Two days before France's recent presidential election, hackers leaked nine gigabytes of emails from candidate Emmanuel Macron's campaign onto the web. Since then, the Kremlin has once again emerged as the likeliest culprit. But while public evidence can't definitively prove Russia's involvement, NSA director Michael Rogers suggested to Congress today that America's most powerful cybersecurity agency has pinned at least some electoral interference on Moscow.
In a hearing of the Senate's Armed Forces Committee, Rogers indicated that the NSA had warned French cybersecurity officials ahead of the country's presidential runoff that Russian hackers had compromised some elements of the election. For skeptics, that statement may help tip the balance towards credibly blaming Russia for the attacks.
"If you take a look at the French election ... we had become aware of Russian activity," Rogers said in response to questions from senator Kirsten Gillibrand about the allegations of Russia hacking the Macron campaign. "We had talked to our French counterparts prior to the public announcements of the events publicly attributed this past weekend and gave them a heads-up: 'Look, we’re watching the Russians, we’re seeing them penetrate some of your infrastructure.'"
It's not clear what "infrastructure" means in this context, but it seems likely to refer to the very public email dump. On Friday, Macron's En Marche political party issued a statement saying that it had "been the victim of a massive, coordinated act of hacking," but didn't name Russia or any other culprit behind that attack. Analysts already suspected Russia of at least attempting to breach Macron's party: Security firm Trend Micro noted in a report late last month that the same Russian group that hacked the US Democratic National Committee and the Clinton campaign had also created a phishing domain intended to spoof a Microsoft storage website used by Macron. And the trove of Macron's party emails published as torrent files Friday included metadata in Cyrillic, suggesting that they had been edited on a computer running software with Russian-language configurations. That metadata even included the name Roshka Georgiy Petrovich, reportedly an employee of the Russian intelligence contractor Eureka.
But at the time of the Trend Micro report, the Macron campaign denied it had been breached. And for some cybersecurity analysts, the Russian metadata included in the leak was so blatant that it raised suspicions that someone---perhaps another country or hacker group---was intending to create a "fall guy" for the attack.
Rogers' testimony Tuesday, though vague, harbored no such doubts. Early in the hearing, John McCain noted that "we've seen another Russian attempt to affect the outcome of an election in France," and asked Rogers, "Have you seen any reduction in Russian behavior?" Rogers answered flatly "No, I do not." Later in the hearing, senator Elizabeth Warren stated plainly that Russian hackers had attempted to shift the French election by hacking and releasing one of the candidate's party's emails, just as they had in the 2016 US presidential election. Senator Tim Kaine described the last week's events as a Russian cyberattack "aimed at destabilizing the democracy of an ally." Rogers offered no correction to either legislator's comments.
Rogers' statement could dispel doubt around Russia's continued involvement in hacking operations aimed at influencing Western democracies. Trend Micro and the German government have both said, for instance, that Russian hackers have attempted to target the party of German chancellor Angela Merkel, and successfully stolen data from the German parliament. In the hearing Tuesday, Rogers said that the NSA has also had conversations with German officials and British officials about protecting their upcoming elections. "We’re all trying to figure how we can learn from each other," Rogers said.
Rogers emphasized that stopping Russian election interference will require a strategy of deterrence. "We need to make it very clear to nation-states that engage in this behavior that it's unacceptable," Rogers said, "and there's a price to pay for doing this."
President Trump, meanwhile, has yet to publicly acknowledge the Macron attack, not to mention naming Russia as its source. But if the director of the NSA and a handful of US senators are willing to openly point at Russia---and the US government has any hope of stopping its electoral meddling in the future---it's now Trump's turn to do the same.
