Multiple sources reported that the campaign of the 10th President of the French 5th Republic Emmanuel Macron was attacked by Russian hackers.
According to a report from the Tokyo-based cybersecurity firm Trend Micro a Russian intelligence unit targeted Macron's campaign from March to April 2017 sending e-mails designed to lure mid-level campaign managers into handing over their passwords. Trend Micro even believes that it’s the very same Russian group, known by a number of names including ‘Apt28’, ‘Pawn Storm’ & ‘Fancy Bear’, who hacked the e-mails from the Democratic National Committee in the 2016 US presidential election.
While it’s not confirmed that the attacks can attributed to these Russian groups or other groups that mimic the same behavior, it seems to be evident that there could be Russian interests behind it. The former leader of the Franc National Le Pen has a track record of ties to Russia and préférence for its leadership. In 2017, she met the Russian leadership in what seemed an ad-hoc meeting. In 2014, her campaign received a $10-12 million loan from a Russian bank. In 2011, Le Pen even told the Russian publication Kommersant: “I won’t hide that, in a certain sense, I admire Vladimir Putin”.
Yet the head of Macron’s digital team Mounir Mahjoubi recently explained how the attacks on Hillary Clinton’s campaign inspired them to not only be more vigilant in defending their cybersecurity, but also to launch “counter attacks” against the hackers.
The Macron campaign was frequently targeted by phishing attacks which would send emails with links to copies of credible-looking log-in screens with slight changes in the web addresses, e.g. using dots rather than hyphens, etc. Once a user would sign in, the hackers would have access to all of the user’s emails.
They frequently – on a weekly basis – informed the team about the recent attacks, but here comes the real trick: They did not try to not open these false URLs, they did open them – more often than the hackers expected.
“You can flood these addresses with multiple passwords and log-ins, true ones, false ones, so the people behind them use up a lot of time trying to figure them out.”
(Mounir Mahjoubi)
With so much information the hackers must have had truly a hard time verifying what was true and obviously wasted numerous hours trying to sort all of the ‘mis’information. Eventually this probably also explains the unorganized load of the 9 GB worth of stolen campaign emails that was uploaded onto the anonymous site 4chan, which literally didn’t bring any valuable insights until today.
After all President Macron’s team used a tactic that already Georg Washington and Mao Zedong agreed upon: “Attack is the best form of defense!”
______________________________________________________________________
This article was also published in modified versions for the World Economic Forum and The Indian Economist.