Romania cancels election after systems targeted in cyberattacks
bleepingcomputer.comI've merged most of the comments into https://news.ycombinator.com/item?id=42339819, which is currently on the front page (but left the ones that only make sense in this context).
For the current post, we changed the URL above from https://www.techradar.com/pro/romania-cancels-election-after... to the article it points to.
Submitters: "Please submit the original source. If a post reports on something found on another site, submit the latter." - https://news.ycombinator.com/newsguidelines.html
Actual article: https://www.bleepingcomputer.com/news/security/romanias-elec...
Related:
Romanian court annuls result of presidential election first round
https://news.ycombinator.com/item?id=42339819
Russia and China rigged Romanian Elections using 10M fake TikTok accounts
The underlaying news is the same, but my link focuses more on the technical reason (IT system breach), while the link you posted emphasizes the political reasons
Ok, but if IT systems were breached then a simple recount should do.
Do they vote on paper ballots or on a machine, that then logs the vote somewhere?
If they have paper ballots a recount can be trusted. If they vote on a machine they would be trusting the machine that they say was targeted by those attacks. In general my opinion has always been that voting on a machine is a bad idea.
Paper ballots, and a recount was already issued. There were differences between the two counts but they were minor enough; the recount was actually done because some other guy didn't like the fact that 2nd and 3rd place were only 2000 votes apart.
The breaches apparently didn't do much, the big reason why they cancelled the election was because the leading candidate declared 0 spending for his campaign, but it was proven he used russian money to fund countless tiktok videos that got him popular overnight. This is illegal under romanian law.
Personally, I don't think they should've been cancelled. It's a dubious thing to do under a democracy, and the runner-up was pretty decent anyway and had a chance for the second tour. I guess we'll see how it goes.
If people can only cast one vote, and you take the candidate with the most votes out of circulation (for whatever reason, campaign fraud in this case it seems), then you are discarding the votes of a large contingent of voters. Doing this and letting the results stand is wrong for the same reason why simply distributing the votes pro-rata among the other candidates is wrong: it is more likely that the candidate pulled votes from closely-aligned candidates than candidates on opposing ends of the political spectrum, so you get a skewed representation of the voting distribution.
Whichever method you choose to redistribute (or ignore) the votes cast for that one candidate doesn't matter: you will always end up in election-doctoring territory, even if you do everything by the book and in the open.
Other systems, like ranked-choice voting, might not need a do-over because relative preferences are already expressed on the ballot. But in this case, canceling the entire vote and re-doing it is the only sensible solution.
You have a point. It's a complicated issue for sure, I definitely don't want to be the one tasked with making a decision (and being judged for it!)
Is there any English reporting of the concrete nature of these cyberattacks? The report linked in the article is obviously in Romanian, but I am very curious if the report has specific allegations about e.g. phony votes, hacked results, etc. or if it comes down to "there was a facebook group that reposted the guy's tiktoks"?
I could not find any official English translation of the report, but Romanian can be easily translated with online tools. This link (found in the article) seems to have more technical details https://www.bleepingcomputer.com/news/security/romanias-elec...
“The Romanian intelligence agency says that the 85,000 attacks continued until November 25th, the night after the first presidential election round, and the goals ranged from gaining access to the election infrastructure and compromising it to altering election information for the public and denying access to the systems.
SRI notes in the declassified report that the threat actor tried to breach the systems by exploiting SQL injection and cross-site scripting (XSS) vulnerabilities from devices in more than 33 countries.
The agency is also warning that Romania's election infrastructure is still affected by vulnerabilities that could be exploited to move laterally on the network and establish persistence.”
So, they can't even get the Romanian Intelligence Service to make a specific claim that some aspect of voting was affected, instead that they were "targeted by" cyberattacks? And this is enough to cancel already-held elections?
5 documents were declassified and published the links are accesible from here https://www.europafm.ro/klaus-iohannis-a-declasificat-docume...
This is a little bit of background: https://kyivinsider.com/russia-and-china-just-rigged-romania...
This is weak stuff - the allegation here seems to be that Georgescu bought fake followers on tiktok.
If this was done in concert with CCP officials (as alleged), it would be sufficient grounds to ban TikTok from business operations in most democratic nations.
Well, you can't do that and not declare it.
This is a very bad article as the cyberattacks did nothing and didn't interfere with the election.
The relevant part here is how TikTok was used to push an unknown character from a nobody to getting 22% of the votes in the first round, all while no one was aware of this. The polls didn't show him among the favorites. More than that the campaign was so we'll targeted that only people likely to vote for him saw the TikTok content making everyone else completely unaware of his presence.
How is this a cyberattack? If it doesn’t fit the narrative then it is a cyber attack?
He declared 0 campaign budget and he ran a campaign estimated at millions of $ in the last days before the election. Also the videos were not marked as campaign ads. These are illegal under Romanian law. The court took a courageous decision.
The big reveal documents show USD360k spent by a third party. There is no proof or claim that Georgescu did anything wrong.
There were DDoS attacks targeting some state systems connected to the electoral process, that is factually correct, but it's not why the election was cancelled, that's because a candidate broke electoral law.
Link to where any judge said that ?
It is a cyber attack if the popularity is not organic, but rather manipulated by state actors?
So AIPAC is a cyberattack? Not trying to start a tangent, just trying to understand your argument.
Is AIPAC a foreign agent (are they required to register with the US government as such)?
De facto, yes. There is substantial evidence that AIPAC and the broader Israel lobby coordinates closely with a foreign government.
However, due to their enormous influence, they have avoided de jure registering as such.
By your logic, the Romanian dark horse can't possibly be a Russian op because they never officially registered as a Russian agent.
I was very careful in my wording: someone who is required to register by law may choose to not do so.
It's the new buzzword for any technological mishap.
The cyber attack was done against the institutions responsible for counting, collating and validating the election results.
While we use paper ballots and stamps for the actual voting and hand count every vote, transmiting and centralizing the results is done using IT infrastructure.
The cyber attack and the TikTok manipulation are 2 separate but related things.
They recounted the votes and found no difference. Someone uses big words (like cyber attack) to create fear and justify their actions.
He is well known, including in government circles, and was previously proposed for the prime minister role:https://en.wikipedia.org/wiki/C%C4%83lin_Georgescu Rather weird to claim that his over 2 million voters across the country and diaspora were because of TikTok.
TikTok needs to be banned. It is a tool the Chinese are using very effectively and when paired with Russian efforts to undermine Western Democracies, it is creating mayhem in the systems we have grown to trust. There is an all-out war on the EU in an attempt to destroy the Union and drive out American relationships for China and Russia to take over quietly. Brussels is sleeping while the nightmare continues....
By that metric, all social media should be subject to transparency et al. regulation.
Meta, Google, Apple, and Microsoft's algorithms have similar reach.
The real issue here is that afaik no country ever figured out a good way to regulation election speech in a democracy, past social norms and economic realities.
> TikTok needs to be banned.
It won't achieve anything. The issue is not about China/Russia/America or mobile apps it's about media and media control.
Even your comment is filled with a negative narrative - Western Democracies VS our enemies ( China, Russia, etc ... ).
> drive out American relationships for China and Russia to take over quietly
Is it bad for a union to have multiple relationships or multiple vectors of development?
> it is creating mayhem in the systems we have grown to trust
I don't see it, but if something can cause a mayhem in the systems this means that these systems are flawed?
The reason people are voting for anti-EU candidates is that the "systems" have proving themselves completely untrustworthy. Western European liberal democracies have completely stopped delivering on the promise of increasing prosperity and instead resorted to clamping down and trying to censor anyone who criticises their failed economic and migration policies.
I don't think it's a secret that Russia is paying billions to promote a narrative to undermine the EU and America. The Russian money has been flowing to Right Wing/ Left Wing extremists which would not even have a voice without their support. Fringe groups or Candidates receive millions to promote a narrative that causes a breakdown of society. The Chinese are going about it more subtly in the same fashion a drug dealer would get a client hooked.
The problems the EU faces are the problems every one of the members would face alone. The system isn't perfect and needs constant tweaking but the alternative is being alone against the likes of Russia or China.
I mean both of you aren't wrong. Brussels is sleeping and failing to deliver upon the European promise.
I often think what the EU would have been, had they implemented a shorter austerity in the aftermath of '08, and hadn't succumbed to the migrants, choosing to enforce a strong and severe border regime. The social safety net and the sentiment for further integration would both have been much stronger.
But of course, Merkel gotta Merkel and Germany gotta Germany. There should be a lot more resentment against Germany than there is currently.
The trap for Germany is that last I checked their demographics are shitty (age and birth rate).
Consequently, they need immigration to maintain population growth.
Unfortunately, not many folks understand how many orders of magnitude more difficult it is to maintain an economy and quality of life in a shrinking country.
Perhaps growth isn't the be-all end-all?
Shrinking demographics are a consequence of a high education workforce, along with an uncontrolled immigration crisis. Importing randos to procreate with your native population is not a winning strategy.
In an ideal scenario, Germany and Japan would have collaborated on developing tools and technologies for automation. You sustain your growth with widespread use of robotic technologies.
Eh... or the shift from traditional fact checked journalism to crowd sourced channels has enabled a much more virulent strain of populism to succeed in elections.
Turns out, when you promise people more money, less taxes, and fewer of "them" (whoever the them-du-jour is), they tend to vote for you!
Historically, this truth has been balanced out by trustworthy news sources, but social media effectively imploded 80% of those by eating their ad revenue.
TikTok doesn’t vote. People vote.
Gosh, how about reverting to pen and paper? This is a solved problem, people have been saying this since the first introduction of voting machines.
I think there is even an XKCD about this.
No voting machines were used. It was paper ballots with stamps.