Another presidential election, another massive data dump seemingly intended to sabotage a center-left candidate. But in the case of France's impending runoff, slated for Sunday, the latest leak of emails appears far more slap-dash than the Russian hacks and leaks that plagued Hillary Clinton's campaign. And in this case, they're timed to prevent the target of those leaks from even having a chance to respond.
On Friday, a collection of links to torrent files appeared on the anonymous publishing site PasteBin. The 9GB trove purports to be an archive of leaked emails from the party of Emmanuel Macron, the left-leaning candidate currently favored to win France's impending runoff election against far-right opponent Marine Le Pen.
The latest data dump comes less than 48 hours before France's election, possibly too late to shift its outcome---at least to the degree that the hacks of the DNC and Clinton campaign chairman John Podesta did in the months leading up to the US election. Its timing so close to the runoff could still prove strategic, as French law forbids candidates from speaking publicly for two days ahead of an election. That timing could prevent Macron himself from responding to any scandal that surfaces in the data dump, real or fabricated.
In a statement, Macron’s political party confirmed that hackers had compromised it. "The En Marche! party has been the victim of a massive, coordinated act of hacking, in which diverse internal information (mails, documents, accounting, contracts) have been broadcast this evening on social networks," reads a public statement in French from the Macron campaign. "The files which are circulating were obtained a few weeks ago thanks to the hacking of the professional and personal email accounts of several members of the campaign."
En Marche's acknowledgement of the hack doesn't mean all of the leaked emails themselves are genuine; the party's statement also warned that among the authentic documents in the leak were "numerous false documents intended to sow doubt and disinformation."
At a glance, the hacked email haul appears to not be entirely fabricated, says Rob Graham, a security consultant for Errata Security who has downloaded portions of the collection. "It has the structure of real email archives," Graham says. But he cautions that even if some part of the leak turns out to be genuine, it could easily contain specific forgeries designed to spark scandal.
"Presumably, someone will start pointing out any salacious emails," Graham adds. "You can bet that someone like WikiLeaks will pick these emails apart and post them individually."
Late last month, the security firm Trend Micro noted in a report that the Macron campaign appeared to be a target of the Russian-government-linked hacker group Fancy Bear, also known as Pawn Storm or APT 28. The firm's researchers found a phishing domain created by the hacker group in March, designed to target the campaign by impersonating the site that En March uses for cloud data storage. At the time, the Macron campaign claimed that that hacking attempts had failed. On Friday morning, users of the anonymous forum 4Chan had also purported to have published evidence of Macron's tax evasion, though those claims were also unverified, and it's not clear if they're connected to the current leak.
In the wake of Russian hackers' attempt to sway the US election, which remains the subject of two Congressional investigations, the cybersecurity community has warned that the Kremlin may attempt similar tricks to swing elections towards its favored candidates in the French and upcoming German elections, too.
Former British intelligence staffer Matt Tait warned that regardless of what it contains, the simple fact of the data dump achieves certain objectives. "By all means, look through them," he wrote on Twitter. "But do[so] with your eyes open and knowing that you're being played for free negative coverage/headlines."
The Macron campaign compared the hacking directly to the hacker targeting of Clinton campaign. "Intervening in the last hour of an official campaign, this operation clearly seeks to destabilize democracy, as already seen in the United States' last president campaign," the statement reads. "We cannot tolerate that the vital interests of democracy are thus endangered."
