BERLIN (Reuters) - After election hacks in the United States and France, Germany is worried it will be next.
Four months before an election in which Chancellor Angela Merkel hopes to win another term, Germany's national cyber security agency BSI warned political parties to shore up their computer defenses.
The head of Germany's domestic intelligence agency last week accused Moscow of gathering a large amount of political data in cyber attacks, and said it would be up to the Kremlin whether to meddle in the Sept. 24 elections.
The German government has boosted funding to the BSI and will add 180 jobs to the agency this year. It is also expanding a cyber defense center and has stepped up data sharing with private sector firms. The government is even studying legislative changes to allow it to strike back – by destroying an enemy's servers, say – in the event of a major cyber attack.
Despite the extra vigilance, over a dozen cyber experts, German lawmakers and government officials interviewed by Reuters say the leaders of Europe's most powerful nation face a huge challenge if they come under attacks like those on U.S. presidential candidate Hillary Clinton and France's incoming president, Emmanuel Macron, whose emails were hacked.
Security researchers and U.S. officials believe Russian hackers were behind the U.S. attack, and have warned Berlin that Moscow now has its sights on Germany. The origin of the hack of Macron's emails last week is still under investigation.
In particular, German authorities worry that emails obtained by hackers in a 2015 cyber attack on the German parliament will be leaked before the Sept. 24 election. Two sources familiar with the matter said one of the dozen or so accounts hit was Merkel's parliamentary account, though her primary work account was not touched.
One of the sources said Peter Tauber, the CDU secretary general, was later hit by a ransomware attack, in which viruses are used to lock up a computer's data, forcing users to pay off attackers in order to regain use of their machines.
"Digitization has overwhelmed us. Let's not fool ourselves. Despite all the assurances about bolstering security, Germany is not really prepared for what is coming," said Dirk Arendt, a German-based employee at Israeli cyber security firm Check Point Software Technologies.
Government and party officials declined to comment on whose accounts were hit in 2015.
The BSI believes Merkel and her conservative Christian Democrats (CDU) are being particularly targeted by APT 28, a Russian group U.S. officials have blamed for the hacking of Clinton's emails.
The BSI said APT 28, also known as "Pawn Storm" or "Fancy Bear", was behind the 2015 attack on Germany's parliament as well as two attacks on the CDU last year.
Security firm Trend Micro say the group struck the think tanks of both the CDU and the Social Democrats, junior partners in Merkel's coalition government, in March and April. Trend Micro said the group also targeted Macron.
Russia denies involvement in the attacks, saying it never interferes in the internal political affairs of other countries. A Kremlin spokesman said he had no idea who was behind APT 28: "We do not know who these people are and have no relation to them."
But U.S. and German officials say the connections are clear. The head of Germany's BfV domestic intelligence agency, Hans-Georg Maassen, last week said Russia is orchestrating cyber attacks and influence operations to destabilize German society. And while Germany has strengthened its defenses, gaps were inevitable, he said.
"I'm reminded of Sisyphus continually rolling a boulder to the mountaintop only to be overtaken by his inevitable fate," he said, referring to the Greek myth symbolizing a futile act.
At a meeting with Merkel in Russia this week, President Vladimir Putin described allegations of Russian attacks related to the U.S. presidential election as rumors.
But U.S. and European officials say Moscow wants to erode confidence in Western democracies and undermine European unity.
"Putin's short-term goal is to weaken the European consensus on sanctions against Russia," said Hans-Peter Uhl, legal adviser for Merkel's conservative bloc in parliament.
"The long-term objective is to divide the EU and secure the victory of Russian values in the battle against the West," he wrote in the group's latest magazine.
The Kremlin representative called the accusations "a bald-faced lie."
Germany's parliament bolstered security after 2015, bringing in Deutsche Telekom to rework its software systems and providing cyber security training for its 3,000 administrative staff, said Bundestag spokesman Ernst Hebeker.
But private firm secunet told lawmakers in an independent confidential assessment in February that numerous weaknesses remained, including "uncontrolled use" by lawmakers of mobile phones and tablets that are not centrally monitored, according to several sources familiar with the report.
There is no ban on USB sticks, which could be infected with malicious software, they quoted the report as saying.
"We don't have sufficient protections for the Bundestag servers where confidential documents are stored," said August Hanning, former head of the BND foreign intelligence agency.
The BSI now provides cyber training to state and federal lawmakers, political parties and their think tanks.
But Germany's strict separation of powers mean it can only advise parliament and not force it to act. "It's like teaching traffic safety. We say, 'Please don't cross the street when the light is red.' But it's up to people themselves if they actually listen," BSI president Arne Schoenbohm told Reuters.
Berlin is also taking steps to crack down on so-called fake news. It is targeting the 3 million or so Germans with roots in Russia whom officials fear may be vulnerable to pro-Russian propaganda. Those concerns were triggered by spontaneous protests in January 2016 after a bogus report about the alleged rape of a 13-year Russian-German girl by a migrant.
Thomas Krueger, who heads Germany's BpB agency for civic education, hosted a meeting in March for 250 leaders in the community to encourage better awareness.
"We just have to be open about this problem and ensure that as many people as possible develop critical thinking skills," he said.
Russia is known for holding onto damaging material until a critical moment, says Jim Lewis, senior vice president at the Washington-based Center for Strategic and International Studies.
"The wild card is: 'did the Russians get something in 2015 that they can detonate when the election gets closer?'" he said.
"I would get really nervous in August."
Additional reporting by Eric Auchard in Frankfurt and Margarita Popova and Christian Lowe in Moscow; Editing by Paul Carrel and Sonya Hepinstall