Category Archives: hacking

Top secret NSA report details Russian hacking effort days before 2016 election

The Intercept reports: Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept.

The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure. The report, dated May 5, 2017, is the most detailed U.S. government account of Russian interference in the election that has yet come to light.

While the document provides a rare window into the NSA’s understanding of the mechanics of Russian hacking, it does not show the underlying “raw” intelligence on which the analysis is based. A U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.

The report indicates that Russian hacking may have penetrated further into U.S. voting systems than was previously understood. It states unequivocally in its summary statement that it was Russian military intelligence, specifically the Russian General Staff Main Intelligence Directorate, or GRU, that conducted the cyber attacks described in the document:

Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions. … The actors likely used data obtained from that operation to … launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations.

This NSA summary judgment is sharply at odds with Russian President Vladimir Putin’s denial last week that Russia had interfered in foreign elections: “We never engaged in that on a state level, and have no intention of doing so.” Putin, who had previously issued blanket denials that any such Russian meddling occurred, for the first time floated the possibility that freelance Russian hackers with “patriotic leanings” may have been responsible. The NSA report, on the contrary, displays no doubt that the cyber assault was carried out by the GRU. [Continue reading…]

Facebooktwittermail

Putin hints at U.S. election meddling by ‘patriotically minded’ Russians

The New York Times reports: Shifting from his previous blanket denials, President Vladimir V. Putin of Russia said on Thursday that “patriotically minded” private Russian hackers could have been involved in cyberattacks last year to help the presidential campaign of Donald J. Trump.

While Mr. Putin continued to deny any state role, his comments to reporters in St. Petersburg were a departure from the Kremlin’s previous position: that Russia had played no role whatsoever in the hacking of the Democratic National Committee and that, after Mr. Trump’s victory, the country had become the victim of anti-Russia hysteria among crestfallen Democrats.

Raising the possibility of attacks by what he portrayed as free-spirited Russian patriots, Mr. Putin said that hackers “are like artists” who choose their targets depending how they feel “when they wake up in the morning.” [Continue reading…]

Facebooktwittermail

How alleged Russian hacker, ‘Guccifer 2.0,’ teamed up with Florida GOP operative and funneled data to Trump campaign

The Wall Street Journal reports: The hacking spree that upended the presidential election wasn’t limited to Democratic National Committee memos and Clinton-aide emails posted on websites. The hacker also privately sent Democratic voter-turnout analyses to a Republican political operative in Florida named Aaron Nevins.

Learning that hacker “Guccifer 2.0” had tapped into a Democratic committee that helps House candidates, Mr. Nevins wrote to the hacker to say: “Feel free to send any Florida based information.”

Ten days later, Mr. Nevins received 2.5 gigabytes of Democratic Congressional Campaign Committee documents, some of which he posted on a blog called HelloFLA.com that he ran using a pseudonym.

Soon after, the hacker sent a link to the blog article to Roger Stone, a longtime informal adviser to then-candidate Donald Trump, along with Mr. Nevins’ analysis of the hacked data.

Mr. Nevins confirmed his exchanges after The Wall Street Journal identified him first as the operator of the HelloFLA blog and then as the recipient of the stolen DCCC data. The Journal also reviewed copies of exchanges between the hacker and Mr. Nevins. That the obscure blog had received hacked Democratic documents was previously known, but not the extent of the trove or the blogger’s identity.

In hopes of a scoop, he said, he reached out to Guccifer 2.0 on Aug. 12 after seeing a newspaper article about a hack of the DCCC. The hacker using the Guccifer 2.0 name had invited journalists to send questions via Twitter direct messages, which Mr. Nevins did.

Seeing that some of what Guccifer 2.0 had was months old, Mr. Nevins advised the hacker that releasing fresher documents would have a lot more impact.

More impressed after studying the voter-turnout models, Mr. Nevins told the hacker, “Basically if this was a war, this is the map to where all the troops are deployed.” [Continue reading…]

Facebooktwittermail

Russian hackers are using ‘tainted’ leaks to sow disinformation

Andy Greenberg writes: Over the past year, the Kremlin’s strategy of weaponizing leaks to meddle with democracies around the world has become increasingly clear, first in the US and more recently in France. But a new report by a group of security researchers digs into another layer of those so-called influence operations: how Russian hackers alter documents within those releases of hacked material, planting disinformation alongside legitimate leaks.

A new report from researchers at the Citizen Lab group at the University of Toronto’s Munk School of Public Affairs documents a wide-ranging hacking campaign, with ties to known Russian hacker groups. The effort targeted more than 200 individuals, ranging from Russian media to a former Russian prime minister to Russian opposition groups, and assorted government and military personnel from Ukraine to Vietnam. Noteworthy among the leaks: A Russia-focused journalist and author whose emails were not only stolen but altered before their release. Once they appeared on a Russian hactivist site, Russian state media used the disinformation to concoct a CIA conspiracy.

The case could provide the clearest evidence yet that Russian hackers have evolved their tactics from merely releasing embarrassing true information to planting false leaks among those facts. “Russia has a long history of experience with disinformation,” says Ron Deibert, the political science professor who led Citizen Lab’s research into the newly uncovered hacking spree. “This is the first case of which I am aware that compares tainted documents to originals associated with a cyber espionage campaign.” [Continue reading…]

Facebooktwittermail

Top Russian officials discussed how to influence Trump aides last summer

The New York Times reports: American spies collected information last summer revealing that senior Russian intelligence and political officials were discussing how to exert influence over Donald J. Trump through his advisers, according to three current and former American officials familiar with the intelligence.

The conversations focused on Paul Manafort, the Trump campaign chairman at the time, and Michael T. Flynn, a retired general who was advising Mr. Trump, the officials said. Both men had indirect ties to Russian officials, who appeared confident that each could be used to help shape Mr. Trump’s opinions on Russia.

Some Russians boasted about how well they knew Mr. Flynn. Others discussed leveraging their ties to Viktor F. Yanukovych, the deposed president of Ukraine living in exile in Russia, who at one time had worked closely with Mr. Manafort.

The intelligence was among the clues — which also included information about direct communications between Mr. Trump’s advisers and Russian officials — that American officials received last year as they began investigating Russian attempts to disrupt the election and whether any of Mr. Trump’s associates were assisting Moscow in the effort. Details of the conversations, some of which have not been previously reported, add to an increasing understanding of the alarm inside the American government last year about the Russian disruption campaign. [Continue reading…]

CNN reports: Attorney General Jeff Sessions did not disclose meetings he had last year with Russian officials when he applied for his security clearance, the Justice Department told CNN Wednesday.

Sessions, who met with Russian Ambassador Sergey Kislyak at least two times last year, didn’t note those interactions on the form, which requires him to list “any contact” he or his family had with a “foreign government” or its “representatives” over the past seven years, officials said.

The new information from the Justice Department is the latest example of Sessions failing to disclose contacts he had with Russian officials. He has come under withering criticism from Democrats following revelations that he did not disclose the same contacts with Kislyak during his Senate confirmation hearings earlier this year. [Continue reading…]

ABC News reports: Even with the Senate Intelligence Committee focused this week on its investigation of Russia’s alleged meddling in last year’s presidential election, the committee met behind closed doors today for a classified briefing from senior FBI and Homeland Security officials over another alleged threat emanating from Moscow: a major software company whose products are used widely across the United States.

The visit from FBI and Homeland Security officials has long been planned. But congressional sources told ABC News that in recent days the agenda expanded to specifically include an update on U.S. intelligence about Kaspersky Lab, a Moscow-based firm that has become one of the world’s largest and most respected cybersecurity firms.

Current and former U.S. officials worry that state-sponsored hackers could try to exploit Kaspersky Lab’s anti-virus software to steal and manipulate users’ files, read private emails or attack critical infrastructure in the U.S. And they point to Kaspersky Lab executives with previous ties to Russian intelligence and military agencies. [Continue reading…]

Facebooktwittermail

Inside Russia’s social media cyberwar on America

Time reports: On March 2, a disturbing report hit the desks of U.S. counterintelligence officials in Washington. For months, American spy hunters had scrambled to uncover details of Russia’s influence operation against the 2016 presidential election. In offices in both D.C. and suburban Virginia, they had created massive wall charts to track the different players in Russia’s multipronged scheme. But the report in early March was something new.

It described how Russia had already moved on from the rudimentary email hacks against politicians it had used in 2016. Now the Russians were running a more sophisticated hack on Twitter. The report said the Russians had sent expertly tailored messages carrying malware to more than 10,000 Twitter users in the Defense Department. Depending on the interests of the targets, the messages offered links to stories on recent sporting events or the Oscars, which had taken place the previous weekend. When clicked, the links took users to a Russian-controlled server that downloaded a program allowing Moscow’s hackers to take control of the victim’s phone or computer–and Twitter account.

As they scrambled to contain the damage from the hack and regain control of any compromised devices, the spy hunters realized they faced a new kind of threat. In 2016, Russia had used thousands of covert human agents and robot computer programs to spread disinformation referencing the stolen campaign emails of Hillary Clinton, amplifying their effect. Now counterintelligence officials wondered: What chaos could Moscow unleash with thousands of Twitter handles that spoke in real time with the authority of the armed forces of the United States? At any given moment, perhaps during a natural disaster or a terrorist attack, Pentagon Twitter accounts might send out false information. As each tweet corroborated another, and covert Russian agents amplified the messages even further afield, the result could be panic and confusion.

For many Americans, Russian hacking remains a story about the 2016 election. But there is another story taking shape. Marrying a hundred years of expertise in influence operations to the new world of social media, Russia may finally have gained the ability it long sought but never fully achieved in the Cold War: to alter the course of events in the U.S. by manipulating public opinion. The vast openness and anonymity of social media has cleared a dangerous new route for antidemocratic forces. “Using these technologies, it is possible to undermine democratic government, and it’s becoming easier every day,” says Rand Waltzman of the Rand Corp., who ran a major Pentagon research program to understand the propaganda threats posed by social media technology. [Continue reading…]

Facebooktwittermail

How Trump exposes himself to foreign surveillance on a regular basis

ProPublica reports: Two weeks ago, on a sparkling spring morning, we went trawling along Florida’s coastal waterway. But not for fish.

We parked a 17-foot motor boat in a lagoon about 800 feet from the back lawn of The Mar-a-Lago Club in Palm Beach and pointed a 2-foot wireless antenna that resembled a potato gun toward the club. Within a minute, we spotted three weakly encrypted Wi-Fi networks. We could have hacked them in less than five minutes, but we refrained.

A few days later, we drove through the grounds of the Trump National Golf Club in Bedminster, New Jersey, with the same antenna and aimed it at the clubhouse. We identified two open Wi-Fi networks that anyone could join without a password. We resisted the temptation.

We have also visited two of President Donald Trump’s other family-run retreats, the Trump International Hotel in Washington, D.C., and a golf club in Sterling, Virginia. Our inspections found weak and open Wi-Fi networks, wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information.

The risks posed by the lax security, experts say, go well beyond simple digital snooping. Sophisticated attackers could take advantage of vulnerabilities in the Wi-Fi networks to take over devices like computers or smart phones and use them to record conversations involving anyone on the premises.

“Those networks all have to be crawling with foreign intruders, not just ProPublica,” said Dave Aitel, chief executive officer of Immunity, Inc., a digital security company, when we told him what we found. [Continue reading…]

Facebooktwittermail

NSA officials worried about the day its potent hacking tool would get loose. Then it did

The Washington Post reports: When the National Security Agency began using a new hacking tool called EternalBlue, those entrusted with deploying it marveled at both its uncommon power and the widespread havoc it could wreak if it ever got loose.

Some officials even discussed whether the flaw was so dangerous they should reveal it to Microsoft, the company whose software the government was exploiting, according to former NSA employees who spoke on the condition of anonymity given the sensitivity of the issue.

But for more than five years, the NSA kept using it — through a time period that has seen several serious security breaches — and now the officials’ worst fears have been realized. The malicious code at the heart of the WannaCry virus that hit computer systems globally late last week was apparently stolen from the NSA, repackaged by cybercriminals and unleashed on the world for a cyberattack that now ranks as among the most disruptive in history. [Continue reading…]

Facebooktwittermail

How NSA secrets helped cybercriminals mount a worldwide attack

The Washington Post reports: Computers around the world are suffering an attack from malicious software. The compromised computers have been hit by “ransomware” — software that encrypts the computer’s hard drive so that all the information on it is unavailable, and refuses to release it until a ransom is paid in Bitcoin, an online currency that is difficult to trace. Among the victims are FedEx, Britain’s National Health Service and computers belonging to Russia’s Ministry for the Interior.

Ransomware attacks have happened before. What is unusual is how quickly this attack is compromising large numbers of critical computers. It has been so successful because it has made use of a so-called “zero-day exploit” — a previously unknown flaw in Windows software that makes it easy to take control of vulnerable systems. This zero day exploit became publicly known last month, when it was released as part of a treasure trove of NSA data by the “Shadow Brokers,” a shadowy group of hackers who many believe are associated with Russian intelligence. Criminal hackers appear to have combined this exploit with ransomware tools to mount a worldwide campaign. Here’s what you need to know to understand what happened. [Continue reading…]

The Guardian reports: An “accidental hero” has halted the global spread of the WannaCry ransomware, reportedly by spending a few dollars on registering a domain name hidden in the malware.

The ransomware has wreaked havoc on organizations including FedEx and Telefonica, as well as the UK’s National Health Service (NHS), where operations were cancelled, x-rays, test results and patient records became unavailable and phones did not work.

However, a UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and activated a “kill switch” in the malicious software.

The switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading.

“I saw it wasn’t registered and thought, ‘I think I’ll have that’,” he is reported as saying. The purchase cost him $10.69. Immediately, the domain name was registering thousands of connections every second.

“They get the accidental hero award of the day,” said Proofpoint’s Ryan Kalember. “They didn’t realize how much it probably slowed down the spread of this ransomware.”

The time that @malwaretechblog registered the domain was too late to help Europe and Asia, where many organizations were affected. But it gave people in the US more time to develop immunity to the attack by patching their systems before they were infected, said Kalember. [Continue reading…]

Facebooktwittermail

Hackers came, but the French were prepared

The New York Times reports: Everyone saw the hackers coming.

The National Security Agency in Washington picked up the signs. So did Emmanuel Macron’s bare-bones technology team. And mindful of what happened in the American presidential campaign, the team created dozens of false email accounts, complete with phony documents, to confuse the attackers.

The Russians, for their part, were rushed and a bit sloppy, leaving a trail of evidence that was not enough to prove for certain they were working for the government of President Vladimir V. Putin but which strongly suggested they were part of his broader “information warfare” campaign.

The story told by American officials, cyberexperts and Mr. Macron’s own campaign aides of how a hacking attack intended to disrupt the most consequential election in France in decades ended up a dud was a useful reminder that as effective as cyberattacks can be in disabling Iranian nuclear plants, or Ukrainian power grids, they are no silver bullet. The kind of information warfare favored by Russia can be defeated by early warning and rapid exposure.

But that outcome was hardly assured on Friday night, when what was described as a “massive” hacking attack suddenly put Mr. Macron’s electoral chances in jeopardy. To French and American officials, however, it was hardly a surprise.

Testifying in front of the Senate Armed Services Committee in Washington on Tuesday, Adm. Michael S. Rogers, the director of the National Security Agency, said American intelligence agencies had seen the attack unfolding, telling their French counterparts, “Look, we’re watching the Russians. We’re seeing them penetrate some of your infrastructure. Here’s what we’ve seen. What can we do to try to assist?”

But the staff at Mr. Macron’s makeshift headquarters in the 15th Arrondissement at the edge of Paris didn’t need the N.S.A. to tell them they were being targeted: In December, after the former investment banker and finance minister had emerged as easily the most anti-Russian, pro-NATO and pro-European Union candidate in the presidential race, they began receiving phishing emails.

The phishing mails were “high quality,” said Mr. Macron’s digital director, Mounir Mahjoubi: They included the actual names of members of the campaign staff, and at first glance appeared to come from them. Typical was the very last one the campaign received, several days before the election on Sunday, which purported to have come from Mr. Mahjoubi himself.

“It was almost like a joke, like giving us all the finger,” Mr. Mahjoubi said in interview on Tuesday. The final email enjoined recipients to download several files “to protect yourself.”

Even before then, the Macron campaign had begun looking for ways to make life a little harder for the Russians, showing a level of skill and ingenuity that was missing in Hillary Clinton’s presidential campaign and at the Democratic National Committee, which had minimal security protections and for months ignored F.B.I. warnings that its computer system had been penetrated. [Continue reading…]

Facebooktwittermail

Here’s how easy it is to get Trump officials to click on a fake link in email

Gizmodo reports: Even technology experts can be insecure on the internet, as last week’s “Google Docs” phishing attack demonstrated. An array of Gmail users, including BuzzFeed tech reporter Joe Bernstein, readily handed over access to their email to a bogus app. Politicians should be especially wary of suspicious emails given recent events, yet a security test run by the Special Projects Desk found that a selection of key Trump Administration members and associates would click on a link from a fake address.

The Trump camp has talked a lot about cybersecurity—or “the cyber”—particularly to criticize Hillary Clinton for the risks posed by her private email server and to savor the damage done by hacks against the Democratic National Committee and Clinton campaign chairman John Podesta. Its own record, however, is less than sterling—in January, notably, after Trump named Rudolph Giuliani as a cybersecurity advisor, experts promptly discovered that the Giuliani Security corporate website was riddled with known vulnerabilities.

So, three weeks ago, Gizmodo Media Group’s Special Projects Desk launched a security preparedness test directed at Giuliani and 14 other people associated with the Trump Administration. We sent them an email that mimicked an invitation to view a spreadsheet in Google Docs. The emails came from the address security.test@gizmodomedia.com, but the sender name each one displayed was that of someone who might plausibly email the recipient, such as a colleague, friend, or family member.

The link in the document would take them to what looked like a Google sign-in page, asking them to submit their Google credentials. The url of the page included the word “test.” The page was not set up to actually record or retain the text of their passwords, just to register who had attempted to submit login information.

Some of the Trump Administration people completely ignored our email, the right move. But it appears that more than half the recipients clicked the link: Eight different unique devices visited the site, one of them multiple times. There’s no way to tell for sure if the recipients themselves did all the clicking (as opposed to, say, an IT specialist they’d forwarded it to), but seven of the connections occurred within 10 minutes of the emails being sent.

At least the recipients didn’t go farther. Our testing setup—which included disclaimers for careful readers at each step—did not induce anyone to go all the way and try to hand over their credentials.

Two of the people we reached—informal presidential advisor Newt Gingrich and FBI director James Comey—replied to the emails they’d gotten, apparently taking the sender’s identity at face value. Comey, apparently believing that he was writing to his friend, Lawfareblog.com editor-in-chief Ben Wittes, wrote: “Don’t want to open without care. What is it?” And Gingrich, apparently under the impression he was responding to an email from his wife, Callista, wrote: “What is this?”

In both cases, we didn’t respond. In an actual phishing attack, the replies could have given the sender a chance to more aggressively put their targets at ease and lure them in. [Continue reading…]

Facebooktwittermail

Trump’s silence on French hacks troubles cyber experts

Politico reports: The Trump administration is so far ignoring pleas from both on and off Capitol Hill to denounce the suspected Russian-backed digital assault that appeared aimed to tilt Sunday’s French presidential election toward nationalist candidate Marine Le Pen.

The White House’s failure to mention the attack on one of America’s oldest allies has worried Democrats, cyber policy specialists and former White House officials, who say the omission reveals a troubling inability to call out Russia over its digital aggression.

“This is an issue that should provoke grave concern in both parties,” Senate Minority Leader Chuck Schumer said on the floor Monday afternoon. “It should compel us, Democrats and Republicans, to take proactive actions against this new threat.”

In the hack — which some researchers have linked to Russian intelligence — tens of thousands of internal documents and emails appeared online late Friday after being pilfered from the political party of centrist candidate Emmanuel Macron. The dump came less than two days before Macron’s resounding victory on Sunday.

The White House’s lack of comment on the incident comes just over a week after President Donald Trump publicly renewed his own skepticism about Russia’s role in the hacking of Democratic Party emails during the U.S. presidential race, despite the U.S. intelligence community’s forceful conclusion that senior Kremlin officials personally orchestrated the campaign with the aim of undermining Hillary Clinton.

“The silence is just a sign of how unprepared we are to deal with these things,” said James Lewis, a cyber expert at the Center for Strategic and International Studies. [Continue reading…]

Trump’s silence is most likely even more indicative of this: that the Faustian bargain he made with Putin was that his presidency could be the beneficiary of Russian hacking with the understanding that sooner or later it could also become a target.

It is highly implausible that the Trump campaign and Trump presidency have not been the targets of damaging hacking attacks due to their mastery of information security. Much more likely, Russia holds a trove of damning information on Trump that at any time of its choosing it could release in order to destroy a president who turned out to have proved himself unworthy of protection.

Trump’s silence is a sign of his obedience.

Facebooktwittermail

Evidence suggests Russia behind hack of French president-elect

Ars Technica reports: Late on May 5 as the two final candidates for the French presidency were about to enter a press blackout in advance of the May 7 election, nine gigabytes of data allegedly from the campaign of Emmanuel Macron were posted on the Internet in torrents and archives. The files, which were initially distributed via links posted on 4Chan and then by WikiLeaks, had forensic metadata suggesting that Russians were behind the breach—and that a Russian government contract employee may have falsified some of the dumped documents.

Even WikiLeaks, which initially publicized the breach and defended its integrity on the organization’s Twitter account, has since acknowledged that some of the metadata pointed directly to a Russian company with ties to the government:


Evrika (“Eureka”) ZAO is a large information technology company in St. Petersburg that does some work for the Russian government, and the group includes the Federal Security Service of the Russian Federation (FSB) among its acknowledged customers (as noted in this job listing). The company is a systems integrator, and it builds its own computer equipment and provides “integrated information security systems.” The metadata in some Microsoft Office files shows the last person to have edited the files to be “Roshka Georgiy Petrovich,” a current or former Evrika ZAO employee. [Continue reading…]

Facebooktwittermail

In France, a hack falls flat

Isaac Stanley-Becker and Ellen Nakashima write: In France, few people even knew what was in the Macron team’s emails. The blanket ban on campaigning meant that far-right candidate Marine Le Pen and her National Front couldn’t mention them, though a deputy leader of her party did tweet early Saturday, “Will #Macronleaks teach us something that investigative journalism has deliberately killed?”

The answer was no. Most media chose to heed a request from the France’s electoral commission not to reproduce the emails’ contents. Le Monde, the major French daily, said in a statement that it had seen part of the documents but would not publish their details before the election, due to the volume of the dump and because the release had “the clear goal of harming the validity of the ballot.”

The paper’s editor, Jerome Fénoglio, said in an interview that the documents would have been leaked earlier if they had contained damaging information. As it was, he said, “the best hope was to make noise.”

He said the response of the media in France carried lessons for journalists elsewhere, including those in the United States who rushed to reproduce pre-election leaks without thoroughly investigating their origins.

“Hiding information is not the same thing as refusing to be manipulated by those who diffuse the information,” Fénoglio said. [Continue reading…]

Facebooktwittermail

The clever timing of the Macron data dump

An election whose outcome is widely perceived as a foregone conclusion, is an election sure to be met with widespread voter apathy. Combine that with the fact that many French voters have almost equal distaste for both candidates in Sunday’s election and the assumption that its outcome is certain becomes much more questionable.

Wikileaks/Julian Assange, posturing as an impartial observer, was quick to promote the #MacronLeaks hashtag and to focus on the timing of the “leak.”


The Wikileaks/Russian narrative is clear: don’t be misled by reports that reveal Russian involvement in this “massive leak.” It’s timing makes it clear that this is the handiwork of naive hackers who “don’t get timing.”

A stronger argument can be made, however, that the timing of this data dump, far from being curious or naive, was strategically chosen to be of maximum effect and that its intended effect, more than anything else, was to taint the election outcome. This has less to do with determining who becomes France’s next president than it has with poisoning the democratic process.

Think about it: A leak worthy of that label is by its nature revelatory. It brings to light information that was up until that moment, guarded in secrecy. That secrecy had been maintained purposefully to prevent the damaging effects of revelation.

The Macron data dump, however, was identified by its size rather than its content. The shorter the interval between its release and election day, the less time there would be to highlight its vacuity.

Moreover, in terms of political effect, the act and event of digital leaking has in this cynical era generally taken on more significance as a form of political theater than as an instrument of truth telling.

The leak makes the target look vulnerable and poorly equipped to handle the levers of state in a age that requires data security.

The hacker, like the terrorist, “wins” for no other reason than the fact that he couldn’t be stopped.

The cleverness of timing this attack on the French election minutes before political campaigning was legally required to end, was that #MacronLeaks would then be able to play out most freely in social media while France’s mainstream media would remain largely silent.

The overarching strategy here is one we’ve seen before: it’s about fabricating something out of nothing in order to foment and sustain a visceral mistrust that is immune to reason.

This hacking will have worked, like many before and many more to come, not because it raised awareness but because it can serve as an instrument for steering popular sentiment.

This is hacking as a form of advertising and thus its purpose is less to change the way people think than the way they feel.

In order to achieve its maximum effect, as Dominic Cummings, who ran Britain’s Vote Leave campaign, has noted, the crucial element in advertising is timing:

One of the few reliable things we know about advertising amid the all-pervasive charlatanry is that, unsurprisingly, adverts are more effective the closer to the decision moment they hit the brain.

In France, as has happened elsewhere, the war against democracy will continue to progress with or without spectacular victories, as citizens lose faith and lose interest in actively sustaining freedoms they have long taken for granted. #MacronLeaks advances that process.

Facebooktwittermail

Did Macron outsmart campaign hackers?

Christopher Dickey writes: It was the dog that didn’t bark in the night, and its bite may be less impressive still. As a tale of hacking and political subversion unfolded in France on Friday and Saturday, it looked like a re-run of the American experience. But there are some critical differences.

In the last hours before midnight on Friday, just before a campaigning blackout imposed by French electoral law in anticipation of the crucial vote on Sunday, somebody dumped nine gigabytes of emails and documents supposedly purloined from the campaign of leading presidential candidate Emmanuel Macron.

It looked like, and almost certainly was, a last-minute bid to tip the scales in favor of the centrist Macron’s opponent, the nativist, populist Marine Le Pen, who has received more-than-tacit endorsements from Russian President Vladimir Putin, who received her at the Kremlin, and U.S. President Donald Trump, who has declared his appreciation of her as the “strongest” candidate.

Macron, by contrast, is favored by those who want a strong European Union, a strong NATO, and a France looking to the future rather than clinging to the fearful and fictional nostalgia promulgated by Le Pen.

As the news broke, suspicion focused on the same “Fancy Bear” Russian hackers who fiddled with the American presidential campaign last year. As The Daily Beast reported 10 days earlier, they have been working hard for the election of anti-immigrant, anti-Muslim, anti-European Union, anti-euro, anti-NATO, anti-American, Pro-Trump Le Pen.

Literally at the 11th hour, before the blackout would silence it, the Macron campaign issued a statement saying it had been hacked and many of the documents that were dumped on the American 4Chan site and re-posted by Wikileaks were fakes.

The mainstream French media carried the Macron campaign statement, but virtually nothing else. In addition to the normal proscription of campaign “propaganda” on election eve, the government issued a statement saying specifically that anyone disseminating the materials in this dump in France could be liable to prosecution, and calling on the media to shoulder their “responsibility” by steering clear of them. [Continue reading…]

Facebooktwittermail

There are no ‘Macron leaks’ in France. Politically motivated hacking is not whistleblowing

Robert Mackey writes: Here’s some news for the alt-right activists in the United States behind a disinformation campaign aimed at getting Marine Le Pen elected president of France by spreading rumors about her opponent, Emmanuel Macron: The French do not much like having their intelligence insulted by Americans.


That theme was repeated again and again in France on Saturday, in response to reports that a trove of hacked documents — nine gigabytes of memos and emails stolen from Macron aides and posted online Friday night, just before a legally imposed blackout on statements from candidates took effect — was first publicized on social networks by pro-Trump propagandists. [Continue reading…]

Facebooktwittermail

A last-minute attempt to sabotage the French presidential election

The Washington Post reports: The French campaign watchdog on Saturday began investigating the “massive and coordinated piracy action” that presidential candidate Emmanuel Macron reported just minutes before the official end of campaigning in the most heated election for the presidency that France has seen in decades.

Late on Friday, the Macron campaign said in a statement that it had been the victim of a major hacking operation that saw thousands of emails and other internal communications dumped into the public domain.

At the end of a high-stakes race, the news quickly stoked fears of a targeted operation meant to destabilize the electoral process, especially after reports of Russian hacking in the U.S. presidential election.

Macron, an independent centrist, is facing off against the far-right populist ­and National Front leader Marine Le Pen, who for years has benefitted from considerable Russian financial support and from favorable coverage in state-run Russian media. Voters are set to decide Sunday which candidate becomes France’s next president.

“Intervening in the last hour of the official campaign, this operation is obviously a democratic destabilization, as has already been seen in the United States during the last presidential campaign,” the Macron campaign said.

It was not immediately clear who was being blamed for the hacking, which the campaign said had led to the leaking of documents via social media networks. [Continue reading…]

Reuters reports: Ben Nimmo, a UK-based security researcher with the Digital Forensic Research Lab of the Atlantic Council think tank, said initial analysis indicated that a group of U.S. far-right online activists were behind early efforts to spread the documents via social media. They were later picked up and promoted by core social media supporters of Le Pen in France, Nimmo said.

The leaks emerged on 4chan, a discussion forum popular with far right activists in the United States. An anonymous poster provided links to the documents on Pastebin, saying, “This was passed on to me today so now I am giving it to you, the people.”

The hashtag #MacronLeaks was then spread by Jack Posobiec, a pro-Trump activist whose Twitter profile identifies him as Washington D.C. bureau chief of the far-right activist site Rebel TV, according to Nimmo and other analysts tracking the election. Contacted by Reuters, Posobiec said he had simply reposted what he saw on 4chan.

“You have a hashtag drive that started with the alt-right in the United States that has been picked up by some of Le Pen’s most dedicated and aggressive followers online,” Nimmo told Reuters.

Vitali Kremez, director of research with New York-based cyber intelligence firm Flashpoint, told Reuters his review indicates that APT 28, a group tied to the GRU, the Russian military intelligence directorate, was behind the leak. He cited similarities with U.S. election hacks that have been previously attributed to that group.

APT28 last month registered decoy internet addresses to mimic the name of En Marche, which it likely used send tainted emails to hack into the campaign’s computers, Kremez said. Those domains include onedrive-en-marche.fr and mail-en-marche.fr.

“If indeed driven by Moscow, this leak appears to be a significant escalation over the previous Russian operations aimed at the U.S. presidential election, expanding the approach and scope of effort from simple espionage efforts towards more direct attempts to sway the outcome,” Kremez said. [Continue reading…]

The New York Times reports: In April, a report by the cybersecurity firm Trend Micro said there was evidence that the campaign was targeted in March by what appeared to be the same Russian operatives who were responsible for hacks of Democratic campaign officials before last year’s American presidential election. [Continue reading…]

Zeynep Tufekci writes: Hacking and releasing all internal documents and private communication of one campaign is a form of political sabotage, and it may be more potent than you expect. There won’t be time to prove or debunk anything but the confusion will spread. This isn’t whistleblowing meant to shed light on the operations of power. The goal is to frustrate, not persuade, and to create doubt, confusion and paralysis.

In the United States, many reporters had great difficulty resisting the lure of the uncurated dump from the Clinton campaign. I watched on Twitter as they spent a lot of time digging up emails about themselves and colleagues, and chuckling and snarking over it. There were just six weeks left before a consequential election in the United States, but they couldn’t take their eyes of all this candy, Most of the stuff was mundane. There were a few items of public interest — vastly outweighed by juicy, juicy gossip. A lot of this gossip made its way to major newspapers, even their front pages. Important issues got buried. We got very few stories before the election, for example, about the unprecedented conflicts-of-interest that would be posed by a presidency of a businessman with vast holdings all over the world, and a name that he licenses to commercial buildings.

It’s true that there is barely more than a day left until your election, but such fixation with the gossipy side of politics can cripple reporters’ attention after the election too. Editors will be tempted to assign many reporters to dig through the whole dump, and reporters may find themselves mentioned.

There are a lot of things you probably should be reporting on after the election, and the day will still be 24 hours. Editors and reporters should not just follow the candy that has been deliberately dumped in front of them. It’s hard to resist such temptation, but in an age when censorship operates by distracting us from what’s important, it is crucial to consider what’s essential and what is deliberate ploys at distraction. Consider carefully the opportunity cost of assigning large numbers of reporters to search through the dump. In this day of shrinking newspaper budgets, what else are you not covering? What does it mean to rifle through one side’s internal communication, while completely silent on the other, unhacked counterpart?

My advice for traditional media simple, but hard to follow: when reporting, have a laser sharp eye on news truly in the public interest: gross misconduct; major corruption; criminal actions. Before reporting on information from a hack, ask yourself this: would you go to great lengths to find a way to hack or leak this information if it wasn’t just conveniently dumped in front of you? If not, it’s probably not newsworthy enough to report on.

And while reporting, don’t forget the bigger story: this was an act of political sabotage, asymmetric releasing of all internal assets of only one campaign. The political sabotage itself is news, and it should be covered as news—and not just after the fact. [Continue reading…]

Facebooktwittermail