"We created false accounts, with false content, as traps," Macron campaign digital director Mounir Mahjoubi told the Times. "We did this massively, to create the obligation for them to verify, to determine whether it was a real account."
The move was a delaying tactic aimed at increasing the attacker's workload. The "honeypot" accounts were filled with large volumes of fake documents. "That forced them to waste time, by the quantity of the documents we put in and documents that might interest them,” Mahjoubi said. "Even if it made them lose one minute, we’re happy.”
The bait documents may have caused the attackers to rush their efforts. As Ars reported Monday, the eventual dump of documents by the attackers included metadata showing Russian versions of Microsoft Office were used to edit some documents, and the name of an employee of a company providing information security services to Russian intelligence organizations was in document metadata showing the last person to edit at least nine documents. Multiple documents were proven to be forgeries, including one which appeared to be an invoice for a Bitcoin payment for mephedrone ("bath salts") to be sent to the French National Assembly. The Bitcoin wallet and blockchain transaction data was easily determined to be fake.
WikiLeaks, which initially spread links to the documents posted by the attackers, responded to Ars' previous coverage of the hack by tweeting, "It is unlikely that it could have been a mistake. Mostly likely it is a false flag or deliberate Russian signaling."
This post originated on Ars Technica
Post a Comment