Gadi Evron is the Founder and CEO at IT security company Cymmetrica. He wrote a long-ish post on hackernoon (which is powered by Medium). I'm giving you the upshot, but first, what is cyberdeception?
With cyberdeception, defenders take control of the battleground by deciding what kind of information the attackers get and directing the attackers to go after decoy systems rather than real systems holding sensitive data.
Finally, someone uses cyber deception to beat attackers at their own game
Evron started out with: "Up until today I could only look up to Russia (whether I agree with them or not) for conducting advanced information operations in cyber. Now, I can look up to Macron and the anonymous security professionals behind him and admire them. Finally, someone uses cyber deception to beat attackers at their own game.
What supposedly happened
"Just before the French elections, the long anticipated news hit. Emmanuel Macron, candidate for president of France, suffered a data breach and the data was dumped for the public to download.
According to this article which I’ll quote:
In the last hours before midnight on Friday, just before a campaigning blackout imposed by French electoral law in anticipation of the crucial vote on Sunday, somebody dumped nine gigabytes of emails and documents supposedly purloined from the campaign of leading presidential candidate Emmanuel Macron.
Macron learned the lessons of the Hillary Clinton campaign, and immediately took control of the messaging and PR:
Literally at the 11th hour, before the blackout would silence it, the Macron campaign issued a statement saying it had been hacked and many of the documents that were dumped on the American 4Chan site and re-posted by Wikileaks were fakes.
Calling the documents into question
"Wikileaks in their own statement doubted Macron’s ability to go over the documents so fast, but it didn’t matter. That narrative controlled the short news cycle. Macron cast doubt on the reports and showed leadership, actually providing reporters data which they could use to write their stories. That by itself is a lesson for the future.
If all Macron did was throw doubt on the validity of the leaks, that’s already a powerful win.
Taking active measures
"This analysis however misses a critical aspect of what might have happened. A possible false flag operation possibly by Macron, possibly by someone else. This is where it gets really interesting.
Ah, but there’s the rub. As reported by The Daily Beast, part of the Macron campaign strategy against Fancy Bear (also known as Pawn Storm and Apt28) was to sign on to the phishing pages and plant bogus information.
“You can flood these [phishing] addresses with multiple passwords and log-ins, true ones, false ones, so the people behind them use up a lot of time trying to figure them out,” Mounir Mahjoubi, the head of Macron’s digital team, told The Daily Beast for its earlier article on this subject.
So Macron’s people, and specifically Mounir Mahjoubi, who I want to make sure and meet one day, claim to have fed APT28 false data in a “counteroffensive”. Maybe they have, maybe they haven’t. Maybe they did something else entirely. Maybe it wasn’t them.
Regardless, their PR win as shown above — planned or not — with or without cyber, was in the bag."
The much longer post is here. However, do not try this at home, there are legal repercussions to be considered before you start "hacking back". Fun to read though!
Obviously, training staffers to not fall for these social engineering attacks in the first place would be a much better way to prevent damage like this. New-school security awareness training is highly effective, as it uses a combination of on-demand web-based training and frequent simulated phishing attacks to keep users on their toes with security top of mind.
We strongly recommend to phish your own users to prevent these types of very expensive snafus. If you're wondering how many people in your organization are susceptible to phishing, here is a free phishing security test (PST):
