Russian intelligence agents attempted to spy on President Emmanuel Macron's election campaign earlier this year by creating phony Facebook personas, according to a U.S. congressman and two other people briefed on the effort.
- Cold War Two? Russians say new U.S. sanctions could push ties to 'uncharted waters'
- Jared Kushner's full statement on alleged Russian collusion to the U.S. Congress
- Russian lawyer in Trump Jr. meeting had represented Russian spy agency
About two dozen Facebook accounts were created to conduct surveillance on Macron campaign officials and others close to the centrist former financier as he sought to defeat far-right nationalist Marine Le Pen and other opponents in the two-round election, the sources said. Macron won in a landslide in May.
Facebook said in April it had taken action against fake accounts that were spreading misinformation about the French election. But the effort to infiltrate the social networks of Macron officials has not previously been reported.
Russia has repeatedly denied interfering in the French election by hacking and leaking emails and documents. U.S. intelligence agencies told Reuters in May that hackers with connections to the Russian government were involved, but they did not have conclusive evidence that the Kremlin ordered the hacking.
Facebook confirmed to Reuters that it had detected spying accounts in France and deactivated them. It credited a combination of improved automated detection and stepped-up human efforts to find sophisticated attacks.
Company officials briefed congressional committee members and staff, among others, about their findings. People involved in the conversations also said the number of Facebook accounts suspended in France for promoting propaganda or spam - much of it related to the election - had climbed to 70,000, a big jump from the 30,000 account closures the company disclosed in April.
Facebook did not dispute the figure.
Seeking friends of friends
The spying campaign included Russian agents posing as friends of friends of Macron associates and trying to glean personal information from them, according to the U.S. congressman and two others briefed on the matter.
Facebook employees noticed the efforts during the first round of the presidential election and traced them to tools used in the past by Russia's GRU military intelligence unit, said the people, who spoke on condition they not be named because they were discussing sensitive government and private intelligence.
Facebook told American officials that it did not believe the spies burrowed deep enough to get the targets to download malicious software or give away their login information, which they believe may have been the goal of the operation.
The same GRU unit, dubbed Fancy Bear or APT 28 in the cybersecurity industry, has been blamed for hacking the Democratic National Committee during the 2016 U.S. presidential election and many other political targets. The GRU did not respond to a request for comment.
Email accounts belonging to Macron campaign officials were hacked and their contents dumped online in the final days of the runoff between Macron and Le Pen.
French law enforcement and intelligence officials have not publicly accused anyone of the campaign attacks.
Mounir Mahjoubi, who was digital director of Macron's political movement, En Marche, and is now a junior minister for digital issues in his government, told Reuters in May that some security experts blamed the GRU specifically, though they had no proof.
Mahjoubi and En Marche declined to comment.
There are few publicly known examples of sophisticated social media spying efforts. In 2015, Britain's domestic security service, MI5, warned that hostile powers were using LinkedIn to connect with and try to recruit government workers.
The social media and networking companies themselves rarely comment on such operations when discovered.
Facebook, facing mounting pressure from governments around the world to control "fake news' and propaganda on the service, took a step toward openness with a report in April on what it termed "information operations."
The bulk of that document discussed so-called influence operations, which included "amplifier" accounts that spread links to slanted or false news stories in order to influence public opinion.