Did Marine Le Pen command #MacronLeaks on live TV ?
Several journalists reached out to me to ask about the attribution of #MacronLeaks, as we know attribution with absolute certainty is difficult and can be purposely misleading as we have seen in recent leaked CIA documents.
It was a known fact that the Front National had to solicit Russian Banks to finance their campaign as French banks refused to.
But after French far-right candidate, Marine Le Pen, held a highly visible meeting with Russian President, Vladimir Putin, at the height of the presidential campaign, French citizens started to question even more her ties and the nature of her relationships with the Kremlin.
Bad OPSEC in Front of National TV
Although during the 3rd May Presidential Debate, towards the end (English), when Marine Le Pen knew she lost the credibility in the debate this happened:
Since many aren’t Francophone, and that the English real time translation is very hard to understand due to the fragmented sentences let me transcript and decode it for you.
EM: The business party is yours. The party who does not go in front of the judges is yours. Not mine.
MLP: The business party is mine ? Be careful what you say Mr Macron. I hope we won’t learn anything in the upcoming days or weeks. Because you give lesson…
EM: Oh you know many tried. Including your friends. Many unsuccessfully.
<awkward pause>
MLP: All good ? I can talk now ? (…) Nobody understood your tax assets return.
EM: The FISC (French IRS) and the High Authority understood it but didn’t understand yours and send yours back to the judges.
(…)
MLP: I hope we won’t learn that you have an offshore account in the Bahamas or something. I don’t know.
EM: Mme MLP, this is defamation be careful.
MLP: I say “I hope” — I hope.
EM: In your case, we know you have under valued assets and are under investigation. This is not my case.
As we can clearly see from the video, this was clearly an attempt to undermine the Mr Emmanuel Macron — now President-Elect of France.
Attempts and Mysterious ‘Friends’
Macron also mentioned that many people tried, including friends. Now what are those attempts that are being mentioned by EM ?
“Many Tried”
We knew already that phishing attempts happened in March and April due to some malicious domain name being registered — and more recently Mr Mounir Mahjoubi, Head of Macron’s Digital Team, claimed they fed the attackers with fake data as they were well aware of those.
“Including your friends”
Who was Emmanuel Macron referring to when he mentioned “Marine Le Pen’s friends” ? Russia ? 4chan ? No conclusion here, but this is obvious that En Marche! was well aware of the hacking campaign against them. It was even reported late April by the NYTimes.
#MacronLeaks
4chan /pol/
Before the emails started to spread, a 4chan’s user published fake documents suspiciously echoing to Marine Le Pen allegation during the presidential debate which happened few days before.
torrents
The list of torrent files were initially posted on pastebin.com, with links to archive.org which quickly got shut down before being re-posted as magnet links, and then relayed by American ‘alt-right’ media personality Jack Posobiec, who maintains a large twitter following and happens to be a disciple of Roger Stone, the man implicated in the also suspiciously timed email leaks against the Democratic National Committee and Clinton Presidential campaign last year.
Interestingly enough, 4chan and Posobiec and the alt-right social media network also played a large role very recently in pushing Russian originated disinformation regarding the April 5 chemical weapon strike in Syria, which Russian officials and Russian state media claim was a false flag operation rather than a chemical weapon strike by Russia’s ally Bashar al-Assad.
I won’t go in the details of the files themselves, the grugq did it here, the main takeaways from it are:
- Emmanuel Macron’s emails were not leaked in that dump.
- Its large volume (GBs) make think that the attacker was an attempt to manipulate the online press to get Buzzfeed like headlines from the journalists such as “GigaBytes of Emails belonging to French Presidential Candidate ! Here is why !”
- Its content was mainly rubbish, and it even fooled WikiLeaks who shared the link online — and who lost credibility as they demonstrated they can’t make the difference between whistle-blowing and politically motivated hacking.
- Some documents with no relationship with En Marche! or Emmanuel Macron got leaked. For instance, 2002 documents — back then EM was 25 years old, it would be very difficult to find political worthy dirt on someone so young.
- A series of Excel files, that contained some metadata appended during a modification by the leaker.
Metadata
The Cyrillic name of one of the editor, Рошка Георгий Петрович, appears 9 times across the Excel documents leaked the day before the 2nd Round of the Election.
Why is this name in the files ? Because the last editor had his Excel version registered to the above name, this also implies the person modified those Excel files which is why his name got appended.
PS > $count = Get-Childitem -Path . -Include *.xml -Recurse | Select-String “Рошка Георгий Петрович”
PS > $count.Length
9
But is Рошка Георгий Петрович a really behind all of this. As I mentioned at the beginning metadata can be altered — there are two potential scenarios:
- This is an operational mistake.
- This was purposefully left behind or appended on purpose as a misdirection “breadcrumb” so Russia would be finger pointed.
This is not the first time the French Presidency had been targeted by a foreign government, but this time the attacker clearly wanted to have an impact on the voters for the Presidential election but also the “législatives” happening in June.
Attribution is hard but …
Making public statements is a known technique used by the intelligence community to avoid any record.
Verified attribution of the chain of complicity in cyber attacks and information warfare is not an exact science, indeed the Excel metadata may or may not have been left on purpose to obfuscate and confuse. Although, one thing is certain — Marine Le Pen’s veiled threat against Emmanuel Macron on French live television that these leaks may happen (again the parallel with Roger Stone and the Hillary Clinton leaks are remarkable given that Stone also hinted on social media that these leaks were forthcoming), make this operation look like it was part of a loose command & control structure run by her unidentified “friends” that would in turn offer Le Pen a measure of plausible deniability.
