Did Macron hack the hackers, foiling Russian influence on French election?

There is no proof, but cyber offense rather than defense could signal big shift in cybersecurity tactics

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Did the new leader of France win because he outsmarted the very hackers who tried to tip the scales in last November’s U.S. election? Security professionals are trying to sort out this very possibility right now, following a storyline that sounds right out of a Michael Crichton novel. It’s going to be hard to sort out the truth of these claims, but then, that’s the point.

Bob Sullivan, journalist and one of the founding members of msnbc.com

Here’s the rub: There are claims that Emmanuel Macron’s cybersecurity folks anticipated a Hillary Clinton-like attack from the allegedly Russian-backed hacker group known as “Fancy Bear,” and beat them at their own game.

Not falling for hackers’ ploy

Macron’s people already had said they responded to phishing attacks by feeding them false login information, and perhaps planted bad data into the hackers’ hands. Then, when the inevitable last-minute WikiLeaks data dump occurred, the hackers looked foolish. So foolish that even WikiLeaks said this past weekend that the documents allegedly stolen from the French candidate’s campaign actually included metadata that pointed to a Russian company and an individual with ties to Russian’s intelligence agencies.


Again, we’ll probably never know what really happened. However, according to Cymmetria CEO Gadi Evron, that’s good enough. Unlike the Clinton response last fall, which had the effect of confirming the authenticity of Leon Panetta’s hacked emails, the Macron response cast uncertainty and doubt on the whole affair. Mission accomplished.

Scammers get scammed

Let’s back up for a moment. Somewhere in the back of your mind, you remember the phrase “419 Scam”—otherwise known as a Nigerian scam. After years of putting up with those crappy emails, a group of internet fighters got the bright idea to turn the tables, and scam the scammers. The concept of “419 eaters” was born. These folks would respond to emails suggesting they’d inherited millions of dollars as Nigerian royalty, and play along with the scam.

They’d string the criminals along for days, even weeks. The theory is sound enough: That if scammers were occupied by 419Eaters, they couldn’t be scamming actual victims. And perhaps, occasionally, the good guys would get enough data on the criminals to gain a prosecution. Along the way, 419eater.com and other similar groups managed to get scammers to take some pretty embarrassing photos.

The broad idea behind such an operation might be called “offensive” cyber defense. Scam the scammers. Hack the hackers. Don’t just sit around and tolerate the probing. Fight back. Disable IPs that are being used to attack. Put out false flags. Embarrass the adversary, or even better, disable her or him.

The Daily Beast had earlier reported that Macron was doing exactly this during the campaign. Recall that Russia’s Vladimir Putin had explicitly supported Macron’s opponent, Marine Le Pen, who was in favor of breaking up the EU and other policies favorable to the Russian president.

“You can flood these [phishing] addresses with multiple passwords and logins, true ones, false ones, so the people behind them use up a lot of time trying to figure them out,” Mounir Mahjoubi, the head of Macron’s digital team, had told The Daily Beast earlier.

Hackers get no traction

Again, we’ll probably never know the truth of the matter. But right there, Macron’s folks already had sowed enough doubt that whatever hacked emails and documents came out as France’s “October surprise,” they would come with built-in uncertainty.

Evron suggests this is the dawn of a new age of cybersecurity:

“Cybersecurity has been on the defensive for a very long time,” he wrote. “Finally seeing people think like I do and take control of the battle ground, not just sitting and waiting for the adversaries to bypass our static defenses, but using the attackers’ very own predictable methodologies and M.O. against them is very exciting.”

Maybe, maybe not. But the postscript on this story will be fascinating. I suspect the layers of disinformation will only get deeper, and the story less clear, as time goes by. As evidence for that, Russia-controlled Sputniknews.com actually reported on the FSB (Russian intelligence agency) connection to the Fancy Bear document dump.

WikiLeaks stated that the Evrika company had obtained “FSB security certificate to protect state secrets” and posted a link to the article of 2003 by Russia’s Lenizdat media outlet,” Sputniknews reported. “The article says that the Evrika (or Eureca) company is operating since the 1990s and specializes in the development and creation of integrated information systems, as well as in manufacturing computer machinery.”

Why would the Sputnik news agency all-but-confirm Russia’s involvement in trying to hack French elections? I wish Michael Crichton were alive to ask.

More stories related to election hacking:
Creating chaos at the polls: Putting election hack risks into context
Cast ballot for tighter security on voter data
To maintain democracy, digital election networks must be improved