Russian hackers are prime suspects in France as nine gigabytes of email belonging to the leading French presidential candidate Emmanuel Macron campaign organisation was thrown online, hours to Sunday’s [May 7, 2017] election.
It is not clear yet the extent of the damage the leak may have caused for Macron. But he remains the frontrunner in an election billed as the most important in France in decades.
Opinion polls on Friday showed he has extended his lead over Marine Le Pen, the candidate of the Far Right.
Macron’s campaign email were posted anonymously on a profile called EMLEAKS to Pastebin, a site that allows anonymous document sharing.
In a statement, Macron’s political movement En Marche! (Onwards!) confirmed that it had been hacked.
“The En Marche! Movement has been the victim of a massive and co-ordinated hack this evening which has given rise to the diffusion on social media of various internal information,” the statement said.
An interior ministry official declined to comment, citing French rules that forbid any commentary liable to influence an election, which took effect at midnight on Friday (2200 GMT).
The presidential election commission said in statement that it would hold a meeting later on Saturday after Macron’s campaign informed it about the hack and publishing of the data.
It urged the media to be cautious about publishing details of the emails given that campaigning had ended, and publication could lead to criminal charges.
Comments about the email dump began to appear on Friday evening just hours before the official ban on campaigning began. The ban is due to stay in place until the last polling stations close Sunday at 8 p.m. (1800 GMT).
Former economy minister Macron’s campaign has previously complained about attempts to hack its emails, blaming Russian interests in part for the cyber attacks.
On April 26, the team said it had been the target of a attempts to steal email credentials dating back to January, but that the perpetrators had failed to compromise any campaign data.
The Kremlin has denied it was behind any such attacks, even though Macron’s camp renewed complaints against Russian media and a hackers’ group operating in Ukraine.
Vitali Kremez, director of research with New York-based cyber intelligence firm Flashpoint, told Reuters his review indicates that APT 28, a group tied to the GRU, the Russian military intelligence directorate, was behind the leak. He cited similarities with U.S. election hacks that have been previously attributed to that group.
APT28 last month registered decoy internet addresses to mimic the name of En Marche, which it likely used to send tainted emails to hack into the campaign’s computers, Kremez said. Those domains include onedrive-en-marche.fr and mail-en-marche.fr.
“If indeed driven by Moscow, this leak appears to be a significant escalation over the previous Russian operations aimed at the U.S. presidential election, expanding the approach and scope of effort from simple espionage efforts towards more direct attempts to sway the outcome,” Kremez said.
France is the latest nation to see a major election overshadowed by accusations of manipulation through cyber hacking.
On Friday night as the #Macronleaks hashtag buzzed around social media, Florian Philippot, deputy leader of the National Front, tweeted “Will Macronleaks teach us something that investigative journalism has deliberately killed?”
Macron spokesman Sylvain Fort, in a response on Twitter, called Philippot’s tweet “vile”.
En Marche! said the documents only showed the normal functioning of a presidential campaign, but that authentic documents had been mixed on social media with fake ones to sow “doubt and misinformation”.
Ben Nimmo, a UK-based security researcher with the Digital Forensic Research Lab of the Atlantic Council think tank, said initial analysis indicated that a group of U.S. far-right online activists were behind early efforts to spread the documents via social media. They were later picked up and promoted by core social media supporters of Le Pen in France, Nimmo said.
The hashtag #MacronLeaks was first spread by Jack Posobiec, a pro-Trump activist whose Twitter profile identifies him as Washington D.C. bureau chief of the far-right activist site Rebel TV, according to Nimmo and other analysts tracking the election.
Posobiec could not immediately be reached to comment by Reuters.
“You have a hashtag drive that started with the alt-right in the United States that has been picked up by some of Le Pen’s most dedicated and aggressive followers online,” Nimmo told Reuters.
Alt-right refers to a loose-knit group of far-right activists known for their advocacy of extremist ideas, rejection of mainstream conservatism and disruptive social media tactics.