This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.nytimes.com/2017/04/24/world/europe/macron-russian-hacking.html

The article has changed 2 times. There is an RSS feed of changes available.

Version 0 Version 1
Russian Hackers Who Targeted Clinton Appear to Attack France’s Macron Russian Hackers Who Targeted Clinton Appear to Attack France’s Macron
(about 3 hours later)
The campaign of the French presidential candidate Emmanuel Macron has been targeted by what appears to be the same Russian operatives responsible for hacks of Democratic campaign officials before last year’s American presidential election, a cybersecurity firm warns in a new report. The campaign of the French presidential candidate Emmanuel Macron has been targeted by what appear to be the same Russian operatives responsible for hacks of Democratic campaign officials before last year’s American presidential election, a cybersecurity firm warns in a new report.
The report has heightened concerns that Russia may turn its playbook on France in an effort to harm Mr. Macron’s candidacy and bolster that of Mr. Macron’s rival, the National Front leader Marine Le Pen, in the final weeks of the French presidential campaign.The report has heightened concerns that Russia may turn its playbook on France in an effort to harm Mr. Macron’s candidacy and bolster that of Mr. Macron’s rival, the National Front leader Marine Le Pen, in the final weeks of the French presidential campaign.
Security researchers at the cybersecurity firm, Trend Micro, said that on March 15 they spotted a hacking group they believe to be a Russian intelligence unit turn their weapons on Mr. Macron’s campaign — sending emails to campaign officials and others with links to fake websites designed to bait them into turning over passwords. Security researchers at the cybersecurity firm, Trend Micro, said that on March 15 they spotted a hacking group they believe to be a Russian intelligence unit turn its weapons on Mr. Macron’s campaign — sending emails to campaign officials and others with links to fake websites designed to bait them into turning over passwords.
The group began registering several decoy internet addresses last month and as recently as April 15, naming one onedrive-en-marche.fr and another mail-en-marche.fr to mimic the name of Mr. Macron’s political party, En Marche.The group began registering several decoy internet addresses last month and as recently as April 15, naming one onedrive-en-marche.fr and another mail-en-marche.fr to mimic the name of Mr. Macron’s political party, En Marche.
Those websites were registered to a block of web addresses that Trend Micro’s researchers say belong to the Russian intelligence unit they refer to as Pawn Storm, but is alternatively known by the name Fancy Bear, APT 28 or the Sofacy Group. American and European intelligence agencies and American private security researchers determined that the group was responsible for hacking the Democratic National Committee last year. Those websites were registered to a block of web addresses that Trend Micro’s researchers say belong to the Russian intelligence unit they refer to as Pawn Storm, but is alternatively known as Fancy Bear, APT 28 or the Sofacy Group. American and European intelligence agencies and American private security researchers determined that the group was responsible for hacking the Democratic National Committee last year.
On Tuesday, Trend Micro’s researchers plan to release their report detailing cyberattacks in recent weeks against Mr. Macron’s campaign — as well as members of Germany’s Konrad-Adenauer Stiftung, a political foundation linked to Chancellor Angela Merkel’s political party — in what appear to be the latest Russian effort to influence political outcomes in the West. On Tuesday, Trend Micro’s researchers plan to release their report detailing cyberattacks in recent weeks against Mr. Macron’s campaign — as well as members of Germany’s Konrad-Adenauer Stiftung, a political foundation linked to Chancellor Angela Merkel’s political party — in what appears to be the latest Russian effort to influence political outcomes in the West.
The Kremlin scoffed at the report. Dmitri Peskov, the spokesman for President Vladimir V. Putin, said Monday in Moscow that “this all recalls the accusations that came from Washington and which are still suspended in thin air.” In remarks to Russian news media, he added that Russia had “never interfered in foreign elections. The Kremlin scoffed at the report. Dmitri S. Peskov, the spokesman for President Vladimir V. Putin, said Monday in Moscow that “this all recalls the accusations that came from Washington and which are still suspended in thin air.” In remarks to Russian news media, he added that Russia had “never interfered” in foreign elections.
But the report’s findings gave some credence to the “strong suspicions” voiced weeks before Sunday’s voting by Mr. Macron’s digital director, Mounir Mahjoubi, that Moscow was the source of what he said had been a barrage of “highly sophisticated” efforts to gain access to the campaign’s email accounts.But the report’s findings gave some credence to the “strong suspicions” voiced weeks before Sunday’s voting by Mr. Macron’s digital director, Mounir Mahjoubi, that Moscow was the source of what he said had been a barrage of “highly sophisticated” efforts to gain access to the campaign’s email accounts.
Mr. Mahjoubi said both in an interview Monday and earlier in April that he had no proof of a Russian role, but that the nature and timing of so-called phishing attacks and Web assaults on the Macron campaign had stirred worries that Russia was repeating in France what American intelligence agencies say was a concerted effort to undermine Hillary Clinton’s campaign. Mr. Mahjoubi said in an interview Monday and earlier in April that he had no proof of a Russian role, but that the nature and timing of so-called phishing attacks and web assaults on the Macron campaign had stirred worries that Russia was repeating in France what American intelligence agencies say was a concerted effort to undermine Hillary Clinton’s campaign.
“The phishing pages we are talking about are very personalized web pages to look like the real address,” Mr. Mahjoubi added. Anyone could easily think he was logging in to his own email. “They were pixel perfect,” he said Monday night. “It’s exactly the same page. That means there was talent behind it and time went into it: talent, money, experience, time and will.” “The phishing pages we are talking about are very personalized web pages to look like the real address,” Mr. Mahjoubi added. Anyone could easily think he was logging into his own email. “They were pixel perfect,” he said Monday night. “It’s exactly the same page. That means there was talent behind it and time went into it: talent, money, experience, time and will.”
The goal was to obtain the email passwords of campaign staff members so a cyberattacker could lurk inside an email account reading confidential correspondence. “If you are speed reading as you sign on, and everybody speed reads online, it’s something you might not notice,” Mr. Mahjoubi said. “For instance, it uses a hyphen instead of a dot, and if you are speed reading you don’t look at the URL.” The goal was to obtain the email passwords of campaign staff members so a cyberattacker could lurk unseen inside an email account reading confidential correspondence. “If you are speed reading as you sign on, and everybody speed reads online, it’s something you might not notice,” Mr. Mahjoubi said. “For instance, it uses a hyphen instead of a dot, and if you are speed reading you don’t look at the URL.”
Unlike the attacks aimed at Mrs. Clinton’s staff, those directed at the Macron camp, Mr. Mahjoubi said, failed to gain access to any email accounts used by the candidate or his lieutenants.
This winter, the campaign’s website also came under attack. The attacks coincided with highly slanted articles about Mr. Macron on the French language services of Sputnik and RT, formerly Russia Today. Both are state-funded Russian news media outlets.This winter, the campaign’s website also came under attack. The attacks coincided with highly slanted articles about Mr. Macron on the French language services of Sputnik and RT, formerly Russia Today. Both are state-funded Russian news media outlets.
Mr. Mahjoubi described the phishing attacks as the “invisible side” of an apparent Russian campaign to hurt Mr. Macron, while the “visible side” took the form of fake news or highly slanted stories in the French-language Russian media. The coincidence of the hacking of the Macron campaign website, the phishing attacks and the slanted articles caused Mr. Mahjoubi to consider that there might be Russian involvement. “That was only a supposition,” he said, based on the timing.
Russia, or at least its state-controlled media, clearly favored Ms. Le Pen. Mr. Mahjoubi described the phishing attacks as the “invisible side” of an apparent Russian campaign to hurt Mr. Macron, while the “visible side” took the form of fake news or slanted stories in the French-language Russian media.
The success of its cyberattacks in the United States have only bolstered the group’s ambitions, security researchers say. Russia, or at least its state-controlled media, clearly favored Ms. Le Pen, who criticized European Union sanctions imposed on Russia after it annexed Crimea in 2014 and voiced support for Moscow’s intervention in Syria to prop up President Bashar al-Assad.
The success of its cyberattacks in the United States has only bolstered the Russian hacking group’s ambitions, security researchers say.
“This is the new normal,” said Tom Kellermann, a cyberintelligence expert and the chief executive at Strategic Cyber Ventures. “Geopolitical events will now serve as harbingers for these types of attacks.”“This is the new normal,” said Tom Kellermann, a cyberintelligence expert and the chief executive at Strategic Cyber Ventures. “Geopolitical events will now serve as harbingers for these types of attacks.”