Welcome to European Tribune. It's gone a bit quiet around here these days, but it's still going.
Display:
I'm not sure I'm any the wiser even at this late stage about:

  1. who is most likely to have done the hacking

  2. Was it an amateurish effort which succeeded only because Macron's security was poor, or whether it required "state level" expertise to pull it off

  3. Whether anything substantially embarrassing has been leaked

  4. Whether the leak included fake documents, and if so, most likely faked by whom

  5. Whether anybody in France gives a fcuk either way.

The only thing which seems clear is that it didn't have a substantial impact on the result, and any impact it did have may well have helped Macron.

The other issue which is raised by the episode is whether electoral laws need updating to cope with the possible impact of organised fake news and disinformation campaigns.  

Hillary obviously had a case that her defeat was at least, in part, due to a disinformation campaign against her.  But she has no effective remedy now the election is over. There is thus a case for legislating to ensure the courts can block publication of all illegally obtained information in the final weeks of a campaign unless there is strong corroborating evidence from legal sources.

However the bigger problem is whether blocking such information is even possible in the internet/social media driven world we live in. Perhaps we just have to educate the electorate to be more sceptical and discerning in their evaluation of "news".

Index of Frank's Diaries

by Frank Schnittger (mail Frankschnittger at hot male dotty communists) on Mon May 8th, 2017 at 05:19:21 PM EST
Further details via The Guardian:

Macron hackers linked to Russian-affiliated group behind US attack - Guardian

Vitali Kremez of Flashpoint said his review indicated APT 28 was behind the leak. As part of the group's spear phishing technique, it needs to register and control web addresses which could plausibly fool a target into thinking they were logging into a legitimate website. In the US elections, one such address ("myaccount.google.com-changepasswordmyaccount-idx8jxcn4ufdmncudd.gq") was designed to look like an official Google page.

Last month, APT 28 registered decoy internet addresses to mimic the name of Macron's movement, En Marche!, which it probably used to send emails to hack into the campaign's computers, Kremez said. Those domains include onedrive-en-marche.fr, designed to appear like an official Microsoft address, and mail-en-marche.fr, which pretended to be a webmail site.

"If indeed driven by Moscow, this leak appears to be a significant escalation over the previous Russian operations aimed at the US presidential election, expanding the approach and scope of effort from simple espionage efforts towards more direct attempts to sway the outcome," Kremez said.

by Bernard on Mon May 8th, 2017 at 05:35:54 PM EST
[ Parent ]
A cursory look at Wikileaks discussion leaves me convinced that there were indeed fake documents planted with the genuine ones, created by people using Cyrillic versions of Microsoft Office.

Macron's outfit are certain to be the most tech-smart of the political teams currently operating in France (I have no particular knowledge of this, it just stands to reason because of the demographics of his circle). I would expect that they used encryption when exchanging "sensitive" emails, so the dump will provide nothing more than mildly-embarrassing stuff (and I pity the journalists assigned to trawl through it). Their security was good enough to withstand direct penetration, and they  were penetrated by social engineering, aka phishing, which will always work if you put enough effort into it. It required a non-trivial tech effort, with fake servers with similar domain names to the real ones etc, to collect passwords.

It will be quickly forgotten in France, and rightly so. I imagine the American alt-right will still be ranting about it for years to come.

It is rightly acknowledged that people of faith have no monopoly of virtue - Queen Elizabeth II

by eurogreen on Mon May 8th, 2017 at 10:34:07 PM EST
[ Parent ]
European Tribune - The Macron Leak
There is thus a case for legislating to ensure the courts can block publication of all illegally obtained information in the final weeks of a campaign unless there is strong corroborating evidence from legal sources.  

Problem would be to find out if it was illegally obtained. Wikileaks maintains that it was leaked from inside, and a leak from inside is legal to accept and publish in most jurisdictions.

I think if one wants to get rid of this kind of leaks, one needs to direct the substanial state resources that today goes into creating and maintaining security flaws and instead direct it to preventing and fixes said flaws.

by fjallstrom on Tue May 9th, 2017 at 01:35:42 PM EST
[ Parent ]
  1. You can't fix social engineered phishing. Unless people stop being stupid. Not holding my breath.
  2. Obviously, leaking is not the same as whistleblowing. But the difference is moral, rather than legal. As the Luxleaks guys, among many others, have demonstrated.


It is rightly acknowledged that people of faith have no monopoly of virtue - Queen Elizabeth II
by eurogreen on Tue May 9th, 2017 at 06:03:55 PM EST
[ Parent ]

Display:

Occasional Series