Hackers came, but the French were prepared

Macron's campaign put hackers off the scent with false leads

PARIS • Everyone saw the hackers coming.

The National Security Agency (NSA) in Washington picked up the signs. So did Mr Emmanuel Macron's bare-bones technology team during the French presidential campaign. And mindful of what happened in the United States presidential campaign, the team created dozens of false e-mail accounts, complete with phoney documents, to confuse the attackers.

The Russians, for their part, were rushed and a bit sloppy, leaving a trail of evidence that was not enough to prove they were working for President Vladimir Putin's government but which strongly suggested they were part of his "information warfare" campaign.

The story told by US officials, cyber experts and Mr Macron's own campaign aides of how a hacking attack intended to disrupt the most consequential election in France in decades ended up a dud was a useful reminder that as effective as cyber attacks can be in disabling Iranian nuclear plants, or Ukrainian power grids, they can also be defeated.

Get The Straits Times
newsletters in your inbox

But that outcome was hardly assured last Friday night, when what was described as a "massive" hacking attack suddenly put Mr Macron's electoral chances in jeopardy. To French and US officials, however, it was hardly a surprise.

In testimony to the Senate Armed Services Committee on Tuesday, NSA director Michael Rogers said US intelligence agencies had seen the attack unfolding, telling their French counterparts: "Look, we're watching the Russians. We're seeing them penetrate some of your infrastructure. Here's what we've seen. What can we do to try to assist?"

But Mr Macron's staff did not need the NSA to tell them they were being targeted: Last December, after the former investment banker and finance minister had emerged as easily the most anti-Russian, pro-Nato and pro-European Union candidate in the presidential race, they began receiving phishing e-mails.

WILD GOOSE CHASE

We went on a counter offensive. We created false accounts, with false content, as traps. We did this massively, to create the obligation for them to verify, to determine whether it was a real account. I don't think we prevented them. We just slowed them down.

MR MOUNIR MAHJOUBI, Mr Emmanuel Macron's digital director, on how the campaign foiled the Russian hackers.

The phishing mails were "high quality", said Mr Macron's digital director Mounir Mahjoubi: they included the actual names of members of the campaign staff and at first glance appeared to come from them. Typical was the very last one the campaign received, several days before the election on Sunday, which purported to have come from Mr Mahjoubi himself.

"It was almost like a joke, like giving us all the finger," Mr Mahjoubi said in an interview on Tuesday.

The final e-mail enjoined recipients to download several files "to protect yourself".

But even before then, the Macron campaign had begun looking for ways to make life a little harder for the Russians, showing a high level of skill and ingenuity.

"We went on a counter offensive," said Mr Mahjoubi. "We created false accounts, with false content, as traps. We did this massively, to create the obligation for them to verify, to determine whether it was a real account.

"I don't think we prevented them. We just slowed them down."

In mid-March, researchers with the cyber security giant Trend Micro watched the Russian intelligence unit set up Web domains mimicking those of Mr Macron's En Marche! party and began sending e-mails with malicious links and fake login pages designed to bait campaign staffers into divulging their usernames and passwords, or to click on a link that would give the Russians a toehold on the campaign's network.

It was the classic Russian playbook, security researchers say, but this time the world was prepared.

Mr John Hultquist, director of cyber espionage analysis at security firm FireEye, noted that the attack was characterised by haste and a trail of digital mistakes.

Now, he said, the failure of the Macron hacks could just push Russian hackers to improve their methods. "They may have to change their playbook entirely," Mr Hultquist said.

NYTIMES

A version of this article appeared in the print edition of The Straits Times on May 11, 2017, with the headline 'Hackers came, but the French were prepared'. Print Edition | Subscribe