May 11, 2017 / by emptywheel


Macron’s False Documents

In this post, I laid out claims based on Emmanuel Macron’s campaign manager’s claims about having included fakes in the email targeted by hackers. Yesterday, the NYT had a story that explains (and in some small ways, possibly conflicts with) the earlier report on this. In it, Macron’s head of tech Mounir Mahjoubi explained that the campaign had done far more than provide false metadata; they had created entire false accounts with false documents.

“We created false accounts, with false content, as traps. We did this massively, to create the obligation for them to verify, to determine whether it was a real account,” Mr. Mahjoubi said. “I don’t think we prevented them. We just slowed them down,” he said. “Even if it made them lose one minute, we’re happy,” he said.

Mr. Mahjoubi refused to reveal the nature of the false documents that were created, or to say whether, in the Friday document dump that was the result of the hacking campaign, there were false documents created by the Macron campaign.

But he did note that in the mishmash that constituted the Friday dump, there were some authentic documents, some phony documents of the hackers’ own manufacture, some stolen documents from various companies, and some false emails created by the campaign.

“During all their attacks we put in phony documents. And that forced them to waste time,” he said. “By the quantity of the documents we put in,” he added, “and documents that might interest them.”

Mahjoubi has said there were five authentic accounts hacked, which might help to put a scope on the fakes (though he has seemed to say different things about what got faked before, and he had claimed that the Russians had definitively not succeeded, which must now be regarded as affirmative — and understandable — disinformation).

Remarkably, creating a great deal of fake documents sounds like a lot of work, but the NYT also notes Mahjoubi’s department was only 18 people.

With only 18 people in the digital team, many of them occupied in producing campaign materials like videos, Mr. Mahjoubi hardly had the resources to track down the hackers. “We didn’t have time to try to catch them,” he said.

Which, particularly given earlier reports that France’s security services had contacted the Macron campaign, may suggest that DGSE (possibly with the help of NSA, which was providing intelligence in real time) put together the fake documents.

If true, that may suggest the most important part of any fake documents is one Mahjoubi didn’t mention. If I were loading up hackers with a bunch of fake documents, I’d include beacons, to provide a way to track both the hackers and the process by which the hackers distributed documents.

If Macron (or DGSE or some other intelligence agency) did this, I suspect we’ll find real answers to the topics covered in the rest of the story, which claim certain things were fakes due to Russian sloppiness, but given Mahjoubi’s justifiable unwillingness to say what was fake and not may yet prove. As I noted here, I have yet to see convincing evidence that Russian metadata in the documents was accidental, and given the Guccifer precedent, we should in no way assume it is.

In other words, if Macron is tracking these documents, we may find out a lot more shortly (though the French are also better at keeping secrets than American spooks have been of late).

As to the question of my underlying post — whether Macron had fooled Wikileaks, as distinct from a bunch of right wing propagandists who’ve never been remotely bound by facts — the verdict is still out. Given Wikileaks’ ostentatious show of vetting the documents, if Macron can prove fakes that Wikileaks has not itself proven, it will discredit Wikileaks’ ability to claim the ability to vet (and probably give Wikileaks pause in the future).

Still, particularly given the way Wikileaks succeeded in debunking fakes boosted by Democratically aligned sources in October by releasing real versions the day after the fakes, it’s worth noting that deliberate fakes have been released twice, and neither time have they had the full effect they might have had to discredit Wikileaks (in this case, in that Wikileaks never did “publish” as opposed to “link to” the documents). That in and of itself is worth notice. If Macron was more successful (and especially if we come to learn Macron seeded the fake documents with some kind of trackers) this operation may still serve as a deterrent in the future, which would be the best effect possible.

But Macron’s confirmation they faked content may also undercut claims of attribution to Russians.

Copyright © 2018 emptywheel. All rights reserved.
Originally Posted @