We were just saying yesterday we could do with a new leaked database to add to our collection.

Ask, and you shall receive.

Macron insurance policy

About 8GB of files allegedly from French Presidential candidate necon Macron. Will keep us all busy.

The files contain highly sensitive information, including screenshots such as the above – already widely circulating on the Internet. It is also said to contain personal and operational details of police and security forces in France, and who knows what else? The screenshot is believed to relate to a life insurance policy, taken out by a man who is an obvious target for his colleagues in Raqqa.

It should be noted that under French law it is forbidden to report on the election campaign in the last 48 hours prior to the vote, the deadline having passed about 6 minutes ago. This does not prevent non-domiciled reporters from writing about the story, but such publications are likely to be blocked in France for the remaining duration of the election. So no mainsteam media will report on it. Not even rt.com, who will almost certainly, come Monday, be blamed for it.

(Update: Shortly after the French election reporting ban came into effect Macron confirmed the files had been hacked and MSM started reporting that there had been a hack without going into details).

Timing and Metadata Analysis

Wikileaks, among others, have noted the curious timing. We believe the archive was obtained on or about 24th April 2017, at some point after 05:52 GMT. If so it was witheld, presumably on purpose, until the final hours before the reporting deadline.

Knowing what we do about how the Internet works and having investigated previous leaks and the manner in which they occured we conclude that the timing was intended to ensure that there was enough time for the files to be downloaded prior to the reporting restrictions.

We further conclude, based upon the metadata, that the archive was removed from a backup system. Many of the email files have timestamps that are grouped in batches and do not correspond to the time the mail was received.

The load on the servers where they were downloaded from quickly became very large and it is likely that only a few people or organizations have managed to download the entire archive. We have not investigated the torrents, and we presume that these have also suffered the same fate.

We should also like to remind readers that leaking information on security arrangements is to be avoided. There are plenty of people targetting France who would very much like to get their hands on such information, and they may well have already done so. One can only imagine the kind of headaches this will cause given the volatile situation in France. The French establishment will be spending the weekend freaking out over this, to hell with the election.

Hack or Leak

The public assumption is that the emails were hacked. There is no evidence of this. There were a couple of “teasers” tweeted in the afternoon with hints of a lot more to come. The bulk of the files were then uploaded anonymously to pastebin.

Not all of the files are emails. Some are stand-alone documents. The email files are not all Macron’s. The majority of them are emails from the accounts of his associates. Mostly they appear to have been downloaded from cloud-based systems such as gmail onto a local system where they were aggregated. Our guess is a server at campaign HQ.

The neocons have made so many enemies in recent years that it’s quite possible that a disgruntled insider, appalled at what he or she has seen or experienced, has decided to spill the beans. Or maybe an underpaid employee was bribed.

The assumption that it was an external hacker is just that: An Assumption. Without further evidence it’s merely speculation. (Update: See below for our conclusion based upon deeper analysis of metadata)


Much of the content of the email shows a negligent disregard for security that is typical of corporations and political parties. Spreadsheets with lists of their donors, supporters, and analysis of their social media campaigns contain names, telephone numbers, email addresses, places of employment, and large amounts of personal data that they have not bothered to even protect with a password.

Bitcoin Ad

Genuine or Troll

Are these leaks genuine? With 4chan being a source one has to doubt. However, the sheer size of the leaks tends to preclude a troll and we have verified that some of the embedded links in the emails take you directly into the accounts of the named individuals for certain online services.

Could 4chan, for example, really have created a frequent flyer account in a fake name and built up thousands of points? Really?

frequent flyer

(That’s not Macron’s account, BTW. As ever with these leaks many presumably inncocent third parties get caught up in them, hence our removal of potentially personally identifying data). We provide that screenshot as it implies that the links are genuine and it also shows yet anoher example of sloppy corporate security – the very reason how these leaks happen. The webpage is supposed to be available only to the customer. The company, Air Asia, sent their customer an email with a link to their private account that has an automated login built-in to the URL.

We encourage users to complain to any online service that allows them to view their private accounts by “simply clicking a link” without explicity logging in.

More Trolls

Predictably we are seeing thousands of people directly accusing Julian Assange and Russia of being behind the leaks, without any of them taking the trouble to look at what has been leaked, how it was leaked, and who first reported it.

We reported on this before Wikileaks did, but the trolls haven’t found us on the Kremlin list yet.


Based upon metadata analysis we offer the following conjecture: A person, perhaps born in Kazakhstan, had access to a computer at Macron’s campaign HQ for some months. This individual, not a French speaker, printed out some of the documents containing financial data. For reasons unknown – possibly a software patch – access was lost after April 24th. The individual retained the trove of documents already downloaded and decided to leak them to the Internet on May 5th. Most likely by passing them to somebody on 4chan.

These actions would be consistent with a lone wolf not really aware if the documents were of value or not.

Thus, we conclude a single hacker was all over the Macron campaign for weeks, possibly months, but has found nothing of any real importance. He, and we believe it was a man, timed the leak not for strategic purposes, but as a last ditch attempt to make a name for himself among whichever commuinity he operates, or simply for his own satisfaction.

A storm in a tea-cup facilitated by Macron’s staff paying little attention to IT security and making no attempt to protect the personal data of their associates.

Final Words

There is a late-breaking concensus of sorts pointing to collusion between Macron and Obama to create a fake leak in order to pin the blame on Russia and gain the sympathy vote. We’ll not detail that one, suffice to say it fixes around the facts like all good conspiracy theories should.

Meanwhile follow:


This entry was posted in политический, Hashtag, Polls and tagged , , , , . Bookmark the permalink.