
When the inevitable happened, Emmanuel Macron was ready. A giant haul of emails stolen from his presidential campaign and leaked online less than 48 hours before France went to the polls failed to tip the vote in favour of Marine Le Pen.
No doubt, luck played a part. But Macron’s team had pre-empted the leak by spamming hackers with decoy emails. When 9 gigabytes of emails were finally stolen, the ploy prevented the president-elect’s campaign being derailed by fake news in the crucial period before the election. Other European leaders facing elections over the coming month should take note.
Macron’s team was beset by sophisticated phishing attacks – fake emails that try to trick recipients into entering their login details and thus giving away access to their accounts – as early as December 2016. They responded by flooding the phishing addresses with bogus email accounts stuffed full of fake emails and documents.
Advertisement
Accept the inevitable
ĚýThis is resistance through obfuscation. Instead of concentrating limited resources on tighter firewalls to stop the hackers getting in, Macron’s campaign accepted that an attack was inevitable and found ways to limit its success.
It was a smart move. If you’re not powerful enough to stop the hackers gaining access to your accounts, you can still make things tricky for them when they do get in, says Helen Nissenbaum at New York University.
The hackers had to waste time verifying email addresses and sifting fake documents from real ones. This might explain the 11th-hour timing of the leak, which failed to kick up much of a media storm despite the efforts of alt-right propagandists on Twitter, Reddit and 4chan.
Even WikiLeaks, which was first to release hacked emails from the US Democratic National Committee (DNC) in July 2016, was taken unawares by the Macron leak and had to spend time verifying the authenticity of the emails.
Fool’s gold
While the alt-right rallied online to dig up dirt in the huge dump of mostly innocuous files, Macron’s campaign responded almost immediately with a statement saying that hackers may have planted their own fake documents in the trove to spread “doubt and misinformation”.
Macron was equally clear-headed when defending himself against claims that he had an offshore bank account in the Caribbean. Stemming from what appeared to be fake documents posted online, the news broke just hours before he was to face Le Pen in the final televised debate on 3 May.
Le Pen tried to use the fake news to her advantage, saying “I hope that we will not find out that you have an offshore account in the Bahamas”. But she was later forced to admit that she had no proof of the claims after Macron filed a legal complaint against his rival and accused her of mobilising an “internet army” to spread fake news.
The knives are out
This is the new normal. The US and French elections have shown us that candidates are happy to use fake news to discredit their opponents and drown out reasonable political discussion. Hackers will attempt to subvert democratic processes and destabilise campaigns by releasing whatever information they can.
The head of the German intelligence agency has already confirmed that the country is being targeted by hackers ahead of its elections in September. As a strong, liberal leader Angela Merkel is thought to be particularly under threat. Hillary Clinton aside, there are few politicians who provoke such vitriol and ire from alt-right groups. Online trolls are already sharpening their knives, and Merkel can be sure of a sustained onslaught of fake news and hacks over the coming months.
Other European leaders, including those standing in the UK general election this June, may not be as lucky as Macron. The last-minute timing of the French email leak helped dampen its impact, and early indications are that the attackers were sloppy, leaving clues in the metadata of files that suggest connections to certain Russian-linked groups behind the US hacks.
Next time, the hackers will be better prepared – and our politicians must be too.