A comprehensive analysis of declassified reports detailing social media manipulation, cyberattacks, Russian influence, and institutional challenges affecting Romanian elections, highlighting key tactics, vulnerabilities, and broader geopolitical implications.

Summary

The declassified documents provide a detailed overview of the coordinated strategies, actors, and vulnerabilities exploited during Romania’s 2024 presidential elections. They uncover a hybrid operation involving cyberattacks, social media manipulation, and propaganda campaigns. The primary focus was on amplifying the visibility and influence of candidate Călin Georgescu while leveraging disinformation to undermine democratic processes. The findings reveal a complex interplay of state-sponsored cyber operations, domestic and international networks, and the strategic misuse of social media platforms like TikTok.

Key Points

1. Social Media Manipulation (TikTok-Centric Campaigns)

• Influencer Recruitment: Over 100 influencers with a combined 8 million followers were unknowingly involved in promoting Călin Georgescu through coordinated hashtags (#echilibrusiverticalitate, #prezidentiale2024).
• Unmarked Campaigns: TikTok and other platforms failed to enforce labeling rules for political content, allowing unchecked dissemination of videos and narratives.
• Replicated Tactics: Campaign strategies closely mirrored Russia’s operations in Ukraine and Moldova, emphasizing targeted narratives and covert coordination.

2. Cyberattacks and IT System Vulnerabilities

• Targeted Electoral Infrastructure: Systems managed by the Permanent Electoral Authority (AEP) and Special Telecommunications Service (STS) were attacked with sophisticated methods like SQL Injection and Cross-Site Scripting.
• Scope of Attacks: Over 85,000 cyberattacks from entities in 33 countries were recorded during the election period, aimed at data theft, system compromise, and misinformation.

3. Russian Influence and Hybrid Warfare

• Strategic Objectives:
  • Promote euroskeptic, pro-Russian, and extremist candidates.
  • Undermine NATO and EU credibility within Romania.
  • Amplify societal divisions and erode public trust in democratic institutions.
• Disinformation Tactics:
  • AI-driven deepfakes, doctored images, and coordinated social media narratives to spread divisive and misleading information.
  • Use of troll farms, local influencers, and Telegram channels to evade detection and amplify messages.

4. Involvement of Extremist and Criminal Groups

• Key Actors: Domestic extremist groups, ultranationalists, and organized crime networks mobilized resources to support the campaign.
• Financial Incentives: Payments were coordinated through phantom companies and intermediaries, ensuring anonymity and complicating attribution.

5. Institutional Challenges

• Failures in Enforcement: Despite attempts by Romanian electoral authorities to regulate online content, platforms like TikTok failed to comply fully, allowing unauthorized content to thrive.
• Broader Risks: Romania’s position as a NATO and EU member made it a critical target for hybrid warfare aimed at destabilizing the region.

---

Conclusion

The attached documents collectively highlight the vulnerabilities in Romania’s electoral processes and the broader challenges of countering hybrid threats. The findings emphasize:

1. Sophistication of Hybrid Warfare:
   
   • The operations involved a combination of cyberattacks, social media manipulation, and propaganda, demonstrating the evolution of election interference tactics.
2. Systemic Weaknesses:
   
   • Insufficient enforcement of platform regulations and vulnerabilities in electoral infrastructure created opportunities for exploitation.
3. Regional and Global Implications:
   
   • These actions are part of a larger pattern of Russian hybrid warfare, targeting NATO and EU cohesion while exploiting societal and institutional weaknesses in member states.
4. Need for Countermeasures:
   
   • Strengthened cybersecurity defenses, stricter social media regulations, and international collaboration are necessary to mitigate such threats in the future.

This comprehensive analysis underscores the urgent need to bolster democratic safeguards and counter hybrid warfare strategies targeting both Romania and the broader European region.

SRI: Romanian Intelligence Service (Serviciul Român de Informații) Doc 1 – Declassified CSAT Report on Romanian Elections

Summary

This report details significant irregularities and suspicious activities associated with the 2024 Romanian presidential elections, particularly concerning the rapid rise in popularity of candidate Călin Georgescu. The document highlights the use of social media, particularly TikTok, to orchestrate a large-scale, coordinated campaign that leveraged algorithms, influencers, and external financing. Despite minimal declared campaign expenditures, extensive resources and sophisticated strategies were employed, raising questions about the legality and transparency of the election process.

Key Points

1. TikTok Campaign and Artificial Popularity Surge

• Rapid Ascension: Călin Georgescu rose from <1% support in late October 2024 to 22.94% in the first-round election, largely attributed to a highly coordinated TikTok campaign.
• Coordinated Network: A network of 25,000 TikTok accounts was activated two weeks before the election, with 797 accounts initially created in 2016 but dormant until November 2024.
• Platform Exploitation: Algorithms were manipulated through hashtags (#CG, #diaspora), emojis, and pre-designed content distributed to users via Telegram.

2. Telegram as a Coordination Tool

• Telegram channels like @propagatorcg provided detailed instructions to users on content creation and dissemination strategies, ensuring posts aligned with TikTok’s algorithms.
• The channel’s membership surged from 1,088 to over 5,000 in a single week during the election period.

3. Use of Influencers

• Prominent TikTok influencers supported Georgescu, either directly or subtly, embedding campaign tags in otherwise neutral posts.
• Many influencers did not disclose the paid nature of their endorsements, violating transparency norms and electoral regulations.

4. Creation of Fake State Accounts

• Several TikTok accounts falsely claimed affiliation with Romanian state institutions, such as the SRI (Romanian Intelligence Service), to lend credibility and imply institutional support for Georgescu.

5. Financing Mechanisms

• Despite declaring no campaign expenditures, substantial funds supported the promotional activities:
  • The TikTok user “bogpr” (identified as Bogdan Peschir) donated over €1 million, with verified payments of $381,000 during the campaign.
  • Payments to influencers were funneled through FameUp and FA Agency, with offers of €1,000 per promotional video.

6. TikTok’s Conduct and Policy Violations

• TikTok removed some campaign-related content following official Romanian requests but allowed much of it to remain visible within Romania and abroad, contravening electoral laws.
• European think tanks criticized TikTok’s inadequate policies for managing electoral disinformation and its systemic risks to public discourse.

7. Connections to External Entities

• Potential affiliations with Russian propaganda (e.g., Sputnik-linked networks) and connections to cryptocurrency-related entities suggest external influences.
• The campaign’s financing included connections to South African entities, raising questions about foreign involvement.

8. Broader Implications

• The report underscores systemic issues with TikTok as a platform for electoral manipulation, including its lack of enforcement of its own policies and transparency in advertising and data sharing.

Conclusion

The documented activities reflect a coordinated and resource-intensive campaign to artificially boost the visibility and perceived legitimacy of Călin Georgescu, violating Romanian electoral laws and highlighting vulnerabilities in social media platforms like TikTok. These findings call for stricter regulations and international cooperation to address electoral interference in the digital age.

SRI: Romanian Intelligence Service (Serviciul Român de Informații) Doc 2 – Declassified CSAT Report on Romanian Elections

Summary

This document highlights state-sponsored cyber operations targeting Romanian electoral infrastructure and coordinated efforts to boost the popularity of Călin Georgescu on TikTok during the 2024 presidential elections. It uncovers sophisticated cyberattacks aimed at compromising election systems, preferential treatment on social media platforms, and well-organized digital marketing campaigns. The findings suggest the involvement of a state actor with significant resources and expertise in cybersecurity and digital influence.

---

Key Points

1. Cyberattacks on Electoral Infrastructure

• Targeted Systems: Attackers targeted critical election systems managed by the Permanent Electoral Authority (AEP) and Special Telecommunications Service (STS), including:
  • GIS Server: AEP’s compromised mapping server connected to both internal and external networks.
  • Election Monitoring Systems: Platforms like SIMPV, SICPV, and prezenta.roaep.ro were attacked, aiming to alter data integrity and disrupt availability.
• Attack Methods:
  • SQL Injection: Malicious code was injected into databases to access or manipulate data.
  • Cross-Site Scripting (XSS): Attackers inserted malicious scripts into web pages, affecting other users.
• Scale and Scope: Over 85,000 cyberattacks were launched, including during election day and the post-election period, using anonymization techniques across 33 countries.
• Assessment: The attacks showcased a highly organized approach typical of state-sponsored actors.

---

2. TikTok’s Preferential Treatment

• Boosted Visibility: TikTok did not mark Georgescu’s content as electoral, enabling widespread dissemination and significant visibility compared to other candidates whose posts were heavily filtered.
• Violation of Electoral Rules:
  • TikTok failed to comply fully with the Romanian Electoral Authority’s (AEP) requests to remove or block unauthorized campaign materials.
  • Campaign materials continued to circulate within Romania and internationally, even after the election.
• Early Warnings: TikTok had flagged Georgescu’s campaign as suspicious as early as 2020 but took no substantial action to restrict its activities.

---

3. Coordinated Digital Campaign

• Sophisticated Strategies:
  • Telegram and Discord channels were used to coordinate posting schedules and evade detection on TikTok.
  • The campaign avoided bot farms, instead relying on human-operated accounts across various geolocations to circumvent detection.
  • Messages were disseminated through a “swarming” strategy, creating the illusion of organic support.
• Expertise: The campaign demonstrated an advanced understanding of TikTok’s algorithms and policies, leveraging these to maximize impact.

---

4. Possible State Actor Involvement

• Resources and Tactics:
  • The operation utilized extensive resources and expertise, suggesting involvement from a state actor or a highly capable entity.
  • No digital fingerprints linked devices or accounts, indicating meticulous planning and execution.
• Marketing Firm: A professional digital marketing company played a central role, further complicating attribution.

---

5. Broader Implications

• Sovereignist Party Involvement: Similar campaigns were identified for the newly founded Partidul Oamenilor Tineri (POT), which supported Georgescu.
• Systemic Risks:
  • Social media platforms like TikTok pose significant risks to electoral integrity due to weak enforcement of their own policies and lack of transparency.
  • The incident highlights vulnerabilities in Romania’s electoral infrastructure and the growing threat of cyber influence operations.

---

Conclusion

The document underscores a multi-layered effort to manipulate public opinion and disrupt Romania’s electoral process through cyberattacks, social media influence, and well-coordinated disinformation campaigns. The evidence suggests the involvement of a state actor, raising serious concerns about electoral security and the role of social media in democratic processes.

SIE: Foreign Intelligence Service (Serviciul de Informații Externe) – Declassified CSAT Report on Romanian Elections

Summary

This document details Russia’s hybrid warfare strategies targeting Romania’s electoral process, as well as its broader efforts to undermine Western democracies. It highlights Moscow’s use of cyberattacks, disinformation campaigns, and the manipulation of public opinion to erode confidence in democratic institutions, amplify societal divisions, and promote pro-Russian or extremist candidates. The report underscores the increasing complexity and sophistication of these tactics, with a significant focus on leveraging social media platforms and AI-driven content creation.

---

Key Points

1. Russian Election Interference Strategies

• History of Involvement: Russia has a documented history of interfering in elections globally, including the U.S. presidential election in 2016, and continues to employ similar tactics across Europe.
• Goals:
  • Erode trust in democratic institutions.
  • Amplify divisions within societies.
  • Support pro-Russian, nationalist, or euroskeptic candidates and parties.
• Methods:
  • Sociological studies to identify vulnerabilities in public opinion and electoral systems.
  • Aggressive propaganda campaigns using AI-generated content.
  • Creation of divisive narratives, often targeting NATO and EU policies.

---

2. Online Manipulation Tactics

• Social Media and AI:
  • Extensive use of platforms like Telegram, TikTok, Facebook, and VKontakte to disseminate propaganda.
  • Use of AI tools to produce high-quality multimedia content, including deepfakes, to mislead and manipulate audiences.
  • Coordination of troll networks and local influencers to amplify pro-Russian narratives.
• Targeted Narratives:
  • Discredit European and NATO leadership.
  • Promote fears of declining security and economic instability.
  • Undermine support for Ukraine and portray it as a destabilizing force.

---

3. Romania as a Key Target

• Perceived Threat: Russia views Romania as a NATO ally directly threatening its security due to hosting U.S. military assets and its support for Ukraine.
• Hostile Actions:
  • Cyberattacks and information leaks targeting Romanian infrastructure and electoral systems.
  • Narratives aimed at fostering distrust in NATO and EU alliances.
  • False claims of territorial ambitions against neighboring countries, such as Moldova and Ukraine.

---

4. Disinformation Campaigns

• Narrative Amplification:
  • Distribution of divisive content via coordinated campaigns.
  • Use of manipulated or decontextualized images and videos to create fear and panic.
• Targeted Groups:
  • Demographic-specific manipulation, particularly focusing on rural, religious, and economically vulnerable populations.
  • Exploitation of cultural and societal grievances to sow discord.
• Example Techniques:
  • Cross-posting propaganda across multiple platforms using the same network of accounts.
  • Associating false incidents with Ukrainian refugees or resistance movements to undermine support for Ukraine.

---

5. Broader Geopolitical Context

• Link to Moldova and Ukraine:
  • Parallel disinformation campaigns in Moldova aimed at destabilizing pro-Western governments.
  • Efforts to erode European solidarity for Ukraine by promoting social and economic grievances in NATO countries.
• Localized Propaganda:
  • Leveraging local influencers to promote Kremlin narratives under the guise of grassroots movements.

---

Conclusion

The report reveals a well-coordinated and resource-intensive effort by Russia to influence Romanian elections and public opinion, part of its broader strategy to undermine NATO and EU cohesion. By exploiting technological advancements and social media platforms, Russia seeks to erode democratic stability, amplify societal divisions, and weaken support for Western alliances. This highlights the urgent need for robust countermeasures to address hybrid threats and protect democratic processes.

Ministry of Internal Affairs (Ministerul Afacerilor Interne) – Declassified CSAT Report on Romanian Elections

Summary

The final document outlines how social media manipulation, particularly through TikTok, was used to influence Romania’s 2024 presidential elections. It details a campaign characterized by the covert promotion of Călin Georgescu using influencers and coordinated hashtags, which mirrored tactics seen in Russian operations in Ukraine. The campaign leveraged micro-influencers and unmarked promotional content, suggesting external orchestration with ties to extremist and criminal groups. The report underscores the integration of social media manipulation with hybrid warfare strategies to destabilize democratic processes.

---

Key Points

1. Use of Social Media for Election Manipulation

• Platform Exploitation:
  
  • Over 100 influencers with 8 million followers were unknowingly involved in promoting Călin Georgescu.
  • Campaign hashtags such as #echilibrusiverticalitate, #prezidentiale2024, and #unliderpotrivitpentrumine were heavily used across TikTok, Instagram, and Facebook.
  • TikTok failed to implement Electoral Bureau instructions for labeling campaign content.
• Campaign Tactics:
  
  • Influencers were paid based on follower counts (e.g., 390 RON for 20,000 followers).
  • Many influencers were unaware of the candidate being promoted, leading to public backlash once the campaign was exposed.

---

2. Similarities with Russian Tactics

• Replicating Prior Campaigns:
  
  • The campaign resembled Russia’s “Brother Beside Brother” operation in Ukraine, using identical coordination strategies and narrative themes.
  • Content creators followed strict guidelines regarding timing, soundtracks, emojis, and video narrative structures.
• Covert Coordination:
  
  • The campaign involved methods to evade detection, including deleting all traces of the campaign online after execution.

---

3. Links to Extremist and Criminal Networks

• Key Actors:
  
  • Prominent figures associated with far-right extremist ideologies, criminal organizations, and religious cults were involved in mobilizing support for the campaign.
  • These groups had histories of promoting pro-Russian, antisemitic, anti-NATO, and anti-Ukraine narratives.
• Campaign Beneficiaries:
  
  • The campaign was orchestrated through intermediaries, including “phantom companies,” which coordinated influencer payments and guidelines.

---

4. Broader Implications

• Cross-Border Operations:
  
  • Similar campaigns in Moldova and Ukraine reveal a regional pattern of election interference.
  • The Romanian campaign’s success highlights vulnerabilities in social media platforms to covert influence operations.
• Eroding Democratic Trust:
  
  • The integration of extremist elements and manipulative campaigns risks undermining trust in democratic institutions and election processes.

---

Conclusion

The report provides clear evidence of a covert, well-coordinated campaign leveraging social media to influence Romania’s 2024 elections. This campaign reflects a sophisticated strategy aligned with hybrid warfare practices, combining social manipulation, extremist narratives, and cyber tactics to destabilize democratic processes. It underscores the need for stronger safeguards and countermeasures to protect elections from external interference and social media exploitation.

STS: Special Telecommunications Service (Serviciul de Telecomunicații Speciale) – Declassified CSAT Report on Romanian Elections

Summary

The declassified document from Romania’s Serviciul de Telecomunicații Speciale (STS) provides a comprehensive analysis of the security, implementation, and functionality of the IT&C infrastructure supporting the electoral process. It emphasizes the measures taken to ensure the integrity and transparency of the voting system, particularly the systems SIMPV (monitoring voter presence) and SICPV (centralizing vote results). Despite public concerns and reports of cyber threats, the report concludes there was no evidence of unauthorized data access, manipulation, or system vulnerabilities affecting the 2024 Presidential Elections.

Key Points

1. IT Infrastructure and Legal Framework

• SIMPV (Monitoring Voter Presence System) and SICPV (Vote Results Centralization System) were key systems used during the elections.
• Both systems operated under strict legal guidelines (Laws 115/2015 and 370/2004) and were supported by the STS.
• The systems functioned to prevent voting fraud, centralize data, and ensure transparency, with functionalities like real-time data aggregation and digital signature validation.

2. Security Measures and Cyber Threats

• Extensive pre-election measures included:
  • Cybersecurity risk assessments.
  • Secure configurations and encrypted data transfers.
  • Blockchain technology for data traceability and integrity.
• Multiple cyberattacks, including DDoS, were successfully mitigated without affecting system functionality.
• The infrastructure, including the static public site (prezenta.roaep.ro), remained operational and secure throughout the election.

3. Blockchain Implementation

• Blockchain was employed to enhance resilience and transparency, ensuring data integrity by anchoring digital signatures into the European Blockchain Services Infrastructure (EBSI).

4. Operational Performance

• The systems supported over 19,000 voting sections, processing voter data securely and efficiently.
• All processes adhered to legal guidelines, with no system downtimes or performance anomalies reported.
• Real-time publishing of election results ensured transparency, with electronic and paper records cross-validated for accuracy.

5. Independent Validation

• Observers, civil society representatives, and political entities reported no issues with the systems.
• Any potential concerns about data alteration could be verified against blockchain records and physical paper documentation.

6. Conclusion

• The systems achieved their objectives of ensuring secure, transparent, and traceable election processes.
• The STS fulfilled its role as a cybersecurity authority, effectively countering threats and maintaining operational integrity throughout the election period.

This report underscores the robustness of Romania’s electoral IT infrastructure and highlights the proactive measures taken to safeguard democratic processes against cyber threats and manipulation.

Link to original documents

https://www.presidency.ro/ro/media/comunicate-de-presa/comunicat-de-presa1733327193

Romania’s Presidential Elections, Press Statement, The USA Government