• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

New French president’s team used honeypot accounts to delay/distract Russian hackers

XiaNaphryz

LATIN, MATRIPEDICABUS, DO YOU SPEAK IT
https://www.nytimes.com/2017/05/09/world/europe/hackers-came-but-the-french-were-prepared.html

Everyone saw the hackers coming.

The National Security Agency in Washington picked up the signs. So did Emmanuel Macron’s bare-bones technology team. And mindful of what happened in the American presidential campaign, the team created dozens of false email accounts, complete with phony documents, to confuse the attackers.

The Russians, for their part, were rushed and a bit sloppy, leaving a trail of evidence that was not enough to prove for certain they were working for the government of President Vladimir V. Putin but which strongly suggested they were part of his broader “information warfare” campaign.

Even before then, the Macron campaign had begun looking for ways to make life a little harder for the Russians, showing a level of skill and ingenuity that was missing in Hillary Clinton’s presidential campaign and at the Democratic National Committee, which had minimal security protections and for months ignored F.B.I. warnings that its computer system had been penetrated.

“We went on a counteroffensive,” said Mr. Mahjoubi. “We couldn’t guarantee 100 percent protection” from the attacks, “so we asked: what can we do?” Mr. Mahjoubi opted for a classic “cyber-blurring” strategy, well known to banks and corporations, creating false email accounts and filled them with phony documents the way a bank teller keeps fake bills in the cash drawer in case of a robbery.


“We created false accounts, with false content, as traps. We did this massively, to create the obligation for them to verify, to determine whether it was a real account,” Mr. Mahjoubi said. “I don’t think we prevented them. We just slowed them down,” he said. “Even if it made them lose one minute, we’re happy,” he said.

Mr. Mahjoubi refused to reveal the nature of the false documents that were created, or to say whether, in the Friday document dump that was the result of the hacking campaign, there were false documents created by the Macron campaign.

But he did note that in the mishmash that constituted the Friday dump, there were some authentic documents, some phony documents of the hackers’ own manufacture, some stolen documents from various companies, and some false emails created by the campaign.

“During all their attacks we put in phony documents. And that forced them to waste time,” he said. “By the quantity of the documents we put in,” he added, “and documents that might interest them.”


With only 18 people in the digital team, many of them occupied in producing campaign materials like videos, Mr. Mahjoubi hardly had the resources to track down the hackers. “We didn’t have time to try to catch them,” he said. But he has his suspicions about their identity. Simultaneously with the phishing attacks, the Macron campaign was being attacked by the Russian media with a profusion of fake news.

Oddly, the Russians did a poor job of covering their tracks. That made it easier for private security firms, on alert after the efforts to manipulate the American election, to search for evidence.

In mid-March, researchers with Trend Micro, the cybersecurity giant based in Tokyo, watched the same Russian intelligence unit behind some of the Democratic National Committee hacks start building the tools to hack Mr. Macron’s campaign. They set up web domains mimicking those of Mr. Macron’s En Marche! Party, and began dispatching emails with malicious links and fake login pages designed to bait campaign staffers into divulging their usernames and passwords, or to click on a link that would give the Russians a toehold onto the campaign’s network.


It was the classic Russian playbook, security researchers say, but this time the world was prepared. “The only good news is that this activity is now commonplace, and the general population is so used to the idea of a Russian hand behind this, that it backfired on them,” said John Hultquist, the director of cyberespionage analysis at FireEye, the Silicon Valley security firm.

Mr. Hultquist noted that the attack was characterized by haste, and a trail of digital mistakes. “There was a time when Russian hackers were characterized by their lack of sloppiness,” Mr. Hultquist said. “When they made mistakes, they burned their entire operation and started anew. But since the invasion of Ukraine and Crimea,” he said, “we’ve seen them carry out brazen, large scale attacks,” perhaps because “there have been few consequences for their actions.”

The hackers also made the mistake of releasing information that was, by any campaign standard, pretty boring. The nine gigabytes worth of purportedly stolen emails and files from the Macron campaign was spun as scandalous material, but turned out to be almost entirely the humdrum of campaign workers trying to conduct ordinary life in the midst of the election maelstrom.

“It’s clear they were rushed,” Mr. Hultquist said. “If this was APT28,” he said, using the name for a Russian group believed to be linked to the GRU, a military intelligence agency, “they have been caught in the act, and it has backfired for them.”

Now, he said, the failure of the Macron hacks could just push Russian hackers to improve their methods.

“They may have to change their playbook entirely,” Mr. Hultquist said.
 

AndyD

aka andydumi
This is true cyberwarfare. The kind if thing that most countries, including US, will have to put up to protect elections big and small.
 

Bluenoser

Member
God I hope these assholes are found and brought to justice.

The fact that Russia continues to play dumb is insulting to the rest of the world too. I mean, yeah, there's no direct connection back to Putin's Government, but does there have to be?
 
Damn, this was extremely smart. What a future.

Going forward, campaigns will need to be held accountable for what's actually fake and what's not. Otherwise it seems like any real and damning document that's hacked could be waved away as a fake one.
 

jmdajr

Member
34c3fb59da9f60c222e2d4729ac43e33_notbad-http-iimgurcom-not-bad-clipart_1024-1024.png
 
I think Hillary's team should get more criticism for being so goddamn technologically illiterate. It's sort of brushed aside as an unreasonable critique I feel like, but a smart staff should have realized how important security is in modern times and done more to be ahead of the curve.
 

wildfire

Banned
God I hope these assholes are found and brought to justice.

The fact that Russia continues to play dumb is insulting to the rest of the world too. I mean, yeah, there's no direct connection back to Putin's Government, but does there have to be?

No point. These are state actors within Russian borders (well they should be within their sponsor's borders because if they aren't they are putting themselves at risk of getting arrested). What we should be doing is imposing harsher economic sanctions on Russia and crippling their ability to interact with the world through the net.
 
The fact that it's just so out in the open that Russia are trying to hack other power nations to either influence or leak sensitive data is truly mind boggling.

They're like Janice in accounting and they just don't give a fuck, lol.
 
I think Hillary's team should get more criticism for being so goddamn technologically illiterate. It's sort of brushed aside as an unreasonable critique I feel like, but a smart staff should have realized how important security is in modern times and done more to be ahead of the curve.

Yeah. I imagine nobody brings it up because almost all of our politicians and their staffers are so bad with computers that it's kind of expected at this point, but that was definitely a really dumb problem with her campaign.
 

Tacitus_

Member
At last a leader who understands technology, or at least employs people who do.

Even before then, the Macron campaign had begun looking for ways to make life a little harder for the Russians, showing a level of skill and ingenuity that was missing in Hillary Clinton’s presidential campaign and at the Democratic National Committee, which had minimal security protections and for months ignored F.B.I. warnings that its computer system had been penetrated.

scarring-from-burns.jpg
 
When Dems take back power, the Dems should hold a meeting that includes the following people:

1) Dem POTUS
2) Macron
3) SNP leaders
4) Merkel
5) any other non-far-right western leadership.

And the focus of the meeting should be about pressuring social media into banning anything that even so much as SMELLS like Russians or Alt-Right.
 
I think Hillary's team should get more criticism for being so goddamn technologically illiterate. It's sort of brushed aside as an unreasonable critique I feel like, but a smart staff should have realized how important security is in modern times and done more to be ahead of the curve.

You say that, when this article literally says that these measures were in response to what occurred during the American elections. This type of hacking was unprecedented and unexpected, at least during the elections of a first world nation
 

Aselith

Member
Pretty unfair to say her security was unsophisticated when they implemented these measures BECAUSE she was attacked. Would they have done it if she wasn't attacked? Nah
 

AndyD

aka andydumi
I think Hillary's team should get more criticism for being so goddamn technologically illiterate. It's sort of brushed aside as an unreasonable critique I feel like, but a smart staff should have realized how important security is in modern times and done more to be ahead of the curve.

Realistically though, before last year, these types of hacks and actions were not really prevalent on this large scale in this field. Sure there was industrial espionage, but no real overt political attacks of this nature. Even in the midst of the hacks, people talked about how infrastructure is somewhat secure (power/water/voting machines) but never was the social aspect of faebook/twitter combined with hacking really a major threat.
 
Top Bottom