- As Macron hackers linked to Russian-affiliated group behind US attack
A hundred and forty-one people were arrested in Paris after trouble flared overnight following Emmanuel Macron`s victory in France`s presidential election, police said on Monday.
Those detained in Menilmontant, a north-eastern district of Paris, were accused of offences ranging from throwing missiles at the police to damaging property.
The demonstrators were protesting both against Macron – criticised by many on France`s far left as a member of a discredited elite in thrall to global capitalism – and against his defeated far-right nationalist rival, Marine Le Pen.
Macron beat Le Pen by 66 percent to 34 on a platform of market-friendly reform and closer European integration.
However, an abstention rate of over 25 percent, and the fact that more than 11 percent of those who turned out chose neither candidate, pointed to a high degree of disillusionment with the choices on offer in the runoff.
The hardline leftist CGT labour union planned a demonstration in the capital later in the day against the kind of liberal economic policies that Macron espouses.
In the meantime, the hackers behind a “massive and coordinated” attack on the campaign of France’s president-elect, Emmanuel Macron, have been linked by a number of cybersecurity research firms to the same Russian-affiliated group blamed for attacking the Democratic party shortly before the US election.
Tens of thousands of internal emails and other documents were released online overnight on Friday as the midnight deadline to halt campaigning in the French election passed.
New York’s Flashpoint Intelligence and Tokyo-based Trend Micro have shared intelligence that suggests that the hacking group known variously as Advanced Persistent Threat 28, Fancy Bear and Pawn Storm was responsible. The group has been liked with the GRU, the Russian military intelligence directorate.
Vitali Kremez, director of research at Flashpoint, said his review indicated APT 28 was behind the leak. APT28 last month registered decoy internet addresses to mimic the name of Macron’s movement, En Marche!, which it probably used to send tainted emails to hack into the campaign’s computers, Kremez said. Those domains include onedrive-en-marche.fr and mail-en-marche.fr.
“If indeed driven by Moscow, this leak appears to be a significant escalation over the previous Russian operations aimed at the US presidential election, expanding the approach and scope of effort from simple espionage efforts towards more direct attempts to sway the outcome,” Kremez said.
Trend Micro similarly identified links between the hacks, with the same organisation registering a phishing address used in the DNC hacks in April 2016 and the Macron address in March this year. That organisation had also registered domain names with the apparent purpose of stealing details from Germany’s CDU and KAS, and from Montenegrin members of parliament.
Macron, an independent centrist, won Sunday’s runoff election against the far-right Marine Le Pen by a 66% to 34% margin.
EU capitals expressed relief that France had proven not to be the next domino to fall after Britain’s Brexit vote and Donald Trump’s election as US president. A congratulatory statement from the Kremlin, which had been widely seen as backing Le Pen, urged Macron to work with Russia to “overcome mutual mistrust and unite to ensure international stability and security”.
A number of factors appear to have lessened the impact of the hacks, from the late date when the stolen data was released – two days before Sunday’s second round runoff vote – to the rapid response of the French electoral authorities.
The presidential electoral authority, the CNCCEP, warned broadcasters and the public to avoid sharing details gleaned from the documents, 9GB of which were posted by a user calling themselves Emleaks to the anonymous data-sharing site Pastebin.
A third factor diminishing the impact of the hacks may have been the response of the Macron campaign, which intervened an hour before the legally imposed blackout on public statements from election candidates to report that many of the documents being shared were fake.
The Daily Beast claimed that rather than being faked by the hackers or those reposting the data, the bogus information had been planted by the Macron campaign, which had become aware it was the target of a phishing campaign and flooded the hackers with false information.
Despite the strong technical abilities believed to be possessed by APT 28, its primary route of attack is a simple yet effective method known as spear phishing: creating fake login pages targeted at individuals in an attempt to encourage them to enter their usernames and passwords, giving the hackers access to confidential information. They can then repeat the process, using the confidential information to craft even more convincing phishing pages, until they have stolen significant amounts of data.
The Macron campaign reportedly turned this strategy around by flooding “these addresses with multiple passwords and logins, true ones, false ones, so the people behind them use up a lot of time trying to figure them out”, according to Mounir Mahjoubi, the head of Macron’s digital team.
Zee with additional report from Guardian