24th Mar 2018


US ignites debate on Russia's role in Macron hack

  • Paris: One cyber expert said a lone far-right activist could have done the Macron hack (Photo: Pedro Lastra)

The US has said Russia was behind the pre-election hack in France, but some cyber experts were less sure.

Mike Rogers, the head of the US spy agency, the NSA (National Security Agency), told a Senate hearing in Washington on Tuesday (9 May) that the Russian regime stole and leaked thousands of emails from France’s now-incoming leader, Emmanuel Macron, on the eve of the French election last week.

Thank you for reading EUobserver!

Subscribe now for a 30 day free trial.

  1. €150 per year
  2. or €15 per month
  3. Cancel anytime

EUobserver is an independent, not-for-profit news organization that publishes daily news reports, analysis, and investigations from Brussels and the EU member states. We are an indispensable news source for anyone who wants to know what is going on in the EU.

We are mainly funded by advertising and subscription revenues. As advertising revenues are falling fast, we depend on subscription revenues to support our journalism.

For group, corporate or student subscriptions, please contact us. See also our full Terms of Use.

If you already have an account click here to login.

  • Bundestag: German elections already targeted by Pawn Storm group (Photo: Pierre)

Asked about the leak, which was splashed on social media last Friday, on 5 May, Rogers said: “We had become aware of Russian activity”.

“We had talked to our French counterparts prior to the public announcements [leaks] ... and gave them a heads-up: ‘Look, we’re watching the Russians, we’re seeing them penetrate some of your infrastructure’,” he said.

US intelligence officials, speaking to the Reuters news agency, corroborated Rogers’ accusation.

The 5-May leak was done by "entities with known ties to Russian intelligence”, one of them said.

Some cyber security firms, such as the US-based Flashpoint and BigID, have agreed.

Trend Micro, a Japanese-based firm which has tracked Russian state hackers for over two years, has also said that Pawn Storm, a group linked to Russia’s GRU military intelligence service, was behind an earlier attack on Macron’s team in March.

But Loic Guezo, an expert from the firm’s Paris office, told EUobserver on Tuesday that the 5-May Macron leak had a different “modus operandi”.

Speaking prior to Rogers’ testimony, Guezo noted that US intelligence services, such as the NSA, were able to make accusations on the basis of external evidence, such as intercepted phone calls, but he said that internal evidence did not point to Russia’s role in the 5-May leak.

“We are not a counter-intelligence organisation, so we don’t have this kind of evidence,” Guezo said.

Modus operandi

Guezo said Pawn Storm had in the past hacked targets well in advance of the leak date, that it had picked out compromising content, and that it had fed that content to media at a time designed to maximise harm.

But he noted that the 5-May hack was done at the last minute, the material was dumped en bloc, it came out just before a pre-election media blackout, and was later found to contain nothing that compromised Macron.

“If you look at the Podesta emails, these were selected and released with some kind of agenda”, he said, referring to Pawn Storm’s hack of Hillary Clinton's campaign chairman, John Podesta, in the US election last year.

“But here, the whole pile of documents was dumped a few minutes before the official media ban in a big risk, a big bet,” he said.

He said the last email in the Macron cache was dated 24 April, indicating that that was when the hack took place.

He said the “bet” failed because French media respected the blackout and because the material contained “nothing interesting”.

Guezo added that it looked suspicious that the far-right National Front [FN] party, whose candidate, Marine Le Pen, was running against Macron, publicly commented on the leak at the very same moment that it came out on social media.

He stopped short of accusing the National Front of doing the hack, but he said the “timing of the comments by Florian Philippot [the FN’s vice-president] seem relevant to the investigation”.

He said Pawn Storm operations, which targeted institutions, including military bodies, for years at a time, required state-level resources.

But he said the “one-off” hack on Macron could have been “not some team, but one guy setting up a simple phishing attack”, referring to a type of attack which uses fake emails or websites to steal people’s passwords.

“It could even have been some alt-right activist in the US hacking Macron’s team. It’s fully open”, Guezo said.

Some of the leaked files had metadata which contained a Russian name linked to Russia’s FSB intelligence service, but Guezo said that that looked like a red herring.

He said it would be “very strange” if Russian intelligence services had left evidence of their involvement.

“In cyber, you never find the smoking gun. Attackers can create digital fog. They can mimic other groups, copy their tools”, he said.

German elections

The NSA’s Rogers told the Senate on Tuesday that he was also working with British and German authorities to block Russian hacks ahead of elections there in June and September.

“We’re doing similar things with our German and British counterparts, they have an upcoming election sequence,” he said.

“We need to make it very clear to nation-states that engage in this behaviour that it’s unacceptable and there’s a price to pay for doing this,” he added.

Trend Micro, in a recent report, said Pawn Storm had hacked the ruling CDU party of German chancellor Angela Merkel, as well as its foundation, the Konrad Adenauer Stiftung, in operations dating back to April last year.

The firm’s Guezo told EUobserver there was a strong chance that some CDU officials or MPs were still “infected” with its malware.

“They [Pawn Storm] tend to flood the whole organisation”, he said.

“They keep most targets at the first level of infection, effectively doing nothing, but if these people enter into the public focus at a later stage, or they see some sensitive document from that person, they can move to the second stage”, he said, referring to extraction and leaks of data.

He said it would be difficult for France, Germany, or the UK to make Russia pay a “price” for hacking by conducting a cyber counter-strike, however.

He said French law would only permit a counter-strike if it was immediate, proportionate, and limited in its effect.

But he said Russian hacks were typically detected long after they occurred and that a “hack-back” against foreign servers would be likely to cause collateral damage to private users who had nothing to do with the Russian regime.

Journalists targeted

Guezo told EUobserver that Pawn Storm was also targeting journalists whose reporting went against Russia’s interests.

The list of media attacked by Pawn Storm so far includes: Buzzfeed and The New York Times in the US, The Economist in the UK, Arabic news agency Al Jazeera, and several Turkish and Ukrainian outlets.

“If they hack journalists they can have access to their sources and try to discredit them”, Guezo said.

He said Russian state media RT France and Sputnik France also made personal attacks on journalists from French media Liberation and AFP.

“In some cases, they used the journalists’ personal tweets to try to discredit their work”, he said.

He said Pawn Storm, which works hand-in-glove with Russian state media, also approached mainstream Western media with baited material.

“We’ve seen a lot of this activity by Pawn Storm in Germany, reaching out, for instance, to Der Spiegel”, Guezo said.

“They sent a preview of hacked material and proposed an exclusive scoop”, he said.

“They wanted to influence opinion by creating a press buzz on topics that had been selected by Pawn Storm and based on material that may have been incomplete or even altered in order to suit its agenda”, the French expert said.


Lessons for Germany from the Macron hack

The way the Macron team defended itself against hackers contained lessons for other political parties in Europe, but experts do not agree whether Russia did it.

Anti-Macron leaks try to sway French election

Thousands of documents, some likely fake, were spread by WikiLeaks as well as pro-Trump and pro-Russia social media in the final moments of the French campaign.


USA: Russland hat Macron gehackt

Die USA behauptete Russland stecke hinter dem Hackerangriff auf Macron, aber ein Cyber-Experte war sich nicht so sicher und sagte, dass die deutschen Wahlen und EU Journalisten Ziele Moskaus wären.

US neo-Nazis linked to Macron hack

The spread of stolen emails designed to harm Emmanuel Macron was linked to US-based neo-Nazis, according to a French investigation.


The populists may have won, but Italy won't leave the euro

The situation as Rome tries to form a government is turbulent and unpredictable. However, the most extreme eurosceptic policies floated during the election campaign are unlikely to happen - not least due to the precarious state of the Italian banks.

Far-right parties re-register to access EU funds

After missing a funding deadline, the far-right nationalist Alliance for Peace and Freedom and the Alliance of European National Movements are back in the game and possibly eligible for EU money in 2019.

News in Brief

  1. EU wants 'Paris' climate strategy within 13 months
  2. Workload of EU court remains high
  3. Spain's supreme court charges Catalan separatist leaders
  4. EU calls for 'permanent' exemption from US tariffs
  5. Summit backs guidelines for future EU-UK talks
  6. Macron support drops as public sector workers go on strike
  7. EU leaders condemn Turkey for illegal actions in Aegean Sea
  8. Parliament must publish 'trilogue' documents, court says

Stakeholders' Highlights

  1. EUobserverStart a Career in EU Media. Apply Now to Become Our Next Sales Associate
  2. EUobserverHiring - Finance Officer With Accounting Degree or Experience - Apply Now!
  3. ECR GroupAn Opportunity to Help Shape a Better Future for Europe
  4. Counter BalanceControversial Turkish Azerbaijani Gas Pipeline Gets Major EU Loan
  5. World VisionSyria’s Children ‘At Risk of Never Fully Recovering', New Study Finds
  6. Macedonian Human Rights MovementMeets with US Congress Member to Denounce Anti-Macedonian Name Negotiations
  7. Martens CentreEuropean Defence Union: Time to Aim High?
  8. UNESDAWatch UNESDA’s President Toast Its 60th Anniversary Year
  9. AJC Transatlantic InstituteAJC Condemns MEP Ana Gomes’s Anti-Semitic Remark, Calls for Disciplinary Action
  10. EPSUEU Commissioners Deny 9.8 Million Workers Legal Minimum Standards on Information Rights
  11. ACCAAppropriate Risk Management is Crucial for Effective Strategic Leadership
  12. EPSUWill the Circular Economy be an Economy With no Workers?

Latest News

  1. Nordic states discuss targeted Russia sanctions
  2. Commission sticks to its line on Barroso case
  3. Germany and France promise new Russia sanctions
  4. EU rejects US trade 'gun to the head'
  5. Tariffs and Turkey will top This WEEK
  6. EU leaders roll over Brexit talks amid Trump and Russia fears
  7. Europe needs corporate tax reform - a digital tax isn't it
  8. EU data chiefs rally behind UK over Cambridge Analytica

Stakeholders' Highlights

  1. European Jewish CongressThe 2018 European Medal of Tolerance Goes to Prince Albert II of Monaco
  2. FiscalNoteGlobal Policy Trends: What to Watch in 2018
  3. Human Rights and Democracy NetworkPromoting Human Rights and Democracy in the Next Eu Multiannual Financial Framework
  4. Mission of China to the EUDigital Cooperation a Priority for China-EU Relations
  5. ECTACompetition must prevail in the quest for telecoms investment
  6. European Friends of ArmeniaTaking Stock of 30 Years of EU Policy on the Nagorno-Karabakh Conflict: How Can the EU Contribute to Peace?
  7. ILGA EuropeCongratulations Finland!
  8. UNICEFCyclone Season Looms Over 720,000 Rohingya Children in Myanmar & Bangladesh
  9. European Gaming & Betting AssociationEU Court: EU Commission Correct to Issue Guidelines for Online Gambling Services
  10. Mission of China to the EUChina Hopes for More Exchanges With Nordic, Baltic Countries
  11. Macedonian Human Rights MovementCondemns Facebook for Actively Promoting Anti-Macedonian Racism
  12. Nordic Council of MinistersGlobal Seed Vault: Gene Banks Gather to Celebrate 1 Million Seed Collections

Stakeholders' Highlights

  1. CECEIndustry Stakeholders Are Ready to Take the Lead in Digital Construction
  2. ILGA EuropeAnkara Ban on LGBTI Events Continues as Turkish Courts Reject NGO Appeals
  3. Aid & Trade LondonJoin Thousands of Stakeholders of the Global Aid Industry at Aid & Trade London
  4. Macedonian Human Rights MovementEuropean Free Alliance Joins MHRMI to End the Anti-Macedonian Name Negotiations
  5. Mission of China to the EUChina-EU Tourism Year to Promote Business and Mutual Ties
  6. European Jewish CongressAt “An End to Antisemitism!” Conference, Dr. Kantor Calls for Ambitious Solutions
  7. UNESDAA Year Ago UNESDA Members Pledged to Reduce Added Sugars in Soft Drinks by 10%
  8. International Partnership for Human RightsUzbekistan: Investigate Torture of Journalist
  9. UNICEFExecutive Director's Committment to Tackling Sexual Exploitation and Abuse of Children
  10. Nordic Council of MinistersState of the Nordic Region 2018: Facts, Figures and Rankings of the 74 Regions
  11. Mission of China to the EUDigital Economy Shaping China's Future, Over 30% of GDP
  12. Macedonian Human Rights MovementSuing the Governments of Macedonia and Greece for Changing Macedonia's Name