French election faces high cyber threat
French authorities are on high alert to head off a cyber-attack that could affect the result of the upcoming presidential election.
Prime targets could be candidates' websites and government networks.
Dear EUobserver reader
Subscribe now for unrestricted access to EUobserver.
Sign up for 30 days' free trial, no obligation. Full subscription only 15 € / month or 150 € / year.
- Unlimited access on desktop and mobile
- All premium articles, analysis, commentary and investigations
- EUobserver archives
EUobserver is the only independent news media covering EU affairs in Brussels and all 28 member states.
♡ We value your support.
If you already have an account click here to login.
The threat was publicly recognised by president Francois Hollande, who accused Russia of trying to interfere in the campaign, ahead of the first round on 23 April and a run-off on 7 May.
"Russia is using all of its means to influence public opinion," he said in a recent interview to several European newspapers.
"It is not the same ideology as in the time of the USSR, [but] it is sometimes the same methods, with more technology," he said, adding that Russia had "a strategy of influence, of networks, with very conservative moral views".
"The threats against French political parties and the vote itself are protean," a source at the National Agency for Security of Information System (Anssi), an agency reporting to the prime minister's office, told EUobserver.
The alarm was raised at the highest level by French intelligence services and prompted two security meetings chaired by president Hollande at the Elysee palace.
In January, experts from France's foreign intelligence service - the General Directorate for External Security (DGSE) - warned that hackers and cybersoldiers funded by the Kremlin were trying to distort the campaign by favouring far-right candidate Marine Le Pen, while discrediting her competitors, particularly independent candidate Emmanuel Macron.
Macron, a former economics minister under Hollande, is a favourite to reach the election's second round, most likely against Le Pen.
At the council of defence in early March, Hollande ordered "the mobilisation of all the state's necessary means" to prevent "any malevolent action" from "tarnishing the campaign and the vote".
The mission of the DGSE is to protect France's highest interests.
The fact that the DGSE raised the alarm over the smooth-running of the election is unprecedented and indicates that cyber-attacks have already been identified or stymied.
Until January, the agency was almost exclusively focused on the threat of Islamic State (IS) attacks. Since the 2015 Paris attacks and last year's attack in Nice, France has been in a state of emergency. The threat level has been further amplified during the electoral campaigns.
But according to sources, the risk is more diverse than the run up to last year's US election, when alleged Russian hackers focussed mainly on collecting information and compromising documents on Democratic candidate Hillary Clinton.
'Guide d'hygiène informatique'
A source told EUobserver that the website of En Marche! - Macron's political movement - was taken down briefly on 14 February after two unsuccessful hacking attempts.
An attempt to access the movement's database was also foiled.
According to sources, Macron's website is hosted in the US, in San Francisco, to make cyber-attacks more difficult. Macron's team has made accusations against Russia, but has not been able to prove them.
Campaign teams say they have taken to measures, such as switching off mobiles during meetings or using WhatsApp to exchange messages. Some campaigners had previously used Telegram, as it was believed to be safer from hacking, but the mobile application is Russian.
However, they still seem unprepared to fend off large-scale attacks.
A source from Anssi said that on 28 October last year there was a meeting organised by Anssi with the heads of all of the candidates' websites. Representatives from the National Front did not attend.
They were warned of the risks and threats and given a USB flash drive with a "guide d'hygiène informatique" to help them secure their networks.
Four months later in February, Zataz, an online magazine specialised in data security, examined the candidates' websites. It found dozens of security loopholes, especially concerning the protection of personal data.
French authorities are also concerned that their own network could be targeted, including hackers trying to alter the voting process.
No electronic voting
In early March, the government decided to ban electronic voting in June's legislative elections for French voters abroad. Electronic voting was not planned for the presidential election itself.
Guillaume Poupard, Anssi's chief, publicly said that the current voting platform is "more reliable" than the previous 2012 election, but "the level of threat is much higher today".
But other experts have told EUobserver that in addition to the hacking threat, the system is unreliable, with voters unable to connect during preliminary tests.
Hacking threats during a French election are not new.
In 2012, during the previous presidential election, the computers of several officials at president Nicolas Sarkozy's office were hacked.
At a conference some months later, the DGSE's technical manager revealed where the attack came from - the US.
A French translation of this article may be found here.
A German translation of this article may be found here.