On 5 May, as France went into media blackout in preparation for the 2017 presidential election, roughly 9GB worth of data from inside the campaign of centrist candidate Emmanuel Macron, leaked online. It sent social media – and security experts – into a frenzy of activity.
Quickly dubbed "Macron Leaks", the En March! political party branded the incident a "massive and coordinated" cyberattack. However, upon analysis, despite the amplified messages on social media, experts found the disclosure underwhelming.
The leak had all the hallmarks of a Russian operation, in many ways echoing the 2016 leak of emails belonging to John Podesta, an aide to US presidential candidate Hillary Clinton.
However, in this instance, the actual content of the emails and documents may not even matter, some said.
"They don't have Macron's personal inbox. One of the things I was thinking was that most headlines will be 'GB's of emails belonging to En Marche! leaked' but nobody will ever read them. So it's guilt by volume," Matt Suiche, a cybersecurity expert, told IBTimes UK.
"The media is getting manipulated big time by Russia," Suiche continued. "French media won't talk about it because it's time sensitive. But all the international press is jumping on it to have something to write on.
"Although there is no bad data leaked as far as we know," he added.
Suiche analysed some of the leaked data and found some of the documents had been altered.
"Artefacts containing Cyrillic characters have been found in the metadata of some documents, this is either an operational mistake or something that was placed on purpose," he said.
"This leak seems like a desperate attempt to gain attention," he continued, adding: "I doubt this will affect the election against Macron."
The candidate is running against Front National leader Marine Le Pen and polls predict him winning with over 60% of the vote.
The origin of the leak
The leaked data was first posted to the /pol message board on 4Chan, a website often associated with leaks and trolling. According to the Atlantic Council's Digital Forensic Research Lab, it was quickly publicised on Twitter by @JackPosobiec – the account of a reporter for the alt-right news site therebel.media.
The link was later tweeted by the official Wikileaks account.
"This was passed on to me today so now I am giving it to you, the people," a 4Chan statement read. "The leak is massive and released in the hopes that the human search engine here will be able to start sifting through the contents and figure out exactly what we have here."
As it turns out, the emails were from members of Macron's staff and supporters, with names including Alain Tourret, Pierre Person, Cedric O, Anne-Christine Lang, and Quentin Lafay, revealed cybersecurity expert Robert Graham, writing on his blog Errata Security.
"Obviously, everyone assumes that Russian hackers did it, but there's nothing (so far) that points to anybody in particular," Graham noted. "It appears to be the most basic of phishing attacks, which means anyone could've done it, including your neighbour's pimply faced teenager."
Graham's lack of enthusiasm about the impact of the leaked information was mirrored across well-known industry researchers.
"I have searched through a lot of large email drops before, and this is right up there with the boringest of them," wrote Matt Tait, a former information security specialist for GCHQ – the British equivalent of the US National Security Agency – and current chief executive and founder of Capital Alpha Security, in a Twitter post.
The Grugq, a cybersecurity researcher, said: "Based on latest info about how dull the dump is they really had nothing interesting, so just packaged everything they could get in hopes that the size of the dump would be damning, a sort of 'where there's smoke there's fire' approach."
On a Twitter thread, he added: "The #MacronLeak dump is full of intentionally misleading info crafted for confusion. Folders w/ false names."
One file he referenced claimed a French politician had used bitcoin to have drugs shipped to the French parliament.
As the documents disseminated online, whistleblowing website WikiLeaks dismissed claims that forgeries existed in the files. At the time of writing, it claimed to still be searching through the files.
"This massive leak is too late to shift the election," it said in a post online. "The intent behind the timing is curious. We have not yet discovered fakes in #MacronLeaks and we are very skeptical that the Macron campaign is faster than us."
Julian Assange, founder of WikiLeaks, did not immediately respond to a request for comment.
Sowing seeds of political chaos
Some of the leaked emails appear to be extremely recent, at least up to 24 April. The motivation of the incident is now being debated, with many having already come to the conclusion that a Russian state-backed group was somehow involved in the scheme.
"Everyone is proposing theories about the hacker's plan, but the most likely answer is they don't have one. Hacking is opportunistic," Graham wrote on his blog, adding: "They likely targeted everyone in the campaign, and these were the only victims they could hack.
"It's probably not the outcome they were hoping for. But since they've gone through all the work, it'd be a shame to waste it.
"[The hackers] are likely releasing the dump not because they believe it will do any good, but because it'll do them no harm."
The French electoral commission has responded to the incident, saying: "The dissemination of such data, which have been fraudulently obtained and in all likelihood may have been mingled with false information, is liable to be classified as a criminal offence."
Meanwhile, Macron's chief foreign policy adviser Aurelien Lechevallier (via Ben Judah) said Russian president Vladimir Putin should now expect a "frank meeting".
His statement continued: "We will make clear on cyberattacks and on European security France will defend its interests. We want zero Russian interference in our elections and in European elections. We will have a doctrine of retaliation when it comes to Russian cyberattacks."
During his election campaign against Le Pen – who met with Putin in March – Macron's team was outspoken about alleged Russian cyberattacks. Last month, Trend Micro, a cybersecurity firm, appeared to back up the rhetoric with evidence he had been directly targeted.
As the election date approached, further controversy erupted after a 200-strong collective of French-language Twitter accounts were caught spreading misinformation about Macron, claiming – without evidence – that he had evaded paying taxes by storing cash in offshore accounts.
In January 2017, the US intelligence community accused Russia's "state-run propaganda machine" – including news websites RT and Sputnik – of being involved in clandestine operations. "Moscow will apply lessons […] to future influence efforts worldwide," it warned at the time.
The Kremlin previously dismissed the report as "baseless". Dmitry Peskov, a spokesperson for President Vladimir Putin, has branded all such hacking accusations as "fake news".
Marine Le Pen has claimed Front National's campaign websites were also been targeted by hackers. Data from Front National is yet to emerge.
This article was updated to add in a link to the French election result