Cybersecurity

How Macron's team thwarted the hackers with one simple trick

French President elect Emmanuel Macron walks towards the stage at the Louvre Museum to give a speech to supporters after results in the 2017 presidential election in Paris, France, May 7, 2017.  Picture taken May 7, 2017.    REUTERS/Philippe Lopez/Pool - RTS15O0C

Shadowy threat: Macron's campaign went on the offensive against hackers Image: REUTERS/Philippe Lopez

Akilnathan Logeswaran

Multiple sources reported that the campaign of the new French President, Emmanuel Macron, was attacked by Russian hackers.

According to a report from the Tokyo-based cyber-security firm, Trend Micro, a Russian intelligence unit targeted Macron's campaign from March to April 2017, sending e-mails designed to lure mid-level campaign managers into handing over their passwords.

Trend Micro even believes that it’s the very same Russian group, known by a number of names including ‘Apt28’, ‘Pawn Storm’ & ‘Fancy Bear’, who hacked the emails from the Democratic National Committee in the 2016 US presidential election.

While it’s not confirmed that the attacks can be attributed to these Russian groups or other groups that mimic the same behavior, it seems evident that there could be Russian interests at play.

The former leader of the Front National, Marine Le Pen has a track record of ties to Russia and admiration for its leadership. In 2017, she met the Russian leadership. In 2014, her campaign received a $10-12 million loan from a Russian bank. In 2011, Le Pen even told the Russian publication Kommersant: “I won’t hide that, in a certain sense, I admire Vladimir Putin”.

Against this backdrop, the head of Macron’s digital team, Mounir Mahjoubi, recently explained how the attacks on Hillary Clinton’s campaign inspired them to not only be more vigilant in defending their cybersecurity, but also to launch “counter attacks” against the hackers.

The Macron campaign was frequently targeted by phishing attacks which would send emails with links to copies of credible-looking log-in screens with slight changes in the web addresses, e.g. using dots rather than hyphens, etc. Once a user would sign in, the hackers would have access to all of the user’s emails.

They frequently – on a weekly basis – informed the team about the recent attacks, but here comes the real trick. They did not try to not open these false URLs, they did open them – more often than the hackers expected.

You can flood these addresses with multiple passwords and log-ins, true ones, false ones, so the people behind them use up a lot of time trying to figure them out.

Mounir Mahjoubi

With so much information, the hackers must have had a hard time verifying what was true, and obviously wasted numerous hours trying to sort all of the ‘mis’information. Eventually this probably also explains the unorganized nature of the stolen campaign emails that were eventually uploaded onto the anonymous site 4chan, which didn’t provide any damaging insights.

After all, President Macron’s team used a tactic that George Washington and Mao Zedong both agreed upon: “Attack is the best form of defense.”

Loading...
Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Internet Governance

Share:
The Big Picture
Explore and monitor how France is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

5 ways to achieve effective cyber resilience

Filipe Beato and Jamie Saunders

November 21, 2024

We asked 6 tech strategy leaders how they're promoting security and reliability. Here's what they said

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum