WikiLeaks has published over 20,000 emails from Emmanuel Macron’s presidential campaign which were dated between 2009 and 2014.
The data breach of Macron’s campaign servers follows similar breaches suffered by Hillary Clinton’s campaign as well as Ukrainian political parties.
Yesterday, WikiLeaks published a treasure trove of over 70,000 hacked emails, out of which 21,075 carried signatures of individuals and addresses associated with Emmanuel Macron’s presidential campaign team. The database leaked by WikiLeaks also contained over 25,000 attachments and details of 4,493 unique senders.
The breach is poised to have a significant impact on the French political landscape considering that internal emails sent and received by Macron’s team over a period of five years could reveal details of controversial political, economic and international relations strategies.
The data breach hasn’t really surprised many as Macron’s campaign team had flagged hacking attempts by suspected Russian hacker groups even before the elections took place. The fact that Macron is a vocal critic of the Russian government’s policies, especially in Syria, makes him a natural target for hackers. Unlike Macron, Marine Le Pen, his strongest competitor, was sympathetic to Russians and her campaign did not face any cyber-attacks.
While it is too early to measure the fallout, the leaked emails are expected to attract reactions from political opponents, neighbouring countries as well as groups and organisations from all over the world. However, Macron’s team won’t be alone in the fight as a number of political parties in Europe as well as in the United States have been victims of cyber-attacks in the recent past.
Even in Germany which is preparing for general elections in September, political parties have raised an alarm over a series of cyber-attacks being attempted by suspected state-sponsored hacker groups. Angela Merkel’s Christian Democratic Union (CDU) has been at the receiving end of most of these cyber-attacks.
The party claims that information obtained via cyber-attacks is being used by Russians to create fake news and propaganda to influence opinions of voter ahead of the September elections. Disinformation campaigns run by hackers included the rape of a 13-year Russian-German girl at the hands of migrants as well as about the father of former European Parliament President Martin Schulz running a Nazi concentration camp during the world war.
Last month, on the eve of British parliamentary elections, suspected hackers managed to infiltrate as many as 90 email accounts belonging to MPs including Prime Minister Theresa May as well as several of her cabinet colleagues.
Security services believed that hackers may use information gained from the compromised email accounts to blackmail MPs, and thus made changes to these accounts and also locked out affected MPs from their respective email accounts.
While cyber-attacks on political parties aren’t new, they have become almost a norm, especially in countries that are facing general elections. It all began when Russian hackers hacked into the election-related software to launch a voter-registration themed spear-phishing campaign in the U.S. just ahead of the elections.
According to a leaked NSA report, the hackers “executed cyber espionage operations against a named U.S Company in August 2016”. This was evidently “to obtain information on elections-related software and hardware solutions.” Hackers also obtained huge amounts of data from the Democratic National Party’s email servers which they then used to spread disinformation among the public.
‘Hillary Clinton’s private email server, the Democratic National Convention leaks, the Ukrainian election hack, and now Macron’s hacked emails have made cyber security a focal point for any major election. Not only must we protect the integrity of our electronic voting systems, but election data breaches are becoming all too common and can be devastating for a candidate and a nation at large,’ says Ken Spinner, VP of Global Field Engineering at Varonis.
He adds that political parties must focus on and invest heavily in cyber security to prevent hackers from obtaining data which they can use to disrupt government, enterprise, and the global economy. Campaign data like donor lists, strategies, demographics, sentiment, and opposition research are a gold mine for hackers and as such, thwarting them needs to be the primary goal of political parties.
‘Candidates and their teams need to make sure their data has basic controls in place–data can’t be open to everyone, users shouldn’t be able to access what they’re not supposed to, and all access should be monitored and recorded. You can’t catch what you can’t see, and too many organizations are flying blind,’ he adds.
In Germany, political parties and national cyber security organisations are calling for a new law which will enable the country to attack and damage servers owned by hackers to prevent them from conducting further cyber-attacks.
“We believe it is necessary that we are in a position to be able to wipe out these servers if the providers and the owners of the servers are not ready to ensure that they are not used to carry out attacks,” said Hans-Georg Maassen, president of the BfV agency which is entrusted with keeping the Constitution secure.
If such a proactive approach is adopted by European countries, they will be able to pre-empt hacking attempts and will be able to nip such groups in the bud. However, all hacker groups do not necessarily announce their arrival so it is also pertinent for nations to implement strong cyber-security practices to ensure their servers are not hacked by unknown attackers.