Did Emmanuel Macron outsmart Russian hackers by planting fake information?
Macron's cyber experts claim 'Fancy Bear' hackers confused by counteroffensive.
How do you combat state-sponsored hackers, especially those who are already adept at influencing the outcome of elections? It is the question every Western government is now wresting with in the wake of the politically-motivated cyberattacks in the US and – most recently – France.
One technique, reportedly used by Mounir Mahjoubi, the digital director of En Marche!, was to seed confusion by inputting fake data into known phishing websites used by the hackers, who in this instance are suspected of having links to the Russian government.
Mahjoubi said it was part of a "counteroffensive" strategy that, with the benefit of hindsight, we now know wasn't 100% effective.
On 5 May, 48 hours before Macron's landslide victory in the French election, hackers released 9GB-worth of material allegedly stolen from his campaign staffers.
It was immediately branded a "massive and co-ordinated" cyberattack yet the politician's team was quick to assert most of the documents were likely fake.
Following an article by The Daily Beast citing earlier comments made by Mahjoubi, it quickly circulated on social media that Macron's team "outsmarted" the culprits by planting data.
"Every week we send the team screen captures of all the phishing addresses we have found during the week," Mahjoubi said. "You can flood these addresses with multiple passwords and log-ins, true ones, false ones, so the people behind them use up a lot of time trying to figure them out."
WikiLeaks, the whistleblowing platform, was analysing the documents and maintained it had found no indication of fakes. Meanwhile, other researchers, as previously reported, said the leak contained content that was obviously designed to mislead the public.
"I think there's probably some erroneous conclusions made in that article based on the 'earlier' comments of Mounir Mahjoubi about imputing wrong log-ins [and] passwords," Sean Sullivan, a cybersecurity expert at Helsinki-based firm F-Secure, told IBTimes UK.
"It sounds like the Macron team was aware of the phishing attempts and perhaps screwed around with them a bit," he continued, adding: "What's more likely, I think, is they may have identified a successful breach. At that point, perhaps they didn't kill access right away but instead planted some dummy documents into the breached account.
"It's difficult to say, but that's my working theory at this point. The campaign seemed able to quickly identify what it called fake documents in the mix of the data dump. That suggests that they had an inventory beforehand to work with."
Other cybersecurity experts remained cautious about the suggestions of "planted" data. "Entering false passwords on phishing sites is neither an effective response nor planting bogus information," said Thomas Rid, a professor in security studies, on Twitter.
In a separate tweet, he added: "There's no evidence the Macron campaign 'outsmarted' or deceived anybody. You can't 'sign on' to APT28 phishing sites & 'plant' info."
Cybersecurity firms, most-recently Trend Micro, have released evidence hackers were using phishing tactics in an attempt to infiltrate the Macron campaign. In this instance, they sent Microsoft OneDrive requests which appeared official but would come from malicious URLs.
The spread of disinformation
"It's not actually clear that Macron did fool the hackers," wrote journalist Marcy Wheeler, on her website Empty Wheel, adding: "If Mahjoubi was being honest about his certainty the hackers didn't succeed, then the campaign would have no reason or means to feed disinformation.
"The details offered here [to The Daily Beast] appear to be about disinformation in response to phishing probes — that is, disinformation about metadata — not disinformation about content."
Last week, Macron's party confirmed the hack but due to electoral law in France was not allowed to respond to any press reporting on the subject due to an enforced two-day campaigning blackout. A statement said it would "not tolerate that the vital interests of democracy be put at risk."
It added: "It is not a simple piracy operation but an attempt to destabilise the French presidential election.
"It is therefore important to take into account the nature of the leaked documents, to be aware of the fact that a large portion of them are purely and simply false."
In January 2017, in the wake of a massive hacking campaign, the US intelligence community accused Russia's "propaganda machine" – news websites RT and Sputnik – of being involved in clandestine operations.
"Moscow will apply lessons [...] to future influence efforts worldwide," it warned.
Dmitry Peskov, spokesperson for Russian president Vladimir Putin, has branded hacking accusations "fake news."
Ben Rhodes, president Obama's former foreign policy advisor, tweeted another approach to combating the state-sponsored hackers: "For those worried about how to defeat [Russian] meddling in elections the French showed us: vote against the person they're helping."
Macron beat his far-right opponent, Marine Le Pen, by a margin of 66% to 34%.
© Copyright IBTimes 2024. All rights reserved.