The lessons learned from France's thwarted election hack.
The ripple effects of Russia’s cyberattacks during the 2016 U.S. presidential election are still being processed. Ultimately, however, the hacks, which saw the release of thousands of documents from the U.S. Democratic National Committee (DNC) and presidential candidate Hillary Clinton’s personal email, is being blamed by some, at least in part, for her loss.
In France, however, a similar hack on now President Emmanuel Macron’s campaign just prior to the election by a yet to be officially confirmed source has garnered an entirely different narrative. The hack, which saw the release of various memos, emails and contracts, had seemingly no major effect on the outcome. This was helped in large part by the government-imposed media blackout, which bans any campaigning and media coverage seen as influential to the election in the 44 hours before polls close.
At the same time, however, this positive narrative was driven by the mundaneness of the information leaked, some of which even included fake documents planted by the campaign for potential hackers to find. Instead of leading to the downfall of a candidate, those responsible for the cybersecurity of President Macron’s campaign are receiving praise in various outlets for their preparation and response. Here are three lessons to
- Anticipate. While the DNC failed to heed warnings in 2015 from the U.S. Federal Bureau of Investigation that its computers had been compromised by “a cyberespionage team linked to the Russian government,” according to The New York Times, President Macron and his team braced for breaches from the start. “We knew we were going to be attacked and targeted,” Mounir Mahjoubi, head of digital for President Macron’s campaign and now the secretary of state in charge of digital affairs under President Macron, told The Guardian. In response, Secretary Mahjoubi and his team “focused on reducing the risk if anyone managed to break into the system,” The Guardian reported. “His digital team put in place traps for hackers, cyber-blurring with false email accounts and false documents, mainly to waste their time and slow them down—which also prevented hackers getting near [President] Macron’s own account or his top aides.”
- Counterattack. When President Macron’s campaign staffers received emails directing them to fake landing and login pages hackers could use to record keystrokes—a technique called tabnabbing—Secretary Mahjoubi and his digital team flooded those pages with fake passwords and data, making it harder for hackers to gain access to the campaign’s emails and basically wasting their time. “You can flood these addresses with multiple passwords and logins, true ones, false ones, so the people behind them use up a lot of time trying to figure them out,” Secretary Mahjoubi told Newsweek.
- Educate. Every week Secretary Mahjoubi and his team sent new phishing addresses they found to the election team, he told The Daily Beast. He also trained staffers to be on alert for various cyberattack techniques, such as tabnabbing. “The only way to be ready is to train the people,” Secretary Mahjoubi told The Daily Beast Click To Tweet. “Because what happened during the Hillary Clinton campaign is that one man, the most powerful, [campaign chairman] John Podesta, logged on to his [fake] page.”