Oct. 26 — France’s cybersecurity agency is briefing the country’s presidential candidates on hacking threats, drawing lessons from attacks that have disrupted the U.S. election campaign.
As France prepares for elections less than six months after the U.S. chooses its own head of state, the National Defense and Security Secretariat will host some 30 campaign representatives Oct. 26 from parties including the anti-immigration National Front, the center-right Republicans and the governing Socialists. With hacking emerging as an issue in the U.S. presidential race, French security chiefs want their own politicians to know they’re also potential targets of electronic warfare.
“We’ll give them technical pointers to identify attacks like those that took place in the U.S., as well as an overview of threats and how to fend them off,” Guillaume Poupard, who heads the national security agency’s cyber-defense unit, said in an interview Oct. 25 in Paris. He’ll host the campaign teams at the unit’s headquarters in a military compound just behind Napoleon’s tomb.
Attacks on organizations including the Democratic National Committee have roiled political campaigns in the U.S. this year. Intelligence agencies are “confident that the Russian government directed” the hacking of political operations and leaked stolen material in order to interfere with the Nov. 8 election, the U.S. Director of National Intelligence and the Department of Homeland Security said this month.
France, which had its own spat with Russia in October over the bombing of Aleppo, Syria, is seeking to prevent similar acts of subversion from affecting its election which concludes in May. There are about a dozen candidates for the French presidency at this stage, as the Republicans prepare for a two-round primary Nov. 20 and 27. The Socialist Party will elect its candidate in January.
“We’ll teach them how to spot some key markers like bits of computer code that may be deposited into files on a network,” Poupard said. “We’ve been coaching companies for years about cybersecurity—we’ll recommend similar things to the politicians.”
Those techniques involve protecting networks, identifying users, filtering internet and e-mail traffic, encrypting communications and keeping work tools and private messaging separate, he said. Of course, the agency won’t share all of its intelligence, and will stick to its practice of keeping most data secret in order to continue its own surveillance work.
For the French presidential race the threat is to parties and their campaigns, as the process itself is mostly non-electronic, with no ballot machines or internet voting. Polls show the anti-Europe and pro-Russia National Front candidate Marine Le Pen will probably reach the final runoff, though she’ll most likely lose to whoever the Republicans pick in November.
In the U.S., WikiLeaks’s disclosure of stolen party e-mails forced the head of the Democratic National Committee resign just as Democrats gathered for their presidential convention. The Democratic Congressional Campaign Committee, which raises funds to elect House Democrats, said that it too was the target of a cybersecurity incident. A hacking group known as APT28, which cybersecurity researchers have said is an arm of Russia’s military intelligence service GRU, may be behind the U.S. attacks and others. Russia has denied accusations of hacking.
German lawmakers and party officials were also the target of APT28, which sent e-mails in August with links to surveillance software, according to German media reports citing the Federal Office for Information Security. A similar attack was launched on the servers of Germany’s lower house, or Bundestag.