Romanian prosecutors conducted raids on Saturday linked to a man suspected of illegally financing a campaign to promote Calin Georgescu’s presidential run, a day after the country’s top court annulled the elections in which the far-right candidate had won the first round.
The raids at three properties in the central city of Brasov were based on suspicions of voter corruption, money laundering and cyber fraud, prosecutors said, and that the funds are suspected of originating from criminal activities.
Calin Georgescu, whose stunning victory in the first round of Romania’s presidential election was declared void on Friday, is a hard-right, self-styled outsider critical of NATO who wants to end his country’s support for its neighbour Ukraine. Romania’s top court annulled the results of the Nov. 24 vote after declassified security documents said Romania had been a target of “aggressive hybrid Russian attacks” during the election period.
The court ruled the whole process must be rerun.
Georgescu was polling in the single digits in October but surged to a surprise victory with just shy of 23% of the first round votes.
Had he gone on to win the final second round, scheduled for Sunday, he would have headed the country’s armed forces, chaired the supreme defence council that decides on military aid, and had the power to appoint the prime minister, chief judges, prosecutors and secret service heads.
Georgescu, who unexpectedly won the first round of Romania’s presidential election and tops opinion polls ahead of this Sunday’s runoff, has expressed admiration for Russian culture and described President Vladimir Putin as a man who loves his country. Georgescu has also strongly criticized the European Union and NATO, with his victory potentially spelling trouble for both alliances.
The declassified Romanian documents allege that paid influencers, along with members of extremist, right-wing groups and people with ties to organized crime, promoted Georgescu’s candidacy online. The documents don’t directly state that Russia tried to swing the election but strongly suggest it, according to Polito.eu reports.
Georgescu’s election campaign exploded on the social media platform TikTok just two weeks prior to the Nov. 24 election, according to one declassified document from the Romanian Intelligence Service (SRI).
Some 25,000 accounts were part of a network on TikTok directly associated with Georgescu’s campaign and became very active in those two weeks, the document says.
About 800 of those accounts had existed since 2016 — the year TikTok was released — but had barely been active until November of this year.
“The account activity could have been coordinated by a state actor,” another SRI document suggested. The SRI also assessed that “a very good digital marketing company” was behind the campaign and that those involved were adept at skirting TikTok’s rules.
The SRI noted that each TikTok account had a unique IP address, which shows a deliberate strategy to make it difficult to identify the scale of the network.
A group created on the Telegram messaging app was used to coordinate the TikTok activity, the SRI said. Messages included advice on how to mislead TikTok’s content verification system, for instance by recording screens and changing content so the platform perceives it as original content, SRI said.
The presidential hopeful’s spokesperson told POLITICO in response: “What people mentioned in the documents wanted to do in Mr. Georgescu’s name without being asked to do so is their own problem.” The spokesperson suggested the revelations in the declassified documents could be part of a false flag operation to discredit Georgescu.
Logins for Romanian election-related websites were posted on a cybercrime platform of Russian origin as well as on a private Telegram channel known for disseminating data stolen from many countries — but never Russia, according to one of the SRI documents.
The SRI identified more than 85,000 cyberattacks that sought to exploit vulnerabilities in Romania’s election IT system, aiming to obtain access to data, change content and crash the network. The attacks continued for several days, including election day and the day after, and came via 33 countries — making it difficult to attribute responsibility to one nation in particular, the SRI said.
Discussion about this post