Europe’s Hacktivists Set Sights On Political Entities


The tumultuous state of global politics that defined 2017 continues to shape the motivations and schemes of a wide range of adversaries. In October, CNBC reported two Czech election websites were hacked and that, after Catalonia’s independence referendum was ruled illegal, the website for Spain’s Constitutional Court was taken down by a DDoS attack. These are just two of many examples that align with a trend Flashpoint analysts have observed in recent months: the proliferation of hacktivist activity targeting European government and political entities.

In September 2017, Flashpoint analysts observed multiple hacktivist-fuelled DDoS attacks targeting several websites belonging to ministries and individual public officials in multiple European countries. Although these campaigns have been dispersed across central Europe, some actors have tended to concentrate their activity on certain countries.

For example, Flashpoint analysts observed that one Turkish nationalist group appears to be focused on targeting the websites of Belgian and Austrian political entities. This group has also indicated its intent to retaliate against any perceived anti-Turkish or anti-Muslim sentiment emanating from European political entities. In one instance, the group posted screenshots of successful DDoS attacks against Danish government institutions, which they claim to have carried out due to perceived insults by Danish politicians against Islam.

More recently in January 2018, Fancy Bears’ Hack Team—a hacktivist group that is allegedly connected to Russian state sponsored activity—released updates to its #OpOlympics campaign. Targeting both the International Olympic Committee and the Norwegian Olympic Committee, the group released hacked E-mail messages that appear to imply a conspiracy to cover up doping. This activity follows previous releases in 2017 of confidential documents from the Swedish Olympic Committee. The releases appear to be an effort to embarrass Olympic organisers and member states in retaliation for the banning of Russian athletes.

While hacktivist groups are often considered less skilled than their cybercriminal and state-sponsored counterparts, the risks they present and resulting damages they can inflict are by no means novel. Typically motivated by fundamental differences of political opinion, hacktivists have been known to disrupt, deface, or otherwise take down targeted websites, web-based services, networks, and infrastructure.

Unfortunately, these types of damages became a reality for many following the recent hacktivist-fuelled DDoS attacks that correlated with major 2017 elections in the United Kingdom, Germany, Russia, Czech Republic, and France. It appears that the polarising effect of these elections continues to contribute to the heightened risks faced by various European political entities.

Flashpoint assesses with a moderate degree of confidence that hacktivist-fuelled DDoS attacks against European political entities will continue in the coming months. While addressing hacktivist activity can be complex and challenging, organisations—not just in Europe, but worldwide—that integrate Business Risk Intelligence (BRI) into their security and risk strategies can and do mitigate these types of risks more effectively. By providing proactive visibility into rising geopolitical tensions, emerging hacktivist threats, and upcoming schemes, BRI enables organisations across all sectors to gain a decision advantage over a broad spectrum of hacktivists and other adversaries.

Roman Sannikov

Roman Sannikov is the Director of European Research & Analysis at Flashpoint, where he specialises in leveraging intelligence derived from Russian-language communities within the Deep & Dark Web to help organisations combat cybercrime and mitigate risk. A fluent Russian speaker, Roman has spent nearly two decades studying cybercriminal activity within the Russian underground and has extensive experience working as both a translator and cyber intelligence analyst in the public and private sectors. During his 21-year career with the FBI, Roman served as a translator for numerous major cyber cases involving Russian-speaking actors. He has also had the privilege of interpreting for several high-profile individuals, including former FBI Director Robert Mueller and former U.S. Attorney General Eric Holder. Most recently, Roman supported Russian-language data collection and intelligence reporting as a Senior Intelligence Analyst at CrowdStrike. He holds both Bachelor’s and Master’s degrees in Russian from the University of Albany.