Combating disinformation and election meddling, one bot at a time

Spain is boosting its cybersecurity preparedness and ramping up its efforts to fight the spread of disinformation ahead of national elections this weekend.

The April 28 general election in Spain may act as a testing ground for measures to protect the integrity of the European Parliament elections in late May, the Associated Press reports.

Europe-wide election security efforts include a “rapid alert system” linking specialized coordination units across all EU member states, as well as a plan to get internet firms to team up and share intelligence on disinformation campaigns.

The Spanish government has tasked a division of its National Cybersecurity Institute, or INCIBE, to coordinate defenses against cyber-attacks and combat fake news.

A national security report released in March described a rising tide of disinformation amid a myriad of “hybrid threats”, some stemming from international political intrigue.

Allegations of foreign interference in Spain have centered on events around Catalonia’s highly contentious independence referendum back in October 2017. Allegations of cyber-spying have also been a factor in a number of domestic cases.

“Espionage is now a huge issue in Spain because of three different scandals: these are the Villarejo case, the Pablo Iglesias case, and the Catalan independence protest,” Joe Haslam, a professor at the IE Business School in Madrid and executive director and chairman of, a mobile hotel booking app, told The Daily Swig.

“The spooks are active, but little attention is being paid to threats from outside Spain.”

Vox – a new anti-immigration party that met with Steve Bannon and is allegedly employing similar techniques to those that were used to elect Donald Trump and win Brexit – has risen in popularity on the back of aggressive social media campaigns promoting the curtailing of regional autonomy and its anti-immigration policies.

Simplistic repetitive messages such as “Spain first” or “Defend Spain!” through Facebook, Instagram, and Vox’s own website are its main modus operandi.

Haslam commented: “Spain already has among the most restrictive data protection laws in Europe, but they weren’t written with weaponized social media in mind.”

Spanish elections are governed by the Junta Electoral Central, with security measures overseen by the Centro Nacional de Inteligencia (CNI), the country’s official intelligence agency.

The Daily Swig asked the both INCIBE and CNI to comment on what preparations it was making to combat foreign interference – in particular the spread of disinformation through social media platforms – ahead of this weekend’s elections in Spain.

We’re yet to hear back on either front, but will update this story as and when more information comes to hand.

Something old, something new

Staffan Truvé, co-founder and CTO of Recorded Future, said the security firm has been tracking so-called “influence operations” for some years. Activity spiked around the US mid-term elections and national elections in Sweden, both having taken place last year. 

Since then, there has been a shift in tactics from genuinely “fake news” to what Truvé described as “hyper-partisan news” that is biased both in its selection of news items and in commentary about events.

Biased reporting of genuine events creates an ethical quandary about whether or not to ban accounts while upholding principles of free speech. Propaganda has morphed in other forms, too.

“In new influence operations we are seeing old news presented as if it was new,” Truvé explained.

“For example, social media accounts are commenting on a terrorist event in Europe two years ago as if it had just happened, in order to stir up racial and ethnic tensions. This is typically geared towards boosting the appeal of nationalist and populist parties or campaigns.

“It’s about spreading fear, uncertainty, and doubt without… violating the terms of use of either Twitter or Facebook,” Truvé theorized.

Recorded Future detected the malfeasance after detecting anomalies in news feeds, specifically terror events discussed on social media platforms but not mentioned by mainstream news outlets.

It has also logged various cyber-attacks around election time, including the hijack of the Swedish Social Democratic Party’s Twitter account.

The hack was used to promote racist material and to change the logo of the party to the Bitcoin symbol – a move seemingly motivated by an attempt to “undermine public trust”.

Attribution to the source of these campaigns is far from certain, though Russia is suspected.

In some cases, aspects of some campaigns may be geared towards scaring Russians about Muslims, as much as influencing national opinions in foreign countries.

For example, a propaganda story about protests by Muslims in Sweden last summer was only published in English and Russian, and not Swedish.

Political parties, in general, are “notoriously bad at security”, according to Truvé. This is not only because they are populated by an influx of temporary workers who come in around the times of elections, but also because they fail to employ an adequate number of information security staff.

Security awareness training, use of key technologies such as two-factor authentication for email access, and investment in security monitoring services to give better situational awareness could all help improve the security resilience, according to Recorded Future.

Jeux sans frontier

European security agency ENISA organized an exercise earlier this month to test EU member states’ cybersecurity preparedness ahead of the upcoming European Parliament elections.

The exercise set out to test the EU’s response and crisis plans for potential cybersecurity incidents affecting the elections. It also aimed to identify ways to prevent, detect, and mitigate cybersecurity incidents that may affect the democratic process.

More than 80 representatives from EU member states, together with observers from the European Parliament, the European Commission, and ENISA, took part in the exercise – the first-of-its-kind in Europe.

The main responsibility for protecting the integrity of the elections lies with the member states, so the exercise focused on testing and further strengthening their preparedness against a myriad of potential threats.

Vice president of the European Parliament, Rainer Wieland, commented: “Cyber-attacks are a recent but very real threat to the stability of the European Union and its member states.

“A cyber-attack on elections could dramatically undermine the legitimacy of our institutions. The legitimacy of elections is based on the understanding that we can trust in their results.”

Wieland added: “With the upcoming European elections in 2019, we have to take responsibility and build up the necessary means to strengthen our electoral cybersecurity.

“This responsibility is a common one, shared by European and member state institutions. Together we need to safeguard the integrity of the elections.”

One key goal of the exercise was to assess the readiness of political parties, electoral campaign organizations, and suppliers of IT equipment.

Testing criteria included the policies that had been adopted, available capabilities and skills, and other factors, such as crisis management and communication to the public.

Another goal was to boost cooperation between relevant authorities such as computer security incident response teams (CSIRTs), data protections regulators, authorities dealing with disinformation issues, and cybercrime units.

The exercise is comparable to resilience tests carried out by the financial sector, or cyber war gaming by national authorities looking to practice how to defend components of the critical national infrastructure.

One key difference is that defending against disinformation campaigns comes to the fore in exercises designed to stress test the democratic process.

Improving cross-border cooperation in readiness for potential incidents that cross international borders, as well as preparing to deal with more conventional cyber-attacks (such as malware or DDoS) was also part of the exercise.

The whole scheme aimed to identify gaps as well as developing risk mitigation measures ahead of next month’s European Parliament elections.

RELATED Swiss Post puts e-voting on hold after researchers uncover critical security errors