By PHILIPPE COHEN-GRILLET
French authorities are on high alert to head off a cyber-attack that could affect the result of the upcoming presidential election.
Prime targets could be candidates’ websites and government networks.
The threat was publicly recognised by president Francois Hollande, who accused Russia of trying to interfere in the campaign, ahead of the first round on 23 April and a run-off on 7 May.
“Russia is using all of its means to influence public opinion,” he said in a recent interview to several European newspapers.
“It is not the same ideology as in the time of the USSR, [but] it is sometimes the same methods, with more technology,” he said, adding that Russia had “a strategy of influence, of networks, with very conservative moral views”.
“The threats against French political parties and the vote itself are protean,” a source at the National Agency for Security of Information System (Anssi), an agency reporting to the prime minister’s office, told EUobserver.
The alarm was raised at the highest level by French intelligence services and prompted two security meetings chaired by president Hollande at the Elysee palace.
In January, experts from France’s foreign intelligence service – the General Directorate for External Security (DGSE) – warned that hackers and cybersoldiers funded by the Kremlin were trying to distort the campaign by favouring far-right candidate Marine Le Pen, while discrediting her competitors, particularly independent candidate Emmanuel Macron.
Macron, a former economics minister under Hollande, is a favourite to reach the election’s second round, most likely against Le Pen.
At the council of defence in early March, Hollande ordered “the mobilisation of all the state’s necessary means” to prevent “any malevolent action” from “tarnishing the campaign and the vote”.
The mission of the DGSE is to protect France’s highest interests.
The fact that the DGSE raised the alarm over the smooth-running of the election is unprecedented and indicates that cyber-attacks have already been identified or stymied.
Until January, the agency was almost exclusively focused on the threat of Islamic State (IS) attacks. After the 2015 Paris attacks and last year’s Nice attacks, France’s electoral campaign only emphasised the risks to the country’s state of emergency.
But according to sources, the risk is more diverse than the run up to last year’s US election, when alleged Russian hackers focussed mainly on collecting information and compromising documents on Democratic candidate Hillary Clinton.
‘Guide d’hygiène informatique’
On 14 February, a source told EUobserver, En Marche! – Macron’s political movement’s website – was taken down briefly after two unsuccessful hacking attempts.
An attempt to access the movement’s database was also foiled.
According to sources, Macron’s website is hosted in the US, in San Francisco, to make cyber-attacks more difficult. Macron’s team has made accusations against Russia, but has not been able to prove them.
Campaign teams say they have taken to measures, such as switching off mobiles during meetings or using WhatsApp to exchange messages. Some campaigners had previously used Telegram, as it was believed to be safer from hacking, but the mobile application is Russian.
However, they still seem unprepared to fend off large-scale attacks.
On 28 October last year, the source from Anssi said that the agency organised a meeting with the heads of all candidates’ websites – representatives from the National Front’s did not attend.
They were warned of the risks and threats and given a USB flash drive with a ‘guide d’hygiène informatique’ to help them secure their networks.
Four months later in February, Zataz, an online magazine specialised in data security, examined the candidates’ websites. It found dozens of security loopholes, especially concerning the protection of personal data.
French authorities are also concerned that their own network could be targeted, including hackers trying to alter the voting process.
No electronic voting
In early March, the government decided to ban electronic voting in June’s legislative elections for French voters abroad. Electronic voting was not planned for the presidential election itself.
Guillaume Poupard, Anssi’s chief, publicly said that the current voting platform is “more reliable” than the previous 2012 election, but “the level of threat is much higher today”.
But other experts have told EUobserver that in addition to the hacking threat, the system is unreliable, with voters unable to connect during preliminary tests.
Hacking threats during a French election are not new.
In 2012, during the previous presidential election, the computers of several officials at president Nicolas Sarkozy’s office were hacked.
At a conference some months later, the DGSE’s technical manager revealed where the attack came from – the US.