How the Macron campaign slowed cyberattackers


In the wake of French president-elect Emmanuel Macron’s victory over Marine Le Pen, IT armchair quarterbacks should look at the Macron campaign’s security playbook for ideas on how to fight off targeted phishing and other attacks.

When 9GB of files belonging to the on file-sharing website Pastebin less than two days before the French election, it looked too much like what had happened during the U.S. presidential election last fall.

There isn’t to conclusively link the Russians to the Macron leak, and security experts believe some of the supposed clues are sloppy attempts at misdirection. The difference this time around seems to be the fact that Macron’s team was prepared for the attacks and engaged in a disinformation campaign of its own, according to .

“You can flood these [phishing] addresses with multiple passwords and log-ins, true ones false ones, so the people behind them use up a lot of time trying to figure them out,” the head of Macron campaign’s security team, Mounir Mahjoubi, told The Beast.

, founder and CEO of Cymmetria. With cyberdeception, defenders take control of the battleground by deciding what kind of information the attackers get and directing the attackers to go after decoy systems rather than real systems holding sensitive data.

“If we can control the information our opponent collects about us, we can control where they go and how they act, detect them sooner, and neutralize them,” Evron said. The following video goes into more detail about how cyberdeception works.

, the Kings College researcher who recently testified at Congress about the Russian interference of the U.S. election.

The the documents revealed the normal day-to-day operations of a presidential campaign, but authentic documents had been mixed on social media with to sow “doubt and misinformation.” Without specifics, that statement doesn’t mean much, but taking into the consideration the campaign appears to be familiar with cyberdeception tactics, it’s possible the security team knew what files had been available to steal and had a clear idea of what had been compromised.

“The campaign seemed able to quickly identify what it called fake documents in the mix of the data dump. That suggests that they had an inventory beforehand to work with,” Evron said, noting this was a “working theory.”

The campaign also made it harder for attackers to move around and find data, which may be one of the reasons there wasn’t any high-value information buried in the dump. the campaign had servers protected by sophisticated software filters, recommended the use of encrypted messaging and cellphone networks, and required double and triple authentication to access emails. Information was stored in multiple-partitioned cells, with databases separated like fortresses, accessible only by passwords that were complex and regularly changed.

Hindsight is 20/20, and there’s always something a IT security team should’ve or could’ve done in order to avoid a data breach or a security incident. While it’s important to beef up the defenses, make it hard to steal data, and train users to recognize attacks, letting defenders control the environment and tricking the attackers can also help minimize the effects of an attack.

“Finally, someone uses cyberdeception to beat attackers at their own game,” Evron wrote.