nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Team Macron praised for feeding phishing spies duff info

Campaign planted bogus details on bogus websites but ultimately still got hacked

By John Leyden, 8 May 2017

Emmanuel Macron's campaign team reportedly used fake logins and docs to waste hacker resources and frustrate phishing attempts.

Although the newly elected French president's campaign was still hacked before the release of emails and other information last Friday, Team Macron's interference tactics have been heralded by at least some security pundits as a smart move. It's unclear whether or not the Macron campaign used 2FA, which remains a simple and effective defence against login phishing.1

Part of the En Marche! party's strategy against Fancy Bear (AKA APT28) was to "sign on to the phishing pages and plant bogus information".

"You can flood these [phishing] addresses with multiple passwords and logins, true ones, false ones, so the people behind them use up a lot of time trying to figure them out," Mounir Mahjoubi, the head of Macron's digital team, told The Daily Beast.

Besides tricking targets into submitting login credentials to bogus websites controlled by hackers, phishing has evolved to include malware-based approaches. Hackers send tailored documents designed to fool marks into opening them and running dodgy macros in Word documents or running booby-trapped PDF files.

Team Macron's tactics wouldn't help guard against malware without additional safeguards in place, security experts point out.

"I want to know if they accessed rogue pages from inside a secure environment," said Chris Boyd, a malware intelligence analyst at Malwarebytes. "Not much use punking phish pages if they got malware'd somehow. Their biggest error was hoping the blackout would help seed doubt, when instead it raised a huge 'shenanigans ahoy' flag instead."

Last weekend's leak once again raises questions about fake news and suspected Russian disinformation campaigns that were such a feature of last year's US presidential election.

Ryan Kalember, SVP of cybersecurity strategy at email security firm Proofpoint, said: "Some of the metadata from this breach clearly indicates that certain documents, such as those with Macron's 'Bahamian bank accounts' were edited on computers with Russian language operating systems. It's absolutely critical that French citizens confirm the legitimacy of the news they are reading as this story develops. Make sure it is a reputable outlet and check multiple sources to confirm accuracy."

Others are looking ahead to the forthcoming German elections, which, like the French elections, have already been targeted by hackers.

Chris Doman, security researcher at AlienVault, commented: "The impression on the 4chan boards, where the data was dumped – the so-called 'armpit of the internet' – is that this is all a game. But the effects of repeated attacks against political parties is serious. It's unlikely those orchestrating these attacks would have the best interests of those happily spreading their output at heart. While the French elections are now over, it's unlikely these types of attacks will be. Related attacks targeting German political parties for the upcoming German elections have already been identified."

AlienVault's analysis of the Macron leaks, which provides a timeline of events, can be found here. ®

Bootnote

1Post-mortems of the US Democratic Party breach provide evidence that Clinton campaign supremo John Podesta got hacked because of a lack of 2FA. The authentication technology is hardly expensive ($20 for a YubiKey) and straightforward to use. If the cast of Game of Thrones uses 2FA then why can't politicians?

The Register - Independent news and views for the tech community. Part of Situation Publishing