The Cable

Massive Macron Hack Roils French Politics on Eve of Critical Election

A huge trove of internal documents appears online as voters prepare to head to the polls.

TOPSHOT - ALTERNATIVE CROP
France's former Minister of the Economy Emmanuel Macron looks on after handling over power to French Minister of Finance and also current Minister of Economy Michel Sapin in Paris, on August 31, 2016 following his resignation as economy minister.
France's Emmanuel Macron vowed after stepping down as economy minister on August 30, 2016 to "transform" an ailing country but stopped short of declaring a presidential run.  / AFP / PHILIPPE LOPEZ        (Photo credit should read PHILIPPE LOPEZ/AFP/Getty Images)
TOPSHOT - ALTERNATIVE CROP France's former Minister of the Economy Emmanuel Macron looks on after handling over power to French Minister of Finance and also current Minister of Economy Michel Sapin in Paris, on August 31, 2016 following his resignation as economy minister. France's Emmanuel Macron vowed after stepping down as economy minister on August 30, 2016 to "transform" an ailing country but stopped short of declaring a presidential run. / AFP / PHILIPPE LOPEZ (Photo credit should read PHILIPPE LOPEZ/AFP/Getty Images)

With mere minutes to go before the end of active campaigning in France’s presidential election on Friday evening, front-runner Emmanuel Macron’s campaign released a statement saying it had been the victim of a “massive” computer hack intended to sow doubt among the French electorate ahead of Sunday’s vote.

Approximately nine gigabytes of data including emails, contracts, and accounting documents were posted onto the document sharing site Pastebin late Friday. The Macron campaign statement confirmed that some of the documents were authentic, but said that fake campaign documents had been included in the dump as well to “sow doubt and disinformation.” The operation was “obviously a democratic destabilization,” the statement said.

Macron campaign officials immediately compared the dump of emails to the Russian hacking waged by Kremlin operatives against Hillary Clinton’s campaign during last year’s U.S. election. Security experts cautioned that it is too early at this stage to determine who was responsible for the leak. French security officials had warned of Russian interference over the course of the French presidential campaign.

The document dump comes less than 48 hours before the final round of an election that has been closely watched for its implications for the future of Europe. Macron’s opponent, the far-right National Front candidate Marine Le Pen, has campaigned on an anti-EU platform while Macron has embraced the union. Prior to Friday’s email dump, Macron appeared to have a comfortable 20-point lead on Le Pen, with voters widely agreeing he had outperformed her in a debate earlier this week.

It’s not clear what the effects these new documents will have on the election. The timing means that the Macron campaign will be barred from commenting on their contents. According to French election rules, the campaign went into “blackout” mode starting at midnight local time on Friday, which means that any commentary liable to influence the election results will be banned until polls close on Sunday evening, and there will be no new polls.

Suspicions about who was responsible for the leaks quickly fell on Russia. Most analysts suspect that the Kremlin is rooting for a Le Pen victory. Her party has financial ties to Russia, and the candidate made a surprise visit to the Kremlin in March, where she met with Russian President Vladimir Putin. Le Pen has acknowledged Crimea as part of Russia, a stance decidedly not held by most of the international community, and has criticized sanctions put on Russia by the European Union and the United States over the annexation of Crimea.

Macron, on the other hand, while not considered a Russia hawk, has taken a hard line on sanctions on Russia for its actions in Ukraine, calling Moscow’s foreign-policy stance aggressive and saying sanctions should remain in place until it lives up to the Minsk agreement. Macron has banned two Russian state-affiliated news outlets, RT television and the Sputnik news agency, from covering his campaign. He has also criticized Le Pen’s ties to Russia, albeit subtly. “And who pays for your campaign?” he asked her during their final debate on Wednesday.

News stories have pointed to signs of Russian interference on Le Pen’s side over the course of the election in the form of the dissemination of false news stories through state-affiliated outlets and social media bots.

Those responsible for infiltrating Macron’s computer systems took pains to cover their tracks and removed so-called metadata from the files, according to Matt Tait, a former official at GCHQ, Britain’s signals intelligence agency, now the CEO of Capital Alpha Security. Removing such data makes it more difficult to determine who was responsible for hacking Macron’s computer systems.

Last month, the security firm Trend Micro said it had identified a so-called phishing campaign against the Macron team. According to the firm, hackers linked to Russian military intelligence implicated in cyberattacks on the Democratic Party last year carried out the attempt. Those attacks on Macron appeared to be an attempt to break into the email accounts of campaign officials, but the Macron camp insisted that the attempted break-in had been unsuccessful.

The leak appears to contain genuine documents and files from the Macron camp, but in its statement announcing the breach, the front-runner claimed that the breach also included forgeries. Security researchers analyzing the dump identified what appears to be an online order for a synthetic stimulant, to be paid for in bitcoin, the anonymous currency, and to be shipped to the French parliament.

While the bitcoin transaction appears to be genuine, the shipping address points toward what may be an attempt to manufacture scandal, a security researcher who goes by the name misterch0c told Foreign Policy.

The site hosting the dumped documents appears to have been first identified by the message board 4chan, an anarchic online community that carried out an aggressive online campaign on behalf President Donald Trump during the 2016 election campaign. Following his upset victory, 4chan users launched a similar campaign to boost Le Pen.

The online right-wing community that helped propel Trump to the Oval Office also appears to have played a role in spreading news of the hack. According to the Atlantic Council’s Digital Forensic Research Lab, the head of an obscure alt-right news site coined the two principal hashtags being used to disseminate the news on Twitter.

PHILIPPE LOPEZ/AFP/Getty Images

Elias Groll is a staff writer at Foreign Policy covering cyberspace, its conflicts, and controversies. @eliasgroll

Alicia P.Q. Wittmeyer is the Europe editor at Foreign Policy. Her work has appeared in the Los Angeles Times, the Washington Post, and Forbes, among other places. She holds a bachelor’s degree from the University of California, Berkeley, and master’s degrees from Peking University and the London School of Economics. The P.Q. stands for Ping-Quon. @APQW

Emily Tamkin is a staff writer at Foreign Policy covering ambassadorial and diplomatic affairs in Washington. @emilyctamkin

Trending Now Sponsored Links by Taboola

By Taboola

More from Foreign Policy

By Taboola