National Security Agency Director Michael Rogers said the NSA warned French authorities that Russian hackers were targeting that country’s computer infrastructure in the run-up to Sunday’s pivotal presidential election, a revelation likely to intensify speculation that Moscow was responsible for a dumping a huge trove of hacked documents days before the election.
Rogers, testifying Tuesday before the Senate Armed Services Committee, did not specify exactly when his agency had delivered the warning to French authorities. But he said it came before Friday’s dump of nine gigabytes of hacked emails, which included contracts and other internal campaign documents, of aides to the winning candidate, Emmanuel Macron.
“We’re watching the Russians. We are seeing them penetrate some of your infrastructure,” Rogers said, describing his warning to his French counterparts. Rogers added that he offered NSA assistance to France.
Rogers’s carefully worded remarks before the Senate panel confirmed what U.S. officials had been warning about for months: Russia would likely attempt to intervene in the French election by hacking into the computer systems of its political organizations. But Rogers stopped short of explicitly blaming Moscow for the Macron hack. A spokesman for NSA declined to elaborate on Rogers’s remarks.
Private security researchers poring over the stolen Macron documents caution that it is too early to determine if Russia was responsible. Hackers working for Russian intelligence are for now the leading suspects in an operation that injected a measure of uncertainty before Sunday’s vote, which threatened to catapult the Kremlin-friendly far-right candidate Marine Le Pen into France’s highest political office.
Since the NSA has unrivaled abilities to keep tabs on the global internet and observe the actions of foreign hackers, Rogers’s remarks will be closely scrutinized by those researchers.
There are many methods by which the NSA could have eyes on Russian hacking activity, one former intelligence official told Foreign Policy. For one, NSA frequently maintains access to the so-called “hop points,” or staging grounds, that foreign adversaries use to launch cyber attacks. Additionally, NSA might be watching for specific “signatures” used by Russian hacking groups. Such signatures can include pieces of malicious code or the use of a particular server.
The release of stolen emails fits a pattern of behavior by hacking groups tied to Russian intelligence, which have been observed targeting Macron’s email system, said Matt Tait, a former information security specialist for GCHQ, the British signals intelligence agency, and now CEO of Capital Alpha Security.
Some metadata in the files point toward Russia, but researchers have so far been unable to make a strong case tying the Macron hack to the Kremlin hackers — dubbed Fancy Bear and Cozy Bear in some circles — responsible for the penetrations of the Democratic National Committee and other American political organizations during the 2016 election.
“Thus far, the available evidence does lean conspicuously towards Moscow,” Tait wrote in a blog post Tuesday. “It is worth noting, however, that the level of technical attribution in the Macron case doesn’t hold a candle to the volume and quality of sources and evidence in DNC hack attribution after nearly a year of multiple investigations.”
Last month, the security firm Trend Micro said it had identified a series of email domains used by Fancy Bear in an attempt to break into Macron aides’ email accounts. The Macron camp insisted the attempted break-in was unsuccessful.
Throughout the hearing, Rogers treated as a given that Russia has mounted a campaign to undermine the French government. Sen. Tim Kaine (D.-Va.), Hillary Clinton’s running mate in last year’s presidential election, asked Rogers whether he was aware of the “significant evidence” tying Russia to efforts “destabilize the government of an ally” and whether the United States should “take that seriously.”
Rogers offered a clipped answer: “Yes, sir.”
American intelligence officials say hacking groups working on behalf of Russian intelligence in 2015 and 2016 broke into the computer systems of the Democratic National Committee and the email accounts of political operatives and released the stolen files in a bid to boost the electoral chances of President Donald Trump.
Intelligence officials have repeatedly warned that Russian operatives would likely attempt to repeat those exploits by targeting elections of American allies that feature Kremlin-friendly candidates.
On Tuesday, Rogers said that Russian operatives may use similar tactics to target next year’s congressional elections.
FP staff writer Jenna McLaughlin contributed to this report.