PARIS â It was an 11th-hour surprise that seemed to offer final proof of how closely this weekendâs critical French election mirrored the high-stakes American contest last fall.
And yet the reaction couldnât have been more different.Â
A centrist candidate who embraced globalization was facing off against a populist, anti-immigrant firebrand who spoke warmly of Russia. Terrorism was at the forefront of the discussion. Voter distrust ran high.Â
And then, minutes before the close of campaigning Friday night, the campaign team of Emmanuel Macron â an independent running under the banner of his brand-new âEn Marche!â (Onward!) party â announced that its internal communications had been compromisedÂ and scattered across social media.Â
âIntervening in the last hour of the official campaign, this operation is obviously a democratic destabilization, as has already been seen in the United States during the last presidential campaign,â Macronâs staff said Friday night, minutes before the start of a strict curfew on campaigning, which made further public response off-limits.Â
The announcement was all too familiar for those who had watched as embarrassing internal communications from Hillary Clintonâs presidential campaign seeped onto the Internet last summer, much to the delight of her opponent, Donald Trump, who won an upset victory in November. The correspondence, which included discussion of the Democratâs private email server and the assessment of her own aides that her instincts could be âterrible,â became one of the tools Republicans used to disparage Clinton.Â
In France, few people even knew what was in the Macron team’s emails. The blanket ban on campaigning meant that far-right candidate Marine Le Pen and her National Front couldnât mention them, though a deputy leader of her party did tweet early Saturday, âWill #Macronleaks teach us something that investigative journalism has deliberately killed?â
The answer was no. Most media chose to heed a requestÂ from the Franceâs electoral commission not to reproduce the emailsâ contents. Le Monde, the major French daily, said in a statement that it had seen part of the documents but would not publish their details before the election, due to the volume of the dump and because the release had âthe clear goal of harming the validity of the ballot.âÂ
The paper’s editor, Jerome FÃ©noglio, said in an interview that the documents would have been leaked earlier if they had contained damaging information. As it was, he said, âthe best hope was to make noise.â
He said the response of the media in France carried lessons for journalists elsewhere, including those in the United States who rushed to reproduce pre-election leaks without thoroughly investigating their origins.
âHiding information is not the same thing as refusing to be manipulated by those who diffuse theÂ information,â FÃ©noglio said.
Voters, meanwhile, mostly waved away the news, saying their decision came down to more consequential matters. And they backed Macron by a wide margin, 66 to 34 percent, handing him a decisive victory over Le Pen.
âThe release is not important to me,â said MichÃ¨le Monnery, 74, after casting her vote for Macron in Laon, a small city in the north. âWhat matters to me is stopping Le Pen.â
Analysts immediately presumed the intrusion was designed to prop up Le Pen in the final stretch of a bruising campaign that had the power to dictate the future of an integrated Europe. They refrained, initially, from assigning blame for the hack, although experts concluded that its propagation began in the United States with a cluster of Twitter accounts run by members of a far-right movement whose aim is a whites-only state.Â
Now multiple research firms have linked the hacks to those that compromised the Democratic National Committee last year â links suggesting that Russian intelligence services accused of interfering in the American election may have sought to do the same in France. The finding was made last month, after the first round of voting, by Trend Micro, a Tokyo-based cybersecurity firm that fingered Russian hackers, known variously as Pawn Storm, APT28 and Fancy Bear. Recent analysis by Flashpoint Intel in New York came to the same conclusion, namely that the French hack âappears to be linked to the Russian state-sponsored campaign by APT28.â
Trend Micro, which has been tracking the Russian cyberthreat for years, briefed U.S., French, British and German government officials on a dramatic escalation of the Russiansâ hacking campaign in the spring of 2015, said Tom Kellermann, who was the firmâs chief cybersecurity officer until last year. Â
âThe Russians had taken the gloves off,â he said, including by calling on cybercriminals â or what he called âthe dons of the cybercriminal community â to act as their Rottweilers.â
The campaign was being carried out by hackers working for the GRU, the military spy agency, under numerous monikers. PawnStorm, as Trend Micro calls the group, uses cybercriminals in part to distance its activities from the Russian government.
Macronâs campaign said the documents included routine emails and other internal communications interspersed with fake materials. AÂ statement Monday from Mounir Mahjoubi, Macron’s digital director, said his campaign had taken numerous cybersecurity precautions, notably by flooding phishing attempts with fake passwords. Mahjoubi said the campaign has faced several attempts each week to access its accounts.
The foresight to plant false informationÂ represents a savvy strategy on the part of the campaign, cyber-experts said.Â
âItâs a good practice to do that more and more,â said Alexander Klimburg, an expert on cyberwarfare at The Hague Centre for Security Studies who has been in regular contact with French civil service officers. âFor me the question would be more if they were advised by the government to take certain steps.â
FrederickÂ Douzet, a professor of cybersecurity and geopolitics at Paris 8 University, said the ordeal â addressed highly professionally by Macronâs campaign â did no visible damage to his candidacy.Â
âIf anything, the hack and leak appeared as a desperate maneuver,â she said. Precisely because of the example of the American election, âpeople are aware that fake news is around, fake documents could be mixed with real documents and that some people are trying to influence the election,â she said. âPeople are not naive.âÂ
Not just France, but Europe at large, has taken note, said MatthiasÂ WÃ¤hlisch, a computer scientist and expert on Internet technologies at the Free University in Berlin. France knew it was not immune from the sort of attacks that occurredÂ in the United States, he said, and now Germany, which has a consequential election of its own this autumn, is preparing itself, too.
Kellermann, the former Trend Micro officer, said he believes that the Obama administrationâs response to Russiaâs provocations last year was too little, too late âÂ and thus emboldened the Russians to undertake a similar campaign in France.
âPresident Obama should have taken the gloves off … to block and tackle in networks outside of the United States, and he should have initiated economic sanctions in the summer of 2016,â Kellermann said. If Washington had imposed forceful measures then, âI donât think the European governments would be dealing with the overt types of influence campaigns that theyâre dealing with now.â
Nakashima reported from Washington.