The focused web sites included bec.ro (Central Electoral Bureau), roaep.ro (Everlasting Electoral Authority) and registrulelectoral.ro (the electoral registry). All these web sites are managed by the AEP, the company that oversees the election course of. AEP additionally makes use of technical assist and IT infrastructure and programs designed by the Romanian Particular Telecommunication Service (STS), a indicators intelligence company that serves because the Romanian authorities’s ISP.
SRI notes that the theft of credentials related to these web sites, within the type of usernames and passwords, was achieved both by concentrating on particular person customers or by exploiting vulnerabilities in a coaching web site created by the STS for election officers at operatorsectie.roaep.ro. Moreover, the SRI confirmed that on November 19, a server internet hosting mapping information, gis.registrulelectoral.ro, was compromised. This server was related to each the AEP’s inner community and the web.
Earlier than and through election day, SRI cybersecurity analysts recorded greater than 85,000 makes an attempt to use vulnerabilities comparable to SQL injection (SQLi) and cross-site scripting (XSS) in varied electoral web sites and IT programs. The assaults aimed to achieve unauthorized entry to information saved in databases, probably alter voting info introduced to the general public, or disrupt the infrastructure’s availability.
