Late on May 5 as the two final candidates for the French presidency were about to enter a press blackout in advance of the May 7 election, nine gigabytes of data allegedly from the campaign of Emmanuel Macron were posted on the Internet in torrents and archives. The files, which were initially distributed via links posted on 4Chan and then by WikiLeaks, had forensic metadata suggesting that Russians were behind the breach—and that a Russian government contract employee may have falsified some of the dumped documents.
Even WikiLeaks, which initially publicized the breach and defended its integrity on the organization’s Twitter account, has since acknowledged that some of the metadata pointed directly to a Russian company with ties to the government:
#MacronLeaks: name of employee for Russian govt security contractor Evrika appears 9 times in metadata for “xls_cendric.rar” leak archive pic.twitter.com/jyhlmldlbL
— WikiLeaks (@wikileaks) May 6, 2017
Evrika (“Eureka”) ZAO is a large information technology company in St. Petersburg that does some work for the Russian government, and the group includes the Federal Security Service of the Russian Federation (FSB) among its acknowledged customers (as noted in this job listing). The company is a systems integrator, and it builds its own computer equipment and provides “integrated information security systems.” The metadata in some Microsoft Office files shows the last person to have edited the files to be “Roshka Georgiy Petrovich,” a current or former Evrika ZAO employee.