The Macron Leaks: The Defeat of Informational Warfare

May 30, 2017

As the United States was investigating Russia’s interference in the U.S. presidential election, many observers expressed concerns that France might be the next target of Russia’s information warfare strategy. History indeed repeats itself, unless one draws lessons from past mistakes. After France’s new president, Emmanuel Macron, told a reporter during a press conference with Russia’s president, Vladimir Putin, that during the French electoral campaign Russia Today (RT) and Sputnik “were agents of influence which on several occasions spread fake news about me personally and my campaign. They behaved like organs of influence, of propaganda and of lying propaganda,” there are good reasons to think the lesson from the U.S. election has been learnt.

Until election day, it felt like somebody was playing the same trick in every election in the West. First came the hacking of several institutions and political parties. Then fake stories on Macron emerged, spread both via social networks or published directly by Russian state media outlets Sputnik and RT. These stories were aimed—in a somewhat awkward way—at casting doubts over Macron’s private life and professional ethics. Later on, Julian Assange of WikiLeaks told Izvestia with a menacing ambiguity that he owned “interesting documents” linked to Macron, echoing its statement late in the U.S. electoral campaign in October 2016. Many observers started to speculate that the leakers had established a precise timeline to cause maximum impact on French public opinion on election day. Finally, two days before the election—as a mandatory media blackout enforced by the electoral commission was beginning—came the “Macron leaks,” an anonymous dump on the Internet of an enormous collection of documents allegedly originating in the Macron campaign.

From the outset of the electoral campaign, Russia had never concealed its aversion for Macron, who represented the kind of pro-European figure it disliked, contrary to Marine Le Pen. We may never know whether the so-called Macron leaks originated from Russia, from domestic actors, or from private foreign individuals hostile to Macron. A plausible pattern is that, just like during the U.S. electoral campaign, a combination of state (most likely Russia) and nonstate interests colluded to generate a media buzz, then disseminated by opponents to Macron, especially far-right groups. It is a fact that the attack was consistent with Russian hacking teams’ modus operandi and Russia’s strategy of information warfare. Still, in the cyber world, attribution is a difficult game, and it might prove impossible to find or name the entity responsible for the Macron leaks (some even went as far as to suggest that the entire story could be a false flag operation).

French institutions had fully anticipated the risk of external interference in the electoral process. As early as October 2016, when it became clear that the Democratic National Committee leaks could damage the U.S. electoral process, the French National Cybersecurity Agency summoned all political parties to raise awareness of the risk of manipulation. All but the National Front attended. In December, the minister of defense announced the creation of a French cyber command, composed of 2,600 cyber fighters, able to prevent and retaliate against cyber attacks. In February 2017, then-Prime Minister Jean-Marc Ayrault stated that “the risks of interference are very high,” made clear it was a matter of “national sovereignty,” and warned that any attempt “either from Russia or from any other country” would be met with a proper response. While this statement fell short of establishing a full-blown deterrence doctrine, it undermined any potential leak in advance by labeling it a manipulation. The electoral commission then established a mechanism allowing a candidate to request an investigation if it detected a cyber intrusion, the findings of which would be publicly endorsed by the Cybersecurity Agency. Finally, in March 2017, the electoral commission banned electronic voting overseas for the legislative elections, claiming to avoid a risk of cyber manipulation.

These measures paid off immediately after the documents were dumped on Friday night, April 21. The electoral commission published a statement urging all media outlets to respect the campaign blackout period and not to comment on the “Macron leaks” before election day. What might have been perceived in the United States as an infringement on freedom of speech was presented in France as an attempt to protect the fairness of the electoral process. Most of the outlets heeded the call.

But it is the Macron campaign itself that delivered the kiss of death to the intruders. Immediately after the leaks shared on an ad hoc platform were retweeted by WikiLeaks and gained attention, the Macron campaign claimed they contained fake information. Then, Macron’s head of digital operations, Mounir Mahjoubi, bragged that the campaign had deliberately forged some documents and proactively planted false information in others, forcing WikiLeaks to distance itself from the growing scandal. Analysis carried out by social media followers indeed showed that some documents contained Russian characters, while others were grossly fabricated. Within a few hours, the campaign had successfully cast doubt on the validity of the whole selection of documents. It further proclaimed WikiLeaks guilty by association for retweeting the documents, damaging the credibility of the platform, despite WikiLeaks recalling that it had never published any of these documents on its own website. Finally, the accusation deflected attention from the alleged deeds of the target to Russia, which Mahjoubi designated as the potential attacker. While the media continued to report on the story in the following days, they lost interest in the documents themselves and focused on the attack instead. It was impossible to know which documents were genuinely attributable to Macron’s campaign within such a short time span.

Altogether the “Macron leaks” didn’t have nearly as much influence on the election campaign as the traditional journalism of one well-known French media outlet, Le Canard Enchaîné, which published revelations that marred François Fillon’s campaign. A respected satirical newspaper founded in 1915, Le Canard Enchaîné publishes incriminating stories on any political party and proudly refuses advertisements to ensure its independence. The effect of its reporting, which depended on seasoned journalists carefully evaluating and analyzing inside information, was far greater than the impact of a massive, indiscriminate dump of unverified files by the hackers. In the Macron case, there were no revelations; the hackers’ goal was essentially to create a bubble of confusion. The bet was that a large enough amount of collected data would necessarily expose at least minor individual wrongdoing. Small offenses would then build up to a larger scandal to undermine the target institution. Yet because the hackers didn’t know what (if anything) there was to uncover and didn’t pay much attention to accuracy, they fell into a deception trap. A few poorly forged documents and a media and public that had learned from the U.S. case discredited the entire operation.

Three lessons can be drawn from the French presidential election experience. First, dumping authentic private information in the public domain is key for an attacker to gain credibility and build an audience they intend to manipulate. The French experience tells us that a good way to deter aggression is to make sure that confidential information becomes obsolete or dubious if published. Second, while open, democratic societies are vulnerable to information warfare, they are not powerless. The target society’s response is a key factor that determines the success of an operation. There is room for counteraction, if the target maintains a reputation of credibility superior to that of the potential attacker, which requires strengthening the public’s confidence in legitimate institutions. Third, with all due respect to WikiLeaks’ purported goal of increasing transparency, attempts to forcibly “open” institutions will not lead to a more transparent world. On the contrary, they will only generate more uncertainty and deception. The information sphere is and will remain an uncertain world of shadows and pretense.

Boris Toucas is a visiting fellow with the Europe Program at the Center for Strategic and International Studies in Washington, D.C.

Commentary is produced by the Center for Strategic and International Studies (CSIS), a private, tax-exempt institution focusing on international public policy issues. Its research is nonpartisan and nonproprietary. CSIS does not take specific policy positions. Accordingly, all views, positions, and conclusions expressed in this publication should be understood to be solely those of the author(s).

© 2017 by the Center for Strategic and International Studies. All rights reserved.

Photo credit: STEPHANE DE SAKUTIN/AFP/Getty Images