions to disrupt the integrity of the German elections. In turn, Bruno Kahl, the head of Germany’s international intelligence arm, the Federal Intelligence Service (BND), called for more money to boost cyber offensive and defensive capabilities.
The two were expressing concern that recent cyberattacks against Germany match the pattern of earlier attacks elsewhere in the West—first against Hillary Clinton’s presidential campaign, in the United States, and more recently against then presidential candidate Emmanuel Macron, in France. The pattern is simple: a series of hacks and information exfiltration, followed by leaks strategically timed to impact the election’s outcome. In the case of the United States, the leak phase of the DNC operation began on July 22, 2016, three days ahead of the party’s convention in Philadelphia; in France, it was on May 5, 2017, just prior to the 44-hour blackout period before the second-round vote. Both incidents have been linked primarily to APT28, or Fancy Bear, a cyber-espionage group associated with the GRU, Russia’s military intelligence service.