Macron claims massive hack as emails leaked
Leading French presidential candidate's En Marche! movement has confirmed a massive hack resulting in "diffusion on social media of various internal information"
Leading French presidential candidate Emmanuel Macron’s campaign said on Friday it had been the target of a “massive” computer hack that dumped its campaign emails online some 36 hours before voters choose between the centrist and his far-right rival, Marine Le Pen, when polls open on Sunday.
Macron, who is seen as the frontrunner in an election billed as the most important in France in decades, extended his lead over Le Pen in polls on Friday.
As much as 9 gigabytes of data were posted on Pastebin, a site that allows anonymous document sharing. It was not immediately clear who was responsible for posting the data or if any of it was genuine.
In a statement, Macron’s political movement En Marche! (Onwards!) confirmed that it had been hacked.
“The En Marche! Movement has been the victim of a massive and co-ordinated hack this evening which has given rise to the diffusion on social media of various internal information,” the statement said.
An interior ministry official declined to comment, citing rules forbidding any commentary liable to influence an election which took effect at midnight on Friday. The presidential election commission said in statement that it would hold a meeting later on Saturday after Macron’s campaign informed it about the hack and publishing of the data.
It urged the media to be cautious about publishing details of the emails given that campaigning had ended, and warned publication could lead to criminal charges.
Comments about the email dump began to appear on Friday evening just hours before the official ban on campaigning began. The ban will stay in place until the last polling stations close on Sunday at 8pm.
Opinion polls show independent centrist Macron is set to beat National Front candidate Le Pen in Sunday’s second round of voting. The latest surveys show him winning with about 62 percent of the vote.
Russian hand seen
Former economy minister Macron’s campaign had previously complained about attempts to hack its emails, blaming Russian interests in part for the cyber attacks.
On April 26, the team said it had been the target of attempts to steal email credentials dating back to January, but that the perpetrators had failed to compromise any campaign data.
The Kremlin has denied it was behind any such attacks, even though Macron’s camp renewed complaints against Russian media and a hackers’ group operating in Ukraine.
Vitali Kremez, director of research with New York-based cyber intelligence firm Flashpoint, told Reuters his review indicates that APT 28, a group tied to the GRU, the Russian military intelligence directorate, was behind the leak. He cited similarities with US election hacks that have been attributed to that group.
APT28 last month registered decoy internet addresses to mimic the name of En Marche, which it likely used to send tainted emails to hack into the campaign’s computers, Kremez said. Those domains include onedrive-en-marche.fr and mail-en-marche.fr.
“If indeed driven by Moscow, this leak appears to be a significant escalation over the previous Russian operations aimed at the US presidential election, expanding the approach and scope of effort from simple espionage efforts towards more direct attempts to sway the outcome,” Kremez said.
US intelligence agencies said in January that Russian President Vladimir Putin had ordered hacking of parties linked to Democratic presidential candidate Hillary Clinton in an attempt to influence the election on behalf of Republican rival Donald Trump.
On Friday night as the #Macronleaks hashtag buzzed around social media, Florian Philippot, deputy leader of the National Front, tweeted “Will Macronleaks teach us something that investigative journalism has deliberately killed?”
Macron spokesman Sylvain Fort, in a response on Twitter, called Philippot’s tweet “vile”.
En Marche! said the documents only showed the normal functioning of a presidential campaign, but that authentic documents had been mixed on social media with fake ones to sow “doubt and misinformation”.
“You have a hashtag drive that started with the alt-right in the United States that has been picked up by some of Le Pen’s most dedicated and aggressive followers online”
Ben Nimmo, a UK-based security researcher with the Digital Forensic Research Lab of the Atlantic Council think tank, said initial analysis indicated that a group of US far-right online activists were behind early efforts to spread the documents via social media. They were later picked up and promoted by core social media supporters of Le Pen in France, Nimmo said.
The hashtag #MacronLeaks was first spread by Jack Posobiec, a pro-Trump activist whose Twitter profile identifies him as Washington DC bureau chief of the far-right activist site Rebel TV, according to Nimmo and other analysts tracking the election.
“You have a hashtag drive that started with the alt-right in the United States that has been picked up by some of Le Pen’s most dedicated and aggressive followers online,” Nimmo told Reuters.