Qui ose gagne ?
Did En Marche ! get the last laugh against the ‘alt-right’?
The French Presidential elections have seen their fair share of drama and intrigue over the past year. The French political scene has been drastically altered by En Marche !, the start-up-esque party which just elevated 39-year-old novice Emmanuel Macron to the French presidency. In the final days preceding the runoff between Emmanuel Macron and Marine Le Pen, French politics was given a taste of the same tools of hacks and leaks which struck the American presidential elections last year. However, in the French case, the leaks had little-to-no impact, both in the election result itself and in the media reaction following Macron’s win. Why the silence? The answer comes down to three factors: poor timing, sloppy execution, and an active security strategy pursued by the Macron campaign.
The Leak
On 5 May, the Macron campaign announced that some of its email accounts had been penetrated, and soon thereafter 9GB of content purportedly lifted from En Marche ! servers was dumped onto the 4Chan chat forum called /pol/ by various hacker groups including FancyBear, suspected to have ties to the Kremlin. Wikileaks jumped on the data, reposting and sharing it en masse. Over the past year, /pol/ has become infamous as a rallying point for alt-right ‘trolls’. The Macron Campaign however quickly called their bluff, asking for details of the documents being shared to which Wikileaks responded, “we have not yet discovered fakes in #MacronLeaks & we are very skeptical that the Macron campaign is faster than us.” Here is where the En Marche ! security strategy comes in, as articulated by Mounir Mahjoubi, IT guru and Macron’s digital strategist. Phishing attacks against campaign email accounts were fed passwords to accounts containing both true and bogus information. Real campaign documents were also mixed in with fake documents, marked so that En Marche ! personnel could tell them apart, and additionally purchase receipts with inexistent bitcoin transaction numbers were attached to the fake emails. The idea behind these measures was to flood any dump with useless and incorrect information, thus preventing sensational coverage of the contents of leaked emails from reaching voters before election day.
Poor Timing: The Media
By Sunday, the French media had largely ignored the leaks. Macron clearly benefited here from the French context. As New York Times writer Rachel Donadio notes:
“The contrast may have been amplified further by the absence of a French equivalent to the thriving tabloid culture in Britain or the robust right-wing broadcast media in the United States, where the Clinton hacking attack generated enormous negative coverage.”
Libération editor Johan Hufnagel also noted the difference between the francophone and anglophone media environments, pointing out that there is no Fox News in France.
Equally as important were the election rules in France, which forbid active campaigning and election-related reporting in the 48 hours before voting begins. The idea is to inhibit misinformation campaigns launched too close to the election for the target candidate to adequately refute their claims. Since the supposed leak was dumped within this time period, the media did not have a chance to look at the documents, nor was the Le Pen campaign able to capitalize on its contents. Le Monde tagged all their election-related articles with a disclaimer saying that, as per regulation, the paper would not comment on the contents of the leaks until after the election. They additionally remarked that they would refuse to discuss details of the dumped documents until they’d be adequately reviewed. This process takes weeks, not hours or days, even with the aid of AI data analytics programs. That being said, Macron’s polls had already jumped earlier in the week due to a strong debate performance, and most voters had probably already made up their minds by the Friday before Election Sunday.
The bottom line: too little, too late.
Sloppy Execution: Twitter, #MacronLeaks, and the alt-right
Moreover, it became clear that the individuals tweeting about the MacronLeaks had not a) read any of the documents and b) generally did not speak French. The dump made no waves in the French media on Monday, and it was clear that voters, both right and left, had not been swayed by the dump.
If one were to have turned on France 2’s Twitter-embedded live broadcast and watch the stream of tweets relating to the présidentielles, one would have quickly note something strange. The vast majority of Tweets were in English from non-French accounts, and nearly all the anti-Macron Twitter traffic was from American users tweeting in English. We are of course discussing a key election in the world’s fifth-largest economy, but anyone who knows Americans knows that we generally avoid too deep an understanding of things outside our own borders. An additional observation was made by Kris Shaffer:
“5% of users accounted for a full 40% of the tweets. The most prolific account tweeted 1668 times in the roughly 24 hours of data ― that’s faster than a single (re)tweet per minute, all day with no sleep.”
So, clearly, bots were involved. Why all of the sudden so many English-speaking accounts generally unconcerned with European politics would begin tweeting in English with a French hashtag (#présidentielles2017, #Elysée2017, etc) should itself be suspect. Even if you haven’t run the analytics that Shaffer did, the attempt at advocacy and manipulation is obvious. Similar work was done immediately following the first round and succeeded in Trending #SansMoiLe8Mai and #NiPatrieNiPatron, encouraging abstention. Despite the massive number of tweets and retweets of these hashtags (again, many from bot anglophone accounts), polls show that the majority of leftist Jean-Luc Mélenchon and Benoît Hamon supporters chose to vote for Macron rather than to abstain.
Why the bots? The answer is simple: create chaos and at the same time feign anti-Macron consensus. As Shaffer concludes, the goal is simply to “control the narrative” by staying on the offensive, or “keeping the ball on your side of the field”.
I myself looked into a few of these retweeting accounts and quickly stumbled upon the latest ‘alt-right’ movement: the ‘slav-right’. Led by Americans of Central European Slavic descent, this movement originally formed in early 2016 in support of the Polish, Slovakian, Czech, and Hungarian push-back against the EU’s refugee policies. Most recently, ‘slav-right’ mascot Jack Posobiec was involved in promoting the Trump campaign online, running in Internet circles with the likes of alt-right figurehead Milo Yiannopolous.
The issue in the case of the #MacronLeaks was retweeters’ lack of familiarity with the information dumped and thus their inability to verify it. Posobiec himself told the New Yorker that “nobody knew what was in the documents, so it was possible that people looked at one and went, ‘O.K., this is a budget spreadsheet,’ and got bored.”
The potential direct involvement of foreign governments in the leaks is uncertain at this time; however, some kind of Russian involvement, either private or governmental, is clear.
Wikileaks, while reading through the leaked information, tweeted on 6 May that it had found the name of an employee of the FSB-contracted Russian security company Eureka (Еврика) on the metadata for nine of the documents. Additionally, “forensics specialists found that one of the leaked Excel documents from Mr. Macron’s campaign had been modified on a Russian version of Excel, and edited on Russian-language computers.” Among these fabricated documents were nearly all of the bitcoin purchases found thus far within the dump, with the new President supposedly buying, amongst other things, crystal meth. It is, in my view, doubtful that Macron would have fed this alleged habit using a Cyrillic keyboard from a Russian IP address with Russian-language spreadsheet software. This doesn’t implicitly indicate Russian state involvement, but the link to FSB contractors does leave plenty of room for inference.
This link was, strangely, reported by both the French and English-language editions of the Russian state-controlled Sputnik news site. While Russian state media have certainly not been kind to Macron in the election, they have not themselves pursued the kind of concentrated campaign of disinformation used against Clinton in the American Presidential elections. Since Macron’s win on 7 May, Sputnik and RT have occasionally even shown optimism about the new President and prospects for Franco-Russian relations, casting doubt on a theory of direct Kremlin involvement in MacronLeaks. Some information security specialists have argued that the phishing attack and leak were carried out so haphazardly that it’s doubtful the Kremlin was directly involved. They probably could’ve done better.
Regardless of speculation, the leaks were so obviously foreign in both origin and in promotion that the immense pile of documents didn’t trigger much public outrage or intrigue. Most of the noise surrounding the leaks came from hard-right anglophone accounts, a.k.a. not the kinds of places your average French voter is going to look for election information. The political attitude in France seemed to be watching a tired old trick from a tired old show-pony: we’ve seen this all before, and we’re not buying it. This also shows the disconnect between the alt-right and the traditional French far-right. Le Pen and the political forces which propelled her into the second round don’t look much like Jack Posobiec or Milo Yiannopolous. The common thread of anti-establishmentarianism is, of course, present. However the constant comparisons drawn by the American media between the Trump phenomenon and the French Presidential Election do not hold water. France is a different political context. The Front National is not the GOP. Marine Le Pen is not Donald Trump. While French voters indeed could have chosen Le Pen, that victory would have had little to do with a ‘global alt-right’ movement that the American media seem determined to link to every election around the world.
The bottom line: whoever coordinated the leaks, they either chose the wrong messengers or they chose no one at all. Poor execution allowed En Marche !’s press statement to get out ahead of the leaks and delegitimize their contents.
Lessons Learned: The Strategy of En Marche !
While the main lesson from MacronLeaks comes from the operation’s shoddy execution, there is also something to learn from how Mahjoubi and his team handled the campaign’s strategy online. We can expect to see similar strategies against leaks and disinformation employed by campaigns elsewhere in the future. En Marche ! may have benefited from a healthy skepticism inherent in French voters, but the obvious inauthenticity of the leak caused by the smart countermeasures from Macron’s team defused the story almost immediately. En Marche ! took the narrative back from those trying to control it. No publications in the French language jumped on the content, and the coverage has thus far been limited to investigating the identity of the hackers and of the users who published and shared the data released. This active security approach differs greatly from the DNC’s failed strategy, which seemed to be to sit behind password walls, then hope and pray. The En Marche ! strategy gets out ahead of opponents, a wise move at a time when campaigns, particularly those opposing the far-right, can expect to be targeted by hacktivists and other hostile actors. Accounts of the Macron team “outsmarting” potential hackers are likely overblown, but creating fake information and accounts to confuse attackers and delegitimize leaks was certainly an intelligent precautionary measure. Such measures served the campaign well in the 48 hours before its impressive victory.
Jackson Webster is a graduate of the King’s College London Department of War Studies and is currently a master’s student at Sciences Po Paris. His studies concentrate on European security issues, with focuses on Russia, hybrid warfare techniques, and cybersecurity.
Sources:
http://www.thedailybeast.com/articles/2017/05/06/did-macron-outsmart-campaign-hackers
http://www.jeuneafrique.com/433385/politique/mahjoubi-latout-geek-demmanuel-macron/
