And then, minutes before the close of campaigning Friday night, the campaign team of Emmanuel Macron — an independent running under the banner of his brand-new “En Marche!” (Onward!) party — announced that its internal communications had been compromised and scattered across social media.
“Intervening in the last hour of the official campaign, this operation is obviously a democratic destabilization, as has already been seen in the United States during the last presidential campaign,” Macron’s staff said Friday night, minutes before the start of a strict curfew on campaigning, which made further public response off-limits.
The announcement was all too familiar for those who had watched as embarrassing internal communications from Hillary Clinton’s presidential campaign seeped onto the Internet last summer, much to the delight of her opponent, Donald Trump, who won an upset victory in November. The correspondence, which included discussion of the Democrat’s private email server and the assessment of her own aides that her instincts could be “terrible,” became one of the tools Republicans used to disparage Clinton.
In France, few people even knew what was in the Macron team's emails. The blanket ban on campaigning meant that far-right candidate Marine Le Pen and her National Front couldn’t mention them, though a deputy leader of her party did tweet early Saturday, “Will #Macronleaks teach us something that investigative journalism has deliberately killed?”
The answer was no. Most media chose to heed a request from the France’s electoral commission not to reproduce the emails’ contents. Le Monde, the major French daily, said in a statement that it had seen part of the documents but would not publish their details before the election, due to the volume of the dump and because the release had “the clear goal of harming the validity of the ballot.”
The paper's editor, Jerome Fénoglio, said in an interview that the documents would have been leaked earlier if they had contained damaging information. As it was, he said, “the best hope was to make noise.”
He said the response of the media in France carried lessons for journalists elsewhere, including those in the United States who rushed to reproduce pre-election leaks without thoroughly investigating their origins.
“Hiding information is not the same thing as refusing to be manipulated by those who diffuse the information,” Fénoglio said.
Voters, meanwhile, mostly waved away the news, saying their decision came down to more consequential matters. And they backed Macron by a wide margin, 66 to 34 percent, handing him a decisive victory over Le Pen.
“The release is not important to me,” said Michèle Monnery, 74, after casting her vote for Macron in Laon, a small city in the north. “What matters to me is stopping Le Pen.”
Analysts immediately presumed the intrusion was designed to prop up Le Pen in the final stretch of a bruising campaign that had the power to dictate the future of an integrated Europe. They refrained, initially, from assigning blame for the hack, although experts concluded that its propagation began in the United States with a cluster of Twitter accounts run by members of a far-right movement whose aim is a whites-only state.
Now multiple research firms have linked the hacks to those that compromised the Democratic National Committee last year — links suggesting that Russian intelligence services accused of interfering in the American election may have sought to do the same in France. The finding was made last month, after the first round of voting, by Trend Micro, a Tokyo-based cybersecurity firm that fingered Russian hackers, known variously as Pawn Storm, APT28 and Fancy Bear. Recent analysis by Flashpoint Intel in New York came to the same conclusion, namely that the French hack “appears to be linked to the Russian state-sponsored campaign by APT28.”
Trend Micro, which has been tracking the Russian cyberthreat for years, briefed U.S., French, British and German government officials on a dramatic escalation of the Russians’ hacking campaign in the spring of 2015, said Tom Kellermann, who was the firm’s chief cybersecurity officer until last year.
“The Russians had taken the gloves off,” he said, including by calling on cybercriminals — or what he called “the dons of the cybercriminal community — to act as their Rottweilers.”
The campaign was being carried out by hackers working for the GRU, the military spy agency, under numerous monikers. PawnStorm, as Trend Micro calls the group, uses cybercriminals in part to distance its activities from the Russian government.
Macron’s campaign said the documents included routine emails and other internal communications interspersed with fake materials. A statement Monday from Mounir Mahjoubi, Macron's digital director, said his campaign had taken numerous cybersecurity precautions, notably by flooding phishing attempts with fake passwords. Mahjoubi said the campaign has faced several attempts each week to access its accounts.
The foresight to plant false information represents a savvy strategy on the part of the campaign, cyber-experts said.
“It’s a good practice to do that more and more,” said Alexander Klimburg, an expert on cyberwarfare at The Hague Centre for Security Studies who has been in regular contact with French civil service officers. “For me the question would be more if they were advised by the government to take certain steps.”
Frederick Douzet, a professor of cybersecurity and geopolitics at Paris 8 University, said the ordeal — addressed highly professionally by Macron’s campaign — did no visible damage to his candidacy.
“If anything, the hack and leak appeared as a desperate maneuver,” she said. Precisely because of the example of the American election, “people are aware that fake news is around, fake documents could be mixed with real documents and that some people are trying to influence the election,” she said. “People are not naive.”
Not just France, but Europe at large, has taken note, said Matthias Wählisch, a computer scientist and expert on Internet technologies at the Free University in Berlin. France knew it was not immune from the sort of attacks that occurred in the United States, he said, and now Germany, which has a consequential election of its own this autumn, is preparing itself, too.
Kellermann, the former Trend Micro officer, said he believes that the Obama administration’s response to Russia’s provocations last year was too little, too late — and thus emboldened the Russians to undertake a similar campaign in France.
“President Obama should have taken the gloves off ... to block and tackle in networks outside of the United States, and he should have initiated economic sanctions in the summer of 2016,” Kellermann said. If Washington had imposed forceful measures then, “I don’t think the European governments would be dealing with the overt types of influence campaigns that they’re dealing with now.”
Nakashima reported from Washington. Virgile Demoustier in Paris contributed to this report.