How the new French President managed to outsmart the group of Russian hackers
When you hear the words “Fancy Bear” what’s the first thing that comes to your mind? Nothing? Not a single thing? You’ve drawn a blank, huh? Ok, if that’s the case we need to do a little bit of explaining before we go any further.
Now, while you might not recognize the words “Fancy Bear” you’ve definitely heard about their exploits over the past year year or so. Their? Yeah, you see, Fancy Bear is actually a group of extremely-skilled Russian hackers, that’s responsible for a number of high-profile breaches, attacks and leaks.
Some of their greatest hits include the 6-month-long attack on the German parliament back in 2014; the World Anti-Doping Agency hack, which leaked Olympic drug-testing files and who could forget the last year’s Wikileaks scandal that affected the US presidential race.
So yeah, these guys mean serious business…
What did Fancy Bear do this time?
If you were not following the French presidential elections, here’s the bottom line — during the final weeks of the election, the presidential race has come down to two candidates — Emmanuel Macron and Marine Le Pen.
Macron, the leading candidate is an inexperienced, independent political, and his opponent, Le Pen is more traditional and conservative politician endorsed by both the US President Donald Trump and the Russian President, Vladimir Putin.
And how does Fancy Bear come into all of this? On March 15 this year, the group started registering domains like mail-en-marche.fr and one-drive-en-marche.fr in an effort to trick the members of Macron’s political team into clicking on these links (by the way, Macron’s party is called En Marche).
The whole new style of cyber attacks
So how did the hackers attack? Well, they took advantage of certain vulnerabilities in cloud-based email services (like Gmail) to trick the En Marche party members into downloading fake apps, which compromised their Gmail inboxes.
These apps allowed the hackers to dig into hundreds of inboxes without having to steal a single password. This kind of attack is known as the “OAuth phishing” and the worst thing about these attacks is that, once the hackers reach the email accounts, the victims can’t even change their passwords to regain access to their accounts.
And while cyber-security experts have known about these kinds of attacks, this is the first time anyone has seen them in practice. Of course, once the hacking group got a hold of enough data (over 9 GB); they leaked it all on the Internet 48 hours before the election.
The leak was, naturally, carefully timed, #MacronLeaks spread across the twitterverse like wildfire and a number of media outlets thought that this be the death blow to Macron’s presidential campaign. However, a rather peculiar thing happened — the elections went without a problem, and Emmanuel Macron became the youngest President in the history of France.
But how did Macron manage to fight off these attacks?
We can assume that Macron’s party had a cyber-security team, all of the political parties do nowadays. But how did they manage to prevent a never-seen-before attack? And in the process allow their leader to come out of the situation basically harmless.
For starters, the cyber-security team was almost immediately aware that the criminals have set up those phishing addresses to fool their party members. So as Mounir Mahjoubi, Macron’s head of digital security explains, the team members started flooding the fake addresses with multiple logins and passwords; both the real ones and the fake ones.
The team used the hacker’s techniques against them. For lack of a better term, this defensive tactic could be called a reverse DDoS attack. Just think about it, Distributed Denial of Service Attacks are designed to cause an interruption of a certain service, host or server by flooding it with a huge volume of useless data.
This made things rather difficult for the Fancy Bear members, because they now had to spend hours and hours trying to figure out what was useful and what wasn’t. Yes, they managed to beat the hackers, not by protecting their information, but by giving them more information they could handle.
Although people tried digging through the data, the leaks turned up very little information (most importantly — nothing incriminating came out of it). Even the founders of Wikileaks became suspicious about the validity of the data. As you can see, in some cases, the best defense is a good offense.
So what’s the main takeaway from this?
We like to remind you again and again that no security method is completely bulletproof and in spite of your firewall, antivirus or even a VPN, cyber criminals can still find a way to invade your privacy, steal your identity, so on and so forth. You get the gist.
But this particular case can give us a little hope for a better or to put it accurately, more secure future. Because as Macron’s security team has shown us, no matter how skilled your attackers are, with enough logical thinking, you can actually beat them.
We’ve developed AlterEgo to protect your personal data. It generates full virtual identities with: email addresses, passwords, usernames or any credential you need for subscriptions, so you don’t expose your personal data.
Try AlterEgo here, it’s free.