PARISLooking back on the presidential campaign of Hillary Clinton last year, one insures an appalling passivity and helplessness as online attackers stole her campaign secrets and now-President Donald Trump exploited that information without shame or discretion.
But, having learned many lessons from the Clinton debacle, the digital team working for French presidential nominee Emmanuel Macron not only took precautions, it decided to fight back.
Next to the U.S. presidential elections , none in the world have had such high stakes riding on them: the future of the European Union, NATO, global commercethe list is long. And Macrons team realized early on, as they watched the Democratic Partys implosion in America, that they too might be the targets of a group of hackers known by many sobriquets, including Pawn Storm, Apt2 8, STRONTIUM, and rather more colorfully, Fancy Bear.
The groups hacking operation is most clearly identifiable by its techniques and targets. Its made up of cyber-criminals with political agendas that fit so closely the priorities of Russian President Vladimir Putin that they are widely believed to be working on his behalf or under his direct orders.( Indeed, the American intelligence community appears to have little doubt on that score anymore .)
And, sure enough, when Macrons upstart centrist political movement began to gain real momentum toward the end of last year, the spear phishing attacks against it started.
The 39 -year-old candidate, formerly an investment banker with Rothschild and then the economy minister under President Franois Hollande, was depicting subsistence from both the left and the right for his independent movement, En Marche! ( Onward !), and he had started to look like a real contender.
It is important to note that all the other leading nominees in the racebut especially far-right anti-immigrant, anti-European Union, anti-NATO, anti-American, pro-Trump candidate Marine Le Penwere unabashedly pro-Putin.
Then polls started to show that Macron might upset Le Pens well-laid plans to restore what she likes to call French sovereignty, albeit with Russian funding and Russias endorsement, including a high-profile meeting in Moscow with Putin himself.( Oh, and Trump chimed in, too, on her behalf)
Putin could be forgiven for thinking that with such useful friends, pawns, or what-have-you as this, he require never contemplate an intrusion of Europe through the Fulda Gap, like in some old Tom Clancy novel about World War III. Today a demoralized and dysfunctional Europe might just come to him.
All he needed in France was a dose of what hes alleged to have done in the United States: introduce a bit of infowar to create doubts about the viability of the systemmaybe with the help of a few Fancy Bear hackersand usher the most unviable candidate into office.
So, whether it was a matter of coincidence or conspiracy, take your picking, aggressive assaults on the Macron campaign began in earnest.
Mounir Mahjoubi, head of Macrons digital team, traces the hostile activity back to December. And as the first round of the presidential competition reached its climax just last Sunday, with Macron and Le Pen emerging as the finalists, very concerned about Russian attempts to manipulate research results grew so intense that Macrons campaign finally refused to give the Russian state-funded news media, RT and Sputnik, accreditation to cover the home stretch.
RT France and Sputnik have been since the very beginning of our campaign the first source of fake news about our candidate and campaign, Mahjoubi told me Tuesday afternoon. As The Daily Beast reported on Monday, another staffer called RT, flatly, a propaganda organ .~ ATAGEND
But that is not the only way the Macron campaign is pushing back against the hacking onslaught.
We also do counteroffensive against them, tells Mahjoubi.
To understand how that might work, one needs to know that the basic techniques used by Pawn Storm to gather intelligence and their alter egos in Fancy Bear to disseminate it are relatively simple, at least in the first skirmishes of a cyber battle.
They merely have to be as sophisticated as it was necessary to, tells Ed Cabrera, the chief cyber security officer of Trend Micro, a global firm based in Japan which has just published a report on Pawn Storms activities, including some data related to the Macron campaign.
Most email users are accustomed to clumsy phishing: those mysterious Nigerians who want to help you collect millions of dollars from some long-lost uncle if youll merely pass on your bank details. That sort of thing.
This is much, much more polished. And its not about money. Its about intelligence gathering for the exercise of politicalindeed geopoliticalpower.
Their well-crafted phishing campaigns, as Cabrera sets it, are entailed first to run their route into an email system by tricking people into uncovering their IDs and passwords. Then the hackers exploit that knowledge not only to collect private emails in secret, but to mine them for intelligence, have them to concentrate new and more targeted attacks on specific individuals to gather still more private data, and in some casesthis is the Fancy Bear specialty in the Pawn Storm shopto disclose those secrets to the public through various channels( like WikiLeaks) in order to affect political outcomes.
As soon as they identify a group and as soon as they identify the individuals they want to compromise they come at them from many different angles, Cabrera told me over the phone.
The new Trend Micro report constructs the example that Pawn Storm/ Fancy Bears targets over the last several years coincide very closely with Russian fears. Foreign espionage and influence on geopolitics are the groups main motives, and not fiscal gain, research reports says. Its main targets are armed forces, the defense industry, news media, legislators, and dissidents.
The Trend Micro chronology shows that if you present an obstacle to Putins ambitions, whether standing up to pro-Russian rebels in Ukraine or disqualifying drug-drenched Russian athletes from athletics competitors or running against Putins prefer paladins in Western politics, Pawn Storm will target you, and Fancy Bear will peddle the information thats uncovered.
Yet, as Cabrera and Mahjoubi acknowledge, without the kinds of resources the U.S. intelligence community has brought to bear, and the results it has yet to reveal in any detail, it is hard to construct that final definitive connection between the Pawn Storm gang and Putin.
Thats inferred from the pattern, tells Cabrera, the victimologywhen they are attacking, how they are attacking, and who they are attacking.
One is reminded of John Le Carrs master spy George Smiley searching the shadows for his Soviet-backed nemesis Karla, presuming his presence based on otherwise hard to explain events.
Espionage is nothing new, and cyber espionage is genuinely not that new, tells Cabrera. Its the same type of tradecraft but in bits and bytes.
But again, how do you defend yourself in this shadowland if, like Macron and his campaign, you know you are targeted? What is that counteroffensive Mahjoubi was talking about?
The phishing attacks targeting the Macron campaign exploited the fact that its email system was based on Microsofts OneDrive, which has a unique portal for many different operations , not only emails. Pawn Storm would send official looking emails fostering the recipients to sign in by clicking on a connection that appeared to be exactly the same as usualexcept the dots in the address had been replace by hyphens. If you speed read the URL, you cant induce the distinction, told Mahjoubi. And when the fake sign-in page came up it was pixel perfect.
The Trend Micro report publishes one of the fake URLs, but Mahjoubi said there were about 10 related to Pawn Storm/ Fancy Bear detected since December. And many more that may come from other hostile attackers.
Some hackers have used a more sophisticated technique called tabnabbing. The Trend Micro report tells it is part of the Pawn Storm arsenal, and Mahjoubi says the Macron campaign has been hit by it, but he cant substantiate the source.
In this attack scenario, says the Trend Micro Report, the target gets an email supposedly coming from a website he might be interested inmaybe from a seminar he is likely to visit or a news site he has subscribed to. The email has a link to a URL that looks very legitimate. When the target reads his email and clicks on the link, it will open in a new tab. This new tab will show the legitimate website of a seminar or news providers after being redirected from a site under the attackers control. The target is likely to spend some time browsing this legitimate site. Distracted, he probably did not notice that just before the redirection a simple script was run, changing the original webmail tab to a phishing site. When the target has finished reading the news article or meeting information on the legitimate site, he returns to the tab of his webmail. He is informed that his session has expired and the site requires his credentials again. He is then likely to reenter his password and devote his credentials away to the attackers.
We believe that they didnt break through. We are sure of it, said Mahjoubi. But the only way to be ready is to train the person or persons. Because what happened during the Hillary Clinton campaign is that one man, the most powerful,[ campaign chairwoman] John Podesta, logged on to his[ fake] page.
To keep the entire Macron campaign well informed such dangers, Mahjoubi said, Every week we send to the team screen captures of all the phishing addresses we have found during the course of its week. But thats just the first phase of the response. Then the Macron team starts filling in the forms on the fake sites: You can flood these address with multiple passwords and log-ins, true ones, false ones, so the people behind them use up a lot of time trying to figure them out.
Mahjoubi, a Parisian who is 33 and got his first job as a technician with one of Frances first internet service providers when he was 16, seems to enjoy current challenges. The core purpose of all these attacks is to unfocus us, he says. My role in this campaign is to make sure our message goes through. And hes determined that no Fancy Bear will stop that from happening.
Read more: www.thedailybeast.com