Emmanuel Macron email leaks 'linked to Russian-backed hackers who attacked Democratic National Committee'

Analysis says clues lead to APT 28, a group allegedly behind US election attacks

Lizzie Dearden
Saturday 06 May 2017 16:36 BST
Mr Macron’s En Marche! party confirmed it had 'been the victim of a massive and coordinated hack' on Friday evening
Mr Macron’s En Marche! party confirmed it had 'been the victim of a massive and coordinated hack' on Friday evening (Reuters)

A huge leak of emails from Emmanuel Macron’s campaign team may have been orchestrated by the same group behind the Democratic National Committee leak, analysts say.

Code within a cache of up to 9GB of data and documents posted on an anonymous filesharing website was partly written in Russian, despite apparent efforts to delete metadata.

Vitali Kremez, director of research with US-based cyber intelligence firm Flashpoint, said his analysis indicated that APT 28, a group tied to Russia’s GRU military intelligence directorate, was behind the leak.

The collective, also known as “Fancy Bear” and “Sofacy”, has been linked to cyber attacks on the Democratic National Committee during the US election, the White House, German Parliament, Nato and French media.

Last month, APT 28 hackers registered decoy internet addresses to mimic the name of Mr Macron’s En Marche! party.

Attackers are believed to have used the domains to send corrupted emails to hack into the campaign’s computers, Mr Kremez said.

“If indeed driven by Moscow, this leak appears to be a significant escalation over the previous Russian operations aimed at the US presidential election, expanding the approach and scope of effort from simple espionage efforts towards more direct attempts to sway the outcome,” he added.

The leak came just little over a day before Mr Macron faces Marine Le Pen in the second and decisive vote of the French presidential election, where he has enjoyed a comfortable lead in polls.

It emerged on 4chan, where an anonymous poster provided links to documents on Pastebin with the message: “This was passed on to me today so now I am giving it to you, the people.”

Mr Macron’s En Marche! party confirmed it had “been the victim of a massive and coordinated hack” on Friday evening, adding that it had “given rise to the diffusion on social media of various internal information”.

A spokesperson said the communications only showed the normal functioning of a presidential campaign, but that authentic documents had been mixed on social media with fakes to sow “doubt and misinformation”.

Far-right American activists are believed to be behind early efforts to spread the documents on social media, before they were picked up by Ms Le Pen’s supporters in France.

The hashtag #MacronLeaks was spread by prominent Twitter accounts including that of Jack Posobiec, a pro-Donald Trump activist and employee of the far-right site Rebel TV.

France’s electoral commission warned local media that they could face prosecution for reporting on the content of the leaks, under rules that came into force at midnight to prevent influence on the election.

Ben Nimmo, of the Atlantic Council’s Digital Forensic Research Lab, said the mass document drop appeared to have been deliberately timed just hours before restrictions kicked in.

He said that the contents appeared to be “99 per cent boring” but that a social media frenzy over alleged “censorship” distracted from a lack of explosive revelations.

“The timing is interesting because it’s really targeted at that purdah period where the campaign can’t say anything and the mainstream media can’t do much,” he told The Independent.

Barack Obama backs Emmanuel Macron for French president in video message

“The fact it was dropped so close to the bell does mean that it’s very hard for anyone to dissect it, to verify it, to push back on it – but you’re also limiting its potential spread, so it goes both ways.”

Mr Nimmo has been monitoring a “very vocal and very aggressive” social media campaign supporting Ms Le Pen leading up to the election.

He said it has been aided by the alt-right in the US and UK, which has been launching its own “meme war” against the Front National leader’s rivals.

Because most of the images created being in English rather than French, the impact had so far been limited, Mr Nimmo said, but there are a number of automated “bots” on Twitter churning out anti-Macron stories and slogans.

He said the En Marche! leaks and other conspiracy theories targeting Mr Macron had exposed a “real confluence of interest” between Russia and the far right in Russia and France.

“They’re not necessarily coordinated, but they’re interested in a lot of the same stuff,” Mr Nimmo added.

“The most active accounts tweeting on the leaks support Ms Le Pen anyway, so that won’t solve her problem attracting new voters.

“I have not seen anything yet to suggest that the alt-right will be able to overturn a 20-point deficit in the polls.”

As the #MacronLeaks hashtag buzzed around social media, Florian Philippot, deputy leader of the Front National, tweeted: “Will #MacronLeaks teach us something that investigative journalism has deliberately kept silent?”

French media was attempting to cover the leak without violating election restrictions, with Le Monde publishing a statement saying it would not publish the content before the election.

The newspaper said the huge amount of data meant there was not enough time to report on it properly and claimed the dossiers had been published on purpose 48 hours before the election with the clear aim of "disrupting the political process".

“If these documents contain revelations, Le Monde will of course publish them after having investigated them, respecting our journalistic and ethical rules, and without allowing ourselves to be exploited by the publishing calendar of anonymous actors,” it said.

The cyber attack came just 10 days after the En Marche! digital chief Mounir Mahjoubi said it had been targeted by Russia-linked hackers – but that those hacking attempts had all been thwarted.

Officials reported failed attempts to steal email credentials dating back to January, identifying a hacking group operating in Ukraine.

There have been repeated allegations of Russian interference in elections across Europe and the US, with Mr Macron previously targeting state media for spreading “fake news” to damage his campaign.

Mr Macron has launched a legal complaint over allegations of an offshore bank account, which has triggered an inquiry into the suspected spread of false stories aimed at influencing the election.

Vladimir Putin has dismissed allegations of interference, hitting out at “rumours” and claiming Russia had itself been the target of meddling.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in