Every computer, whether used for personal or business reasons is susceptible to attacks from cyber-criminals. Political, personal and financial fraud are the three main reasons for these attacks.
In the recent weeks, the French election has been the latest to enter political hack news, joining the United States, Germany and Norway who have all made headlines in recent years. This raises the question of cyber-warfare, and the influence hackers have in meddling in modern day politics.
A Now Familiar Threat for Political Parties: Phishing to Discredit
The newly elected French President Emmanuel Marcon’s party, called “En Marche!” (“Onwards!”), was recently targeted by hackers. In a very familiar scenario (similar to the one that occured during the U.S. election last year), cyber-criminals tried to harvest credentials from the email addresses of En Marche!’s workers, in order to publicise compromising information, and thus influence French voters.
Mr. Mahjoubi, Mr. Macron’s digital director, revealed that the party (En Marche!), were recently victims of a series of attempts to phish for their staff email credentials, although the attempts were unsuccessful and no campaign data had been compromised.
The Japanese cyber-security firm Trend Micro, who uncovered the attempted attack on Mr. Macron’s campaign, revealed that cyber-criminals created four fake web domain names almost identical to the legitimate website, making it hard for targeted victims to detect the bait. This method is very similar to the one used last year against the Democratic National Committee, which lead to the leakage of Hillary Clinton’s compromised emails, and, at the end of the day, probably played a role in Donald Trump’s victory.
While not confirmed, the accusations of who was responsible for the attacks on the U.S. election and Mr Macron’s party, are pointing to Russian backed hackers, especially the hacking group that is allegedly a Russian intelligence unit, called “Pawn Storm” – also sometimes known as “Fancy Bear”, “APT 28” or the “Sofacy Group”.
Several reasons that demonstrate why Russia is the prime suspect for these recent attacks on the French presidential candidate include:
Research showing similarities between the IP addresses used in both scenarios, as well as the type of malware used in this attack and the DNC breach.
Macron’s opponent in the final vote last Sunday was the far-right leader anti-immigrant, anti-EU candidate Marine Le Pen. She is openly tight with Russia, having often called for better relations with the Kremlin. Her program on some topics is very similar to Mr. Trump’s, and Ms. Le Pen also took loans from Russian banks. Russian state media have also been supporting her campaign.
Suspicious timing: Mr. Macron’s website suffered a DDoS attack and his staff underwent a phishing attack, shortly after slanted stories were published in the French-language Russian media.
A successful hack of En Marche! would, have without a doubt, been in Russian interests.
Cyber-criminals are, by definition, very hard to identify and locate, explaining why no connection with Russia -or any another state- has yet to be proven. But no matter the origin of these hacks, on US or French politics, it implies that the political game has changed, and parties need to have a serious focus on cyber-security.
Nowadays, political parties are being targeted by cyber-criminals, who are directing their attacks on these institutions’ email servers. Hackers are using different methods to reach their goal, such as phishing, spear-phishing, and the use of malware and remotely controlled Trojans. Political parties need to be security-aware, and realise that they might one day be targeted by hackers, especially when an election is about to take place. Protecting from any type of intrusion, cyber or other, is more vital than ever.
Hackers target democratic institutions so that they can bend the rules and meddle with election results. They also want to chip away at relationships between countries. True, espionage has always existed, but the new factor is that now, it’s hackers who are digging for dirt, and they have the means of phishing for emails credentials. One of the consequences of political hacking is the shift in security, with parties investing in a lot of resources and staff to protect the privacy of campaign data, off the record conversations and any sensitive or confidential information. It has put political cyber-security in the spotlight.
User vulnerability, like in any type of cyber-attack, remains key for criminals: research shows that around 68% of data breaches are the result of negligence from an employee within the targeted organisation – indeed, hacking personal email accounts instead of campaign servers has proven successful against the DNC. There is no underestimating the importance for campaign volunteers or employees to practice good IT hygiene (such as having strong passwords and using two-factor authorisation); and to avoid at all cost discussing campaign information on personal email accounts.
When criminals hack political parties, they are phishing for incriminating emails, that were supposed to remain private or unseen. Making them public is a hackers’ way to damage as much as they can including a party or person’s reputation and credibility, thus shifting the attention from one topic to another.