Protecting German Political Party Sites

Foreign intervention in democratic elections in the Western World is a threat witnessed by the global community, proven by the cyber intervention which took place in the recent election processes in the US and France. Political parties prepare, store and transmit sensitive data on their network, while other interested groups are eager to put their hands on this information. To protect the integrity of the election process, and to ensure that the will of its citizens is represented in the voting results, political parties need to accept that they have become prime targets for cyber espionage and invest the necessary efforts in protecting their sensitive information. Countries around the world need defend themselves from cyber-attacks, which can be conducted through a variety of methods.

Prior to the elections in Germany, BGProtect used its worldwide routing monitoring infrastructure to follow the network presence and increased activity of the main political parties in Germany to identify any attempt to hijack their traffic. Each target site was monitored from about 100 points in our global infrastructure. One discovery showed that the traffic traveling from the UK to one of the parties’ web site in Germany was being oddly diverted through the USA.

Investigating further, we determined that the diversion was not being done using the BGP protocol, which is easily detectable, but rather from within a cross-Atlantic network. We conducted multiple comparisons of this route with other routes between our monitoring point in the UK to the same location as the hijacked site and other IP addresses in Germany. The map in Figure 1 shows that the deflected route (in olive green) of the traffic German political party is strikingly different and longer than the routes tested to similar destinations in Germany (in magenta). We concluded that this route diversion represents a serious IP Hijack threat and not some odd routing decision.

Comparison of the hijacked route with another

Figure 2: Comparison of the hijacked route with another

This meant that the American authorities, or other bodies masquerading as Americans, could see who was accessing the German party web site from the UK, potentially supporters who could leave their e-mails, register to help in the election campaign, or register to become a party member. According to a 2011 census[1] close to 300,000 residents of the UK were born in Germany.

[1] "2011 Census: QS203EW Country of birth (detailed), local authorities in England and Wales". Office for National Statistics. 11 December 2012. URL: