Published in News

How Macon’s IT crowd saw off the Russian hackers

by on11 May 2017


Russian bear falls for honeypot easter egg


A last-minute attempt by Russian hackers to overturn the French election in favour of Tsar Putin’s favourite destabilising candidate came unstuck with some good IT management.

In the final hours of the election, Russian hackers dumped a trove of documents from Emmanuel Macron's campaign organisation. The idea was that it would provide enough dirt for anti-Macron stories to fill the press.

But it soon became obvious that the leak came too late as it was illegal for the French newspapers to comment on the material, and besides they had no time to go through it. Those outside the French media who did look at the material realised that the best bits had been fabricated on a Russian version of word or were just too silly for words.

This was because the leak was engineered by Emmanuel Macron's campaign organization IT bods who expected the attack as phishing attacks on the network were getting more desperate and clever.

What they did was created a collection of fake e-mail accounts which were seeded with false information.

Macron campaign digital director Mounir Mahjoubi said it was done massively, to create the obligation for them to verify, to determine whether it was a real account."

The move was a delaying tactic aimed at increasing the attacker's workload. The "honeypot" accounts were filled with large volumes of fake documents. "That forced them to waste time, by the quantity of the documents we put in and documents that might interest them,” Mahjoubi said. "Even if it made them lose one minute, we’re happy.”

It worked too, the bait documents may have caused the attackers to rush their efforts and in some cases they were forced to edit the documents to make them look better.

The eventual dump of documents by the attackers included metadata showing Russian versions of Microsoft Office were used to edit some documents, and the name of an employee of a company providing information security services to Russian intelligence organizations was in document metadata showing the last person to edit at least nine documents.

Multiple documents were proven to be forgeries, including one which appeared to be an invoice for a Bitcoin payment for mephedrone ("bath salts") to be sent to the French National Assembly. The Bitcoin wallet and blockchain transaction data was easily determined to be fake.

Last modified on 11 May 2017
Rate this item
(0 votes)

Read more about: