Threat feeds, scanned ballots, fake news detection: How to Russia-proof an election

A 3D-printed Facebook like button is seen in front of a Russian flag in a photo taken Oct 25, 2017. PHOTO: REUTERS

RIGA, LATVIA (BLOOMBERG) - A nondescript office in Riga's communist-era Institute of Mathematics and Computer Science may be Latvia's last line of defence against threats to next month's general election.

There, the nation's 29-strong CERT cyber-security group is bracing for its biggest test to date: repelling attempts by Russia to sway the voting process. Having studied meddling in the US and fellow European Union members like Germany, the team is schooling state employees on suspicious emails and website links that could be phishing attempts, all the while receiving "threat feeds" from Nato and allied countries.

Elsewhere, the government is working with Facebook Inc. and Twitter Inc. to stem the spread of fake news. Ballots at the Oct 6 vote will be scanned electronically and can be counted by hand, should concerns arise at any precinct, adding an extra layer of security.

"The awareness that something could happen is clearly much higher" than during the last election, Varis Teivans, CERT's deputy head, said in an interview in a secure room containing some basic furniture but no computers.

"It's clear our big neighbour, Russia, has carried out offensive cyber operations against the Baltic states."

Latvia has particular grounds to be wary: at a quarter, ethnic Russians are a bigger chunk of the population than in Estonia or Lithuania, making the country an attractive target for Putin to try to sow discord inside the EU.

On top of that, a political party catering to the Russian minority may have its best shot at taking power for more than a decade.

The Baltic region on the EU's easternmost fringe has felt military pressure ever since President Vladimir Putin swiped Crimea from Ukraine in 2014. But more high-tech threats emerged there long before Russian hackers were accused of aiding Donald Trump's path to the White House.

Estonia suffered what's widely believed to be the first large-scale Russian cyber assault in 2007 amid a row over relocating a Soviet-era monument in its capital, Tallinn. A massive denial-of-service attack ensued, crippling government, banking and media websites.

The interference didn't stop there. Estonian prosecutors recently unearthed a scheme in which Russia secretly bankrolled three supposedly independent news websites, dictating stories containing Kremlin talking points, Buzzfeed News reported in August. One was allegedly instructed to play up tensions in the US or the EU, as well as the Ukraine conflict.

"Our adversary is reactive and opportunistic," Liisa Past, a former chief research officer at Estonia's Information Security Authority, said by phone.

"Its goal isn't so much tampering with the result of elections as de-legitimising the process, raising questions and doubts, much like we saw with the US presidential elections."

Lithuania is also on alert. It's banned state institutions and companies from using software made by Russian anti-virus maker Kaspersky Labs, citing national security, and has even warned citizens against installing a taxi app from Moscow-based Yandex NV.

Outside Influence

Latvian Prime Minister Maris Kucinskis said during an EU summit this week that coordination is necessary to fight misinformation and cyber attacks. Visiting another part of eastern Europe that's worried about Russian interference, US Defence Secretary James Mattis said the US plans to expand cooperation with Macedonia "to thwart malicious cyber activity that threatens both our democracies."

Latvian institutions "have been paying attention to the elections, preparing for a while to strengthen protections against external interference," said Kaspars Ozolins, deputy director of the state chancellery.

"It's clear that no country wants to tolerate someone from outside trying to influence the mood of the electorate."

Of most concern to him is the possibility of compromising information - either stolen or fabricated - being released on the eve of the vote when there's little time to react. Latvia has good relations with the biggest social-media platforms, which can help to quickly remove obvious disinformation, he said.

'Exponential Improvement'

Russia, whose Internet trolls also targeted Britain's Brexit referendum, vehemently denies interfering abroad. The Kremlin declined to comment.

Latvia's jumped the gun before, suggesting the Kremlin contributed to a spate of banking scandals that hurt the country's reputation early this year. That allegation was never proved.

This time, there are clear signs of increased activity on the eve of the election, according to Cert, which reported the highest number of threatened unique IP addresses in at least a year in August. Latvia's most-popular news portal, Delfi, said this month that it repelled the biggest-ever DDoS attack on its infrastructure during a debate between candidates for prime minister.

Can potential aggressors succeed? Maybe, but Latvia's readiness to fight them off is dramatically better now, according to Teivans.

"If we compare this to the last 10 years, there's has been a constant and exponential improvement," he said.

Join ST's Telegram channel and get the latest breaking news delivered to you.