The recent presidential elections in Romania have been marred by a series of cyberattacks, with over 85,000 attacks targeting the country’s IT infrastructure before and during the first round of the elections. These attacks, believed to be carried out by state-supported and controlled hacker groups, aimed to disrupt the election process by gaining access to election infrastructure, altering election information, and preventing access to systems.
The Romanian Intelligence Service (SRI) uncovered that access credentials to election websites were stolen either through targeted attacks on individual users or by exploiting vulnerabilities in a training website used by election officials. One server containing mapping data was compromised, raising concerns about the security of the election infrastructure and the systems of the Permanent Electoral Authority (AEP).
While Romanian authorities have not explicitly accused any state of involvement, there are indications pointing towards Russia’s potential role in the cyberattacks. Access credentials to Romanian election sites were posted on a Russian cybercrime forum and a Telegram group on the day of the first round of elections, and the attacks originated from over 33 countries using anonymization techniques and sophisticated hacking methods.
Collaboration between the SRI, AEP, and the Special Telecommunications Service (STS) is underway to analyze security protocols and investigate any possible interference in the election process. Despite the attacks, the STS reported no vulnerabilities or failures in their IT systems, with all external access points thoroughly checked for cybersecurity before and during the election process.
The AEP utilizes the STS’s IT infrastructure and technical support for fraud prevention, identity verification, prevention of multiple voting, and real-time result transmission. Despite complaints leading to a recount of all ballots, minor counting errors were identified but did not impact the results.
The runoff for the Romanian presidential seat has also drawn suspicions of manipulation, with candidate Calin Georgescu benefiting from a massive TikTok campaign that boosted his popularity significantly. Accounts promoting Georgescu’s nationalist and populist messages on Telegram saw a surge in engagement, raising his poll numbers from single digits to 23%.
The Romanian Ministry of the Interior suspects foreign state interference in these campaigns, pointing towards Russia’s potential involvement in influencing public opinion through propaganda and misinformation. Following the decision by Romania’s Supreme Court to repeat the entire presidential election due to an “aggressive Russian hybrid attack,” the government will need to set a new date for the election.
The uncertainty surrounding the election process in Romania underscores the growing threat of cyberattacks on democratic processes and the need for enhanced cybersecurity measures to safeguard electoral integrity. The upcoming presidential election redo will be closely watched both domestically and internationally as Romania navigates the challenges of foreign meddling in its democratic processes.