Analyzing a Counter-Intelligence Operation

Adam Nossiter, David E. Sanger and Nicole Perlroth, New York Times:

The National Security Agency in Washington picked up the signs. So did Emmanuel Macron’s bare-bones technology team. And mindful of what happened in the American presidential campaign, the team created dozens of false email accounts, complete with phony documents, to confuse the attackers.

Gadi Evron, writing for Hacker Noon:

So Macron’s people, and specifically Mounir Mahjoubi, who I want to make sure and meet one day, claim to have fed APT28 false data in a “counteroffensive”. Maybe they have’ maybe they haven’t. Maybe they did something else entirely. Maybe it wasn’t them.

Regardless, their PR win as shown above — planned or not — with or without cyber, was in the bag.

This is an incredible story, and its lessons should ripple through the information security world. The big takeaway is that Macron’s technology group guessed — correctly — that the campaign would be infiltrated at some point, so they planned around that assumed eventuality. At this point, that should be the default security mode for any major campaign or corporation: assume that a breach will occur, if it hasn’t already.