Did Macron hack the hackers, foiling Russian influence on French election?

There is no proof, but cyber offense rather than defense could signal big shift in cybersecurity tactics

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Did the new leader of France win because he out­smart­ed the very hack­ers who tried to tip the scales in last November’s U.S. elec­tion? Secu­ri­ty pro­fes­sion­als are try­ing to sort out this very pos­si­bil­i­ty right now, fol­low­ing a sto­ry­line that sounds right out of a Michael Crich­ton nov­el. It’s going to be hard to sort out the truth of these claims, but then, that’s the point.

Bob Sul­li­van, jour­nal­ist and one of the found­ing mem­bers of msnbc.com

Here’s the rub: There are claims that Emmanuel Macron’s cyber­se­cu­ri­ty folks antic­i­pat­ed a Hillary Clin­ton-like attack from the alleged­ly Russ­ian-backed hack­er group known as “Fan­cy Bear,” and beat them at their own game.

Not falling for hack­ers’ ploy

Macron’s peo­ple already had said they respond­ed to phish­ing attacks by feed­ing them false login infor­ma­tion, and per­haps plant­ed bad data into the hack­ers’ hands. Then, when the inevitable last-minute Wik­iLeaks data dump occurred, the hack­ers looked fool­ish. So fool­ish that even Wik­iLeaks said this past week­end that the doc­u­ments alleged­ly stolen from the French candidate’s cam­paign actu­al­ly includ­ed meta­da­ta that point­ed to a Russ­ian com­pa­ny and an indi­vid­ual with ties to Russian’s intel­li­gence agencies.


Again, we’ll prob­a­bly nev­er know what real­ly hap­pened. How­ev­er, accord­ing to Cym­me­tria CEO Gadi Evron, that’s good enough. Unlike the Clin­ton response last fall, which had the effect of con­firm­ing the authen­tic­i­ty of Leon Panetta’s hacked emails, the Macron response cast uncer­tain­ty and doubt on the whole affair. Mis­sion accomplished.

Scam­mers get scammed

Let’s back up for a moment. Some­where in the back of your mind, you remem­ber the phrase “419 Scam”—otherwise known as a Niger­ian scam. After years of putting up with those crap­py emails, a group of inter­net fight­ers got the bright idea to turn the tables, and scam the scam­mers. The con­cept of “419 eaters” was born. These folks would respond to emails sug­gest­ing they’d inher­it­ed mil­lions of dol­lars as Niger­ian roy­al­ty, and play along with the scam.

They’d string the crim­i­nals along for days, even weeks. The the­o­ry is sound enough: That if scam­mers were occu­pied by 419Eaters, they couldn’t be scam­ming actu­al vic­tims. And per­haps, occa­sion­al­ly, the good guys would get enough data on the crim­i­nals to gain a pros­e­cu­tion. Along the way, 419eater.com and oth­er sim­i­lar groups man­aged to get scam­mers to take some pret­ty embar­rass­ing pho­tos.

The broad idea behind such an oper­a­tion might be called “offen­sive” cyber defense. Scam the scam­mers. Hack the hack­ers. Don’t just sit around and tol­er­ate the prob­ing. Fight back. Dis­able IPs that are being used to attack. Put out false flags. Embar­rass the adver­sary, or even bet­ter, dis­able her or him.

The Dai­ly Beast had ear­li­er report­ed that Macron was doing exact­ly this dur­ing the cam­paign. Recall that Russia’s Vladimir Putin had explic­it­ly sup­port­ed Macron’s oppo­nent, Marine Le Pen, who was in favor of break­ing up the EU and oth­er poli­cies favor­able to the Russ­ian president.

You can flood these [phish­ing] address­es with mul­ti­ple pass­words and logins, true ones, false ones, so the peo­ple behind them use up a lot of time try­ing to fig­ure them out,” Mounir Mahjoubi, the head of Macron’s dig­i­tal team, had told The Dai­ly Beast ear­li­er.

Hack­ers get no traction

Again, we’ll prob­a­bly nev­er know the truth of the mat­ter. But right there, Macron’s folks already had sowed enough doubt that what­ev­er hacked emails and doc­u­ments came out as France’s “Octo­ber sur­prise,” they would come with built-in uncertainty.

Evron sug­gests this is the dawn of a new age of cybersecurity:

Cyber­se­cu­ri­ty has been on the defen­sive for a very long time,” he wrote. “Final­ly see­ing peo­ple think like I do and take con­trol of the bat­tle ground, not just sit­ting and wait­ing for the adver­saries to bypass our sta­t­ic defens­es, but using the attack­ers’ very own pre­dictable method­olo­gies and M.O. against them is very exciting.”

Maybe, maybe not. But the post­script on this sto­ry will be fas­ci­nat­ing. I sus­pect the lay­ers of dis­in­for­ma­tion will only get deep­er, and the sto­ry less clear, as time goes by. As evi­dence for that, Rus­sia-con­trolled Sputniknews.com actu­al­ly report­ed on the FSB (Russ­ian intel­li­gence agency) con­nec­tion to the Fan­cy Bear doc­u­ment dump.

Wik­iLeaks stat­ed that the Evri­ka com­pa­ny had obtained “FSB secu­ri­ty cer­tifi­cate to pro­tect state secrets” and post­ed a link to the arti­cle of 2003 by Russia’s Leniz­dat media out­let,” Sput­niknews report­ed. “The arti­cle says that the Evri­ka (or Eure­ca) com­pa­ny is oper­at­ing since the 1990s and spe­cial­izes in the devel­op­ment and cre­ation of inte­grat­ed infor­ma­tion sys­tems, as well as in man­u­fac­tur­ing com­put­er machinery.”

Why would the Sput­nik news agency all-but-con­firm Russia’s involve­ment in try­ing to hack French elec­tions? I wish Michael Crich­ton were alive to ask.

More sto­ries relat­ed to elec­tion hacking:
Cre­at­ing chaos at the polls: Putting elec­tion hack risks into context
Cast bal­lot for tighter secu­ri­ty on vot­er data
To main­tain democ­ra­cy, dig­i­tal elec­tion net­works must be improved

Posted in Featured Story