Dutch Elections – Looking Back at Cyber Activity

Eva Schoenmaker | 22 March 2017

Last week, I wrote about the potential threats to the Dutch national election. But what actually happened?

On 14 March 2017, the day before the Dutch General Elections, websites kiescompas.nl and stemwijzer.nl suffered from DDoS attacks. These websites are popular during the General Elections in the Netherlands, as they give advise to users on which party to vote for by conducting a survey and ‘matching’ the user to the most compatible party. Both StemWijzer and KiesCompas publically announced their service interruptions as they happened. Servers for both sites were rendered offline for a short time in the afternoon, but for a longer period later that evening. During that night, the sites allegedly received help from Google’s Project Shield to get the site back online. While additional servers had been prepared for the domains in anticipation of last minute traffic before the elections on March 15, they could not handle the DDoS attacks.

 

StemWijzer

 [Translation: Our website has unfortunately just been hit by a DDoS-attack. Out priority is to get StemWijzer back online a.s.a.p.]

 

Kiescompas

[Translation: Kiescompas is offline after multiple DDos attacks. We are working hard to get the site back online.]

At the time of writing, both sites were online and the attacks had not been claimed by any party. Yet what was the aim of who was behind the attacks in rendering these sites offline?

Al though the attacks have not been claimed, it is widely speculated the sites were taken offline by actors loyal to the Turkish state. A cybercrime expert at Fox-IT stated that while the sites were not taken down until Tuesday, DDoS attacks had been launched as early as Saturday night. This was around the same time as the Diplomatic conflict between the Dutch and Turkish states started. Cyberattacks have persisted until the day of elections. Considering the consistency of the DDoS attacks against KiesCompas and StemWijzer, there have surprisingly been no reports of successful or attempted cyberattacks against sites of Dutch political parties, or any site of the Dutch government.

As media speculate about the origin of the attacks against StemWijzer and KiesCompas, the Russian threat has not been put forward once as a possibly culprit. While initially nobody attributed the attacks to any known party, later suggestions have consistently pointed to actors sympathetic with Turkey.

 

Zondag met Lubach

 Screenshot from Zondag met Lubach, which aired on 19 March 2017. 

The Damage

Though the story of StemWijzer and KiesCompas going offline made headlines everywhere in the Netherlands, the damage appears to have been limited. The sites went offline for a short time during in the 24 hours leading up to the elections, and while some voters were still undecided, other websites remained to give voting advice.

Official voting results will be announced on 21 March 2017, but most of the announced numbers are unlikely to change. Geert Wilders, perhaps the most famous Dutch politician right now, won significant seats in the House but did not become the majority party. Conversations are currently held among leaders of various parties in the Dutch House of Representatives to create a coalition, jokingly compared to choices to be made on a dating website by comedians. At this stage then, the fear for cyber disruptions is mostly over, but it is the realistic possibility that cyber espionage could be carried out to gain first hand information about the internal struggles of the Dutch political system.