THE FRENCH ELECTION HACK

Another national election, another massive hacked data leak apparently to increase the chances of winning of the preferred candidate. This time we are talking of the French Presidential election-where the final run off for deciding the French President was held on Sunday, 07 May 2017. The final round contestants were Marine Le Pen of the National Front Party and Emmanuel Macron of the En Marche Party. On Friday the 05^th of May 2017, a set of links to torrent files appeared on the anonymous publishing site PasteBin. These links pointed to a dump of data on the internet. The dump was a total of 9GB of data, supposedly composed of leaked emails of the En Marche party. The source of the material goes by a different name this time – EMLEAKS, and the site of preference for publication this time is not WikiLeaks but PasteBin.

The current round of email leaks just before the second round of elections in France are timed in such a manner, so as to not give the target a chance to respond. At the same time it also appears to be too late for it to bring about any change to the anticipated outcome of the election. However the timing is of great strategic value since the French law does not allow candidates and government institutions to speak publicly for two days ahead of an election. Thus, not only preventing Macron from responding to any scandal that may come out of analysis of the data dump, real of fake, but at the same time effectively preventing any of the security services or the interior ministry from commenting on the origin and the nature of the hack.

The En Marche party itself acknowledged the hack in a public statement on Friday evening (05 May 2017), saying that it had been the victim of a massive coordinated act of hacking in which documents related to internal mails (both personal and professional), accounts, contracts, etc had been hacked and taken out by the hacker. According to the head of Macron’s digital team, Mounir Mahjoubi, “five entire mailboxes” were “stolen”, with many of the accounts being personal Gmail mailboxes.

The purpose of the email dump was to sow doubt and disinformation in the minds of the public, and if possible to swing the elections in the favour of Marine Le Pen, who was the candidate favoured by the Russians to win.

After the Russian interference in the US Presidential elections, interference in the French elections was already anticipated. In the month of Feb 2017 the French Foreign Minister Jean-Marc Ayrault had said that France would not tolerate interference by Russia or any other state in its presidential elections and would retaliate if necessary. This happened after complaints, from the En Marche party that their campaign was the target of fake news put out by the Russian media as well as internet attacks on its databases. In fact the French were so serious about the whole issue that the President Francois Hollande had called a meeting of national defence chiefs on 23 Feb 2017 to discuss cyber security arrangements being made for the elections.

In the month of April 2017, the cyber security firm Trend Micro, had also declared in one of its reports that the En Marche party appears to be the target of a phishing campaign by a Russian government affiliated hacker group, The Fancy Bear also known as Pawn Storm or APT 28. The firm’s researchers found phishing domains created by the hacker group in March, designed to target the campaign by impersonating the site that En Marche uses for cloud data storage. Those domains include onedrive-en-marche.fr, designed to appear like an official Microsoft address, and mail-en-marche.fr, which pretended to be a webmail site. At this time i.e. 24 Apr 2017, Mounir Mahjoubi, had confirmed that there had been attempted intrusions but they had all been thwarted and that nothing had been compromised.

Attribution

To begin with it is very easy to point fingers at Russia, because after all Russia has all the reasons, they have the capability and the resources and of course very strong precedents of meddling in Western elections to sabotage candidates not having beneficial thought processes. Additionally, French institutions have been targeted by hackers with ties to Russia, in the past. For example, when TV5 Monde was hacked in 2015, researchers at FireEye had confirmed that the attacks had been carried out by APT28.

Some of the leaked Microsoft Office files contain an even stranger clue: Cyrillic-character metadata, suggesting they were opened at some point by a computer with Russian-language software settings. The Twitter feed for WikiLeaks points to nine instances in the metadata of the name Roshka Georgiy Petrovich, reportedly an employee of the Russian intelligence contractor Eureka. But that apparent metadata slipup was so clear that some cybersecurity analysts discount it as a possible misdirection technique.

One really cannot blame the Russian hackers for attacking so late; till 23 April 2017, the Russian establishment was not aware as to who would  be the Pro-EU centrist standard bearer.

When queried about Russian involvement in the Macron email hack, Kremlin spokesman Dmitry Peskov said that like other similar accusations, they are all based on nothing and are pure slander.

Macron's party chief, Richard Ferrand, had always accused Russia of influencing the election by spreading "fake news" about Macron, through its state sponsored media while reporting more favourably on Le Pen. Russia has strong motivation to support Le Pen. Her anti-Europe and anti-NATO plans (wanting to take France out of NATO) are perfectly aligned with Russian interests, and she has consistently called for closer ties with Putin. She has also expressed a desire to roll back European Union sanctions on Russia after Moscow's annexation of Crimea from Ukraine. She had plans to recognize the fact that Crimea was part of Russia, if elected. A Russia-friendly understanding of world politics runs in the Le Pen family. Jean-Marie Le Pen, the National Front's co-founder, his daughter Marine and her niece Marion Marechal-Le Pen have all made numerous visits to Moscow over the years. Le Pen herself has repeatedly visited Russia. Her party borrowed 9 million euros in 2014 from the First Czech Russian Bank, however the bank's license was later revoked. Le Pen visited Moscow on Friday 24 Mar 2017 to meet with Putin, at a time when other Western candidates would not want to be seen anywhere near him.

It is a stance that contrasts markedly with Macron, a pro-EU, pro-integration candidate who has also declared that he would keep sanctions on Russia in place.

Concerted Actions in the Information Warfare Campaign

The email dump just before the final round of elections is not to be seen as an isolated action to swing the French presidential elections in favour of Marine Le Pen. Multiple simultaneous actions were being carried out by the perpetrators to swing the elections in the favour of the choice candidate. Some of the actions are listed below:-

• Government-backed press in Moscow had been denigrating Macron in the days leading up to the election (last fortnight of April 2017) . The Russian state-run Sputnik news agency and the TV network RT (erstwhile Russia Today) have French-language websites, totally aimed at those who already have a pro-Russia worldview.
• Trolling on the internet was effectively used to discredit Macron – some of the attempted memes were – homosexuality charges against Macron, his casual attitude towards terrorism, his intimate relations with his non-biological daughter, etc.
• Far right wing sites in France and America had been trying to promote a fake story alleging Macron had a secret offshore bank account. It was decisively debunked and the Macron campaign had shrugged it off. However, on 05 May 2017 (same day as the dump), users of the anonymous forum 4Chan had also purported to have published evidence of Macron’s tax evasion, though those claims were also unverified. In fact this fake story was also picked up by Le Pen during the Presidential debate, further trying to add some sort of authenticity to the same. Researchers have brought out that certain documents, such as those with Macron’s ‘Bahamian bank accounts’, were edited on computers with Russian language operating systems.

Was France Better Prepared?

The French authorities appeared to have learnt at least some messages from the hacking attacks during the US Presidential elections. Some of the actions that they took which appeared to make them better prepared are as follows:-

• Rapid response of the French electoral authorities. The dump happened in the latter half of the day on 05 May 2017, and by Saturday morning (06 May 2017), France’s presidential electoral authority, the CNCCEP, asked the media to avoid publishing information from the leaked documents and reminded them of their responsibilities given the seriousness of the election. The notification also pointed out that, the publishing of false information falls under the law, particularly criminal law. In the US this would have been perceived as an infringement on freedom of speech, whereas the French authorities presented it as an attempt to protect the fairness of the electoral process. Most of the outlets heeded the call. In effect the mainstream French media carried the Macron campaign statement, but virtually nothing else.

• The victim i.e. The En Marche party did not waste any time to make a public statement that many of the documents were fake. Thus, they effectively attacked the attacker by throwing the legitimacy of the emails in doubt.
• Since Russian interference was anticipated, the Macron campaign was prepared, they reportedly turned the spear phishing strategy against the attackers, by flooding them with multiple passwords and logins, true ones, false ones, so that the perpetrators spent most of their time trying to figure out which was genuine and which was a plant. In addition to the fake documents added by the hackers the cyber security personnel of the En Marche party had sent fake information in counter-retaliation for phishing attempts.
• Also, every week party members used to be sent screen captures of all the phishing addresses that had been discovered during the week. To increase awareness levels.
• Once the Macron campaign was clear that the Russian state sponsored news entities were trying to influence the elections, they refused to give the Russian state-funded news media, RT and Sputnik, accreditation to cover the final stretch of the election in their headquarters. Macron was so clear about it that he even raised this issue and the biased reporting in front of Russian President, Putin during a press conference in the last week of May.
• Mounir Mahjoubi, publicly bragged that the campaign had deliberately forged some documents and proactively planted false information in others, forcing WikiLeaks to distance itself from the growing scandal. Further reducing the credibility of the dump.
• As early as October 2016, when it became clear that the Democratic National Committee leaks could damage the U.S. electoral process, the French National Cybersecurity Agency summoned all political parties to raise awareness of the risk of manipulation.
• In December 2016, the minister of defence announced the creation of a French cyber command, composed of 2,600 cyber fighters, able to prevent and retaliate against cyber attacks.
• In February 2017, then-Prime Minister Jean-Marc Ayrault stated that “the risks of interference are very high,” he made clear it was a matter of “national sovereignty,” and warned that any attempt “either from Russia or from any other country” would be met with a proper response. This statement effectively undermined any potential leak in advance by labelling it as a manipulation.
• The electoral commission then established a mechanism allowing a candidate to request an investigation if it detected a cyber intrusion, the findings of which would be publicly endorsed by the Cybersecurity Agency.
• In March 2017, the electoral commission banned electronic voting overseas for the legislative elections, claiming to avoid a risk of cyber manipulation.

Russian Objectives Defeated ?

One of the major objectives of the Russian Information Operations is to weaken the NATO and dismember it if possible and also to weaken the EU. The other aims were to legitimise Russian actions of the immediate past, like annexing of Crimea, a free run in Syria, a free run in Russia itself and of course to sort out trouble creating neighbours. The victory of Macron has put a stop on all those expectations, at least for the time being.

Conclusion

Overall it appeared to be a final all-out effort by a nation state to try and influence the election in favour of the preferred candidate. All these information warfare operations point to a clear trend. They are not just cyber hacking operations. They also include effective use of social media, traditional media outlets, information on whistle blower kind of sites; thus making the operation well balanced and brain-washing the target (the countries’ population) in support of the favoured candidate. In all these cases there also appears to be some covert linkage between the favoured candidate and Russia. Like they say there is no smoke without fire.  

On Sunday 07 May 2017, Macron, at 39, became the youngest President in the history of France and the nation's youngest leader since Napoleon.

What Next

German elections watch out here we come. Not an unreasonable possibility because of past precedents of meddling in German affairs, and thereafter Italy is waiting to happen.