The Macron campaign headed off cyber-attacks with a creative use of fake data, according to the campaign's digital director.
In an interview with the New York Times, Mounir Mahjoubi, Macron's digital director explained how dealing with powerful cyber-attacks and presiding over an IT team which did not have time to track hackers, the campaign employed a kind of guerilla warfare against its would be assailants.
The new French president's campaign was attacked multiple times by attackers who are believed to be Fancy Bear, the group behind the “election hacking” of last year's US Presidential Election. The assault against Macron's campaign culminated on the eve of the election with a massive publication of documents that apparently came from inside the Macron campaign.
The nine gigabytes of data were shared on 4Chan and purported to show shady financial dealings on the part of the candidate. The authenticity of the documents was questioned and it was noted by several observers that the documents had been edited by Russian versions of Microsoft Office. Shortly after the dump, the French electoral commission encouraged the media “not to pass on this content, so as not to distort the sincerity of the ballot.”
Macron's En Marche! Campaign, perhaps cognisant of the role that cyber increasingly plays in electoral democracy, appears to have been prepared for exactly this event.
"We created false accounts, with false content, as traps," Mahjoubi told the NYT. The placement of dud information around a network in order to dupe attackers is more commonly known as Honeypotting. The Macron campaign apparently filled itself with fake documents and information, thereby hamstringing the attackers.
Mahjoubi explained that being forced to verify the documents they had stolen, would hamstring the attackers and if it wouldn't stop them, it would certainly slow them down: “Even if it made them lose one minute, we're happy.” Friday's dump apparently contained a soup of real documents, others that were fabricated by the hackers and fake emails from the campaign itself.
This is undoubtedly a novel way to defend oneself against attackers but Ilia Kolochenko, CEO of High-Tech Bridge told SC that they should “be used with a lot of caution. Otherwise, they can bring more harm than good.”
While honeypots can be an effective defence, added Kolochenko, “incomplete IT asset inventory, lack of continuous monitoring, improper or incomplete risk assessment – all these factors can nullify all the benefits of a honeypot. Moreover, honeypot management and related activities require quite a lot of time and other resources. Therefore, only if you are confident in your cyber-security operations and have a well thought out cyber-security strategy – should you consider effectively using honeypots.”