A president-elect suspected to be held hostage by a rival world power. A major election with dice rigged by cyber attacks and influential campaigns. A divided ruling class, thus weakened, where the future head of State disagrees with his intelligence agencies – his own “big ears”.
The transition to Donald Trump’s presidential term represents everything the Franch authorities want to avoid during their election. Five months before the election, the National Agency for information system security (ANSSI) strives to learn from the lessons about hacking in the American presidential campaign.
“Obviously we’re not having to do with attackers that just want to try their tricks out. There is a real strategy that includes cyber attacks, influence, distribution of information. Those are people that are being closely followed. Even if we can’t be sure that they’re always the same individuals, they are attackers knocking on the doors of our ministers”, Guillaume Poupard, director of the ANSSI, explains to France 24. He is notably in charge of securing the process of bringing the vote counts to the prefectures and the Ministry of the Interior.
Political formations in the line of fire
In France, just like in the US, the parties and the messaging systems used by politicians and campaign team members are the weak spots that hackers have the best chance to break and infiltrate.
The devastating attack that the democrat party in the US was a victim of actually started by a vast phishing campaign. This technique consists of getting personal information by pretending to be a trusted person or authority. The most common traps are links to identical versions of a login website, where users will enter their data that is then collected by the attackers.
“What we are seeing is a transition to attacking methods that already exist in the domain of industrial espionage. For political formations, it’s even easier to get organizational charts to find out the identity of people holding responsibility and their subordinates. The parties also organize more public events where their laptops and phones can get stolen”, Cyrille Barthélémy, CEO of Intrasec, one of the cyber-security firms recommended by the ANSSI, declares.
Enough information for hackers to identify their close friends and families, take over their identity, and potentially reach the holy grail of hackers: infiltrate the private messaging of a ruling person. The idea is to get as deep into the target’s life as is necessary to harvest all information that could get the unlucky owner of the email address in trouble. The email accounts of campaign team members can as well be hacked to get the passwords to their social media accounts such as Twitter or Facebook.
Helpless parties facing the dangers of cyber-attacks
Even though the techniques have not evolved a lot, the threat of cyber-attacks has increased tenfold. The acne covered teenager tinkering and hacking away in his garage – the image of a hacker in the popular imagination – has given way to real armies of hackers. According to the American Secret Service, the attackers responsible for the disaster in the American campaign were trained, paid and coached by the GRU, the secret service of the Russian army.
“It’s a real problem, because on one side, you have well-trained attackers, and on the other side, there are political parties. Fundamentally, [the political formations] are like SMBs, they are not really armed to face these attacks by themselves”, Guillaume Poupard explains.
The government agency only teaches about cyber-security and recommends making use of third party providers from their list of recommended companies. A symposium for political parties was organized in October 2016 to incite the managers of IT systems to improve their security.
The opaque world of cyber-security
The domain of cyber-security being opaque by its nature, it is difficult to keep track of past and currently running attacks. The ANSSI does not publish them and the parties claim that cyber-security is the biggest of their concerns.
“There has been no change in our approaches to the subject, we are always careful when facing a possible risk”, Gaëtan Bertrand, responsible for the IT behind Marine Le Pen’s campaign, declares on France 24.
The Republican party said that the attacks on the American campaign “were not really a surprise”, although the party has adopted new security measures such as protecting the USB ports on computers in their facilities.
Only Emmanuel Macron’s movement admits to having been hit by a cyber-attack: “We were the subject of an attack in October, which has taken down our website. We will not give details but we take IT security very seriously” a spokesperson of the En Marche! movement has told France 24.
Communicating with the public in situations of crisis
From the first revelations about the compromisation of Hillary Clinton’s campaign director’s email to the American secret services accusing Moscow, the cyber-attack against the elections appears as a poison that slowly corrodes the foundations of democracy.
A nightmare scenario that the French authorities are determined to avoid in case of a successful compromisation.
“If this happened in France and information got stolen and revealed to the public, I think that the people in question would intervene very quickly to explain what could have happened and warn about the unconfirmed nature of the leaked information, to avoid any kind of hype”, Guillaume Poupard asserts.
“For the American Secret Service, communicating with the public is very unusual. They are not used to it, they can’t say everything without the risk of revealing where they got their information from. In France, the ANSSI can speak openly because we are not involved with intelligence”, he adds.
A way of communicating in a crisis that could risk not being able to point the author of the attack. Cyber-security experts explain that in fact, it is almost impossible to determine the author of an attack on a technical basis. That’s where secret services and the police come in.
The denunciation of a state rival depends on a political decision all the more sensitive if the country in question is powerful.