A few days after Sunday’s first round of voting in France’s heated presidential race, Western officials and media decided to pick up on the report of the Tokyo-based cybersecurity firm Trend Micro, which found that unknown hackers had set up several fake web domain names similar to those of the Macron campaign, in an effort to trick Macron campaign workers into compromising their email accounts using a technique known as phishing.
Feike Hacquebord, a researcher with the firm, said that the hackers set up four fake email phishing accounts to mount attacks against Macron’s “En Marche!”, or “Onwards” movement, using a fake server located at onedrive-en-marche.fr, portal-office.fr, mail-en-marche.fr and accounts-office.fr in March and April.
Hacquebord said that while he could not confirm that the hackers were Russian, he “had found evidence” that the spy group, dubbed Pawn Storm, better known under the name of Fancy Bear might be behind the attack.
The news was quickly picked up by mainstream media which repeated the previously unfouned claims that the group is tied to Russian intelligence.
Trend Micro has neither responded to Sputnik’s query on the issue nor has made public the report which alleged Russia’s involvement.
Sputnik France sat down with Pierre Curien, a regional director of Russian anti-malware company Dr. Web, who explained why such claims don’t stand up to even the slightest scrutiny.
“Nobody can claim that this information is true until police catch the criminals in front of their computers with their hands on the keyboard. The police should study all the IP-addresses first to be able to analyze the origin of the cyberattacks,” he told Sputnik.
“As far as I can see, the report has only revealed the e-mail addresses, not the IP-addresses. All those onedrive-en-marche.fr, portal-office.fr, mail-en-marche.fr, accounts-office.fr are the names of domains, websites,” he explained.
A simple check with an online tool which can trace the status of a domain using the French domain names registry AFNIC showed that the domains were registered by a company with GmbH extension, which implies Germany. The associated phone numbers had Ukrainian and French regional codes.
“You have to identify where the attack came from, who tried to break in through these websites,” Curien said, adding that the police still have quite a bit of delicate work to do to discover this.
Meanwhile, he said, nothing suggests that the police have even attempted to identify where the attacks through these domains came from.
Verification can take a very long time, as well as finding associations to the hacking group which was behind the US Democratic National Committee hack, as it was previously claimed, he said.
Doctor Web’s General Director Boris Sharov also commented on the issue saying that judging by the experience of his company, it could take from several months up to a year or even longer to identify an author of an attack after the first signal of a hacking attempt.
While the final results of the French presidential runoff are yet to come, it’s only too clear that the media are ready to blame “Russian hacking” when elections don’t turn out as expected, be it the Brexit vote or the US presidential election.