'Macronleaks': Hackers Find Flaw in French Cyber-Fortress
6.5.2017 securityweek CyberSpy
They knew months ago that top-of-the-range hackers had been targeting them. They believe their security measures, too, had been nothing short of top-rate. But, in the end, French presidential candidate Emmanuel Macron's team got hacked.
And on Friday night, just an hour before the end of official campaigning, thousands of documents including emails and accounts belonging to his En Marche! (On the Move!) movement were dumped online.
"It's just incredible what's happening," said Belgian researcher Nicolas Vanderbiest, a specialist on online rumours, whose map showing how the "Macron Leak" propagated on Twitter has Wikileaks at the centre.
Macron's campaign team says it put in place servers protected by sophisticated software filters, recommended the use of several encrypted messaging and cellphone networks, and required double and triple authentication to access emails.
It says it stored its information in multiple-partitioned cells, with databases separated like fortresses, accessible by passwords that were complex and regularly changed.
But a squad of shadowy hackers seem to have found the back door.
"In this kind of organisation the real potential faultline is the human element," the head of computer services for En Marche! recently told AFP, requesting anonymity.
Because security procedures can become long and cumbersome, some people can be tempted to get around them by using personal email services which are little or badly protected.
- 'en-nnarche.com' -
On April 25, a report by Japanese cyber-security company Trend Micro, blamed a so-called "phishing" attack targetting the Macron campaign on Russian hacking group Pawn Storm, also known as Fancy Bears, Tsar Team and APT28.
The group, suspected of close links to the Russian security services, is also accused of having targetted the Democratic Party during last year's US presidential election, in which Republican-backed Donald Trump defeated Democrat Hillary Clinton.
In this kind of attack, which does not require sophisticated resources, hackers can open up security gaps in software, for example during an update or through a so-called mirror site.
This would be something like "en-nnarche.com", hoping that a user when reading quickly would mistake the "nn" for an "m" and fall into the trap, revealing access codes.
The principle of phishing, a classic arm in the hackers' arsenal, is to send a large number of fake emails often containing infected attachments, hoping that a distracted recipient will click on one, creating a breach in the targetted system.
The gap is unlikely to show up immediately, and the loophole it generates may be exploited weeks or months later.
The Macron campaign reacted swiftly to Friday night's data dump, saying it would take all measures necessary to shed light on the "unprecedented" incident.
But it did not seem overly worried by the substance of what had been leaked.
"Throughout the campaign, En Marche! has constantly been the party the most targeted by such attempts, in an intense and repeated fashion," it said in a lengthy statement.
"The aim of those behind this leak is, all evidence suggests, to hurt the En Marche! party. Clearly, the documents arising from the hacking are all lawful and show the normal functioning of a presidential campaign."
Senator Bazira Khiari, a national delegate for En Marche!, told AFP Saturday morning: "We were informed last night... We were just told to change our passwords".