Some notes on #MacronLeak

Tonight (Friday May 5 2017) hackers dumped emails (and docs) related to French presidential candidate Emmanuel Macron. He's the anti-Putin candidate running against the pro-Putin Marin Le Pen. I thought I'd write up some notes.

Are they Macron's emails?

No. They are e-mails from members of his staff/supporters, namely Alain Tourret, Pierre Person, Cedric O??, Anne-Christine Lang, and Quentin Lafay.

There are some documents labeled "Macron" which may have been taken from his computer, cloud drive -- his own, or an assistant.

Who done it?

Obviously, everyone assumes that Russian hackers did it, but there's nothing (so far) that points to anybody in particular.

It appears to be the most basic of phishing attacks, which means anyone could've done it, including your neighbor's pimply faced teenager.

Update: Several people [*] have pointed out Trend Micro reporting that Russian/APT28 hackers were targeting Macron back on April 24. Coincidentally, this is also the latest that emails appear in the dump.

What's the hacker's evil plan?

Everyone is proposing theories about the hacker's plan, but the most likely answer is they don't have one. Hacking is opportunistic. They likely targeted everyone in the campaign, and these were the only victims they could hack. It's probably not the outcome they were hoping for.

But since they've gone through all the work, it'd be a shame to waste it. Thus, they are likely releasing the dump not because they believe it will do any good, but because it'll do them no harm. It's a shame to waste all the work they put into it.

If there's any plan, it's probably a long range one, serving notice that any political candidate that goes against Putin will have to deal with Russian hackers dumping email.

Why now? Why not leak bits over time like with Clinton?

France has a campaign blackout starting tonight at midnight until the election on Sunday. Thus, it's the perfect time to leak the files. Anything salacious, or even rumors of something bad, will spread viraly through Facebook and Twitter, without the candidate or the media having a good chance to rebut the allegations.

The last emails in the logs appear to be from April 24, the day after the first round vote (Sunday's vote is the second, runoff, round). Thus, the hackers could've leaked this dump any time in the last couple weeks. They chose now to do it.

Are the emails verified?

Yes and no.

Yes, we have DKIM signatures between people's accounts, so we know for certain that hackers successfully breached these accounts. DKIM is an anti-spam method that cryptographically signs emails by the sending domain (e.g. @gmail.com), and thus, can also verify the email hasn't been altered or forged.

But no, when a salacious email or document is found in the dump, it'll likely not have such a signature (most emails don't), and thus, we probably won't be able to verify the scandal. In other words, the hackers could have altered or forged something that becomes newsworthy.

What are the most salacious emails/files?

I don't know. Before this dump, hackers on 4chan were already making allegations that Macron had secret offshore accounts (debunked). Presumably we need to log in to 4chan tomorrow for them to point out salacious emails/files from this dump.

Another email going around seems to indicate that Alain Tourret, a member of the French legislature, had his assistant @FrancoisMachado buy drugs online with Bitcoin and had them sent to his office in the legislature building. The drugs in question, 3-MMC, is a variant of meth that might be legal in France. The emails point to a tracking number which looks legitimate, at least, that a package was indeed shipped to that area of Paris. There is a bitcoin transaction that matches the address, time, and amount specified in the emails. Some claim these drug emails are fake, but so far, I haven't seen any emails explaining why they should be fake. On the other hand, there's nothing proving they are true (no DKIM sig), either.

Some salacious emails might be obvious, but some may take people with more expertise to find. For example, one email is a receipt from Uber (with proper DKIM validation) that shows the route that "Quenten" took on the night of the first round election. Somebody clued into the French political scene might be able to figure out he's visiting his mistress, or something. (This is hypothetical -- in reality, he's probably going from one campaign rally to the next).

What's the Macron camp's response?

They have just the sort of response you'd expect.

They claim some of the documents/email are fake, without getting into specifics. They claim that information is needed to be understand in context. They claim that this was a "massive coordinated attack", even though it's something that any pimply faced teenager can do. They claim it's an attempt to destabilize democracy. They call upon journalists to be "responsible".

Mirai, Bitcoin, and numeracy

Newsweek (the magazine famous for outing the real Satoshi Nakamoto) has a story about how a variant of the Mirai botnet is mining bitcoin. They fail to run the numbers.

The story repeats a claim by Mcafee that 2.5 million devices were infected with Mirai at some point in 2016. If they were all mining bitcoin, how much money would the hackers be earning?

Game theory: cheating at bitcoin mining

My mining rig: 10-gigahash/sec, 0.001 BTC/day

I think I’ve come up with a way to cheat a little at Bitcoin mining.

Bitcoin “mining” is the process in which new transactions are officially entered into the running ledger. Every 10 minutes, the current outstanding transactions are combined together in a “block”, then a "miner" calculates the SHA256 hash for the block.

The wrinkle here is that Bitcoin is decentralized, so no one person is responsible for calculating the hash. Miners must compete to create a hash. Therefore, the hash must have certain properties, namely, the first 64 bits of the hash must be zero (the current difficulty level is 63.8 bits, it changes over time to accommodate more mining power). A little bit of random data is added to the block before hashing, and the miner keeps changing that random data until the resulting hash has the proper number of leading zeros. Currently, that requires 18 quintillion calculations, or 18 billion billion, or 18,446,744,073,709,551,616 – or in technical terms, a boatload.

If anything, Bitcoin is inflationary

Bitcoin fails as a form of "money" according to how economists look at money. This has lead many economists to conclude that Bitcoin will fail. What it really means is that economists need to change how they look at money.

The Internet is the history of disruptive innovation. The telephony system had evolved slowly for over a 100 years, then the Internet came along and changed everything. The old engineers, steeped in telcom lore, unwilling to challenge old assumptions, claimed that the Internet would never work. And, according to their principles, it doesn't. For example, when I use Facetime with my brother who lives in Japan, there is a lot of "latency" or "lag" between when I say something and I see my brother react. That's what the old telcom engineers warned us about: the "packet switching" nature of the Internet would cause unpleasant lag in telephone calls.

But did I mention my free video call, in high definition, from my iPhone in the United States, to his iPad in Japan? That this works at all, and so cheaply, is inconceivable according to old telcom principles. No matter how right the old telcom engineers were, they were still obsolete. Nobody cares about their old principles; the Internet is a whole new set of principles of free, world-wide, high-speed connectivity.

No, Bitcoin value hasn't dropped to $250

My Twitter feed is full of people crowing over the fact that the value of Bitcoin has plummeted from a recent value around $1000/coin to only $250/coin. This is wrong,. They are quoting the MtGox price, not the market price. The market price is currently around $600, the MtGox price is $250.

MtGox is one of the oldest and most popular Bitcoin trading sites. The reason the MtGox price and the market price differ is because MtGox recently shut down external trading of Bitcoins. If you've got bitcoins in a MtGox account, you cannot do anything with them, except sell them to other MtGox users (internal trading). While MtGox can't externally trade the bitcoins, they can still do money transfers in dollars, euros, yen, etc.. Customers anxious to get their money out of MtGox has caused the price to plummet, as they sell bitcoins and transfer their money out of the site.

Since the coins on MtGox are useless (at the moment), the only people buying them there are speculators -- people who hope to profit $350 per coin once trading resumes at MtGox in the next few days. The moment trading resumes, speculators can transfer all their coins to a different exchange, and cash out. Speculators plan on doubling their money, betting both that MtGox will resume external trading of bitcoins and that the market price of bitcoins doesn't plummet before then.

This $350/coin MtGox risk premium is astonishing. Normally it would mean that a substantional part of the market is betting that MtGox goes out of business and steals everyone's bitcoins. But I suspect an alternate explanation: speculators can't get money into MtGox fast enough. If I were to create an account now and transfer money, it'd be a week before the funds were available to start buying bitcoins there -- by which time they'll likely to have fixed their problem. It's something I should've planned for a long time ago.


Update: Many have pointed out that you can't really get hard currency out of MtGox as well, and that the current speculators betting there is a 58% (350/600) chance the site goes bankrupt is, if anything, unrealistically low.

Silk Road: caught by the NSA?

According to the complaint against Silk Road, the investigation into Ulbricht appears to have started when border agents intercepted fake IDs [update: though see Popehat's discussion of evidence it started earlier]:

On or about July 10, 2013, CBP [Customs and Border Patrol] intercepted a package from the mail inbound from Canada as part of a routine border search. The package was found to contain nine counterfeit identity documents.

"Routine border search" is one of the techniques taught by the "Special Operations Devision" to hide the source of unconstitutionally obtained information. As documented in the Reuters article, when the NSA or FBI obtains unconstitutional evidence against American citizens, they tell border agents what to look for when things cross the borders.

BitCoin is a public ledger

BitCoin is not so much a "currency" as an "emergent phenomenon". It makes things possible that have nothing to do with money.

For example, let’s say that you have a screen-play for a movie. Before shopping it around in Hollywood, you want to prove that it’s yours, so that a greedy producer can't steal it. Using BitCoin, you can add the signature (and date) of your screen-play to the "block chain", the "public ledger" where all Bitcoin transactions are stored. Now, if producers get greedy, you can (in theory) pull out this proof in a court and sue them.

As another example, let’s say that you have a great idea for a patent, but it’s not quite ready. Well, write it up into a file, then add the file’s signature to the block chain. Years from now, if somebody beats you to the patent filing, you can prove that you had the idea ahead of time.

You don’t need to really know how this works. There’s a website called http://proofofexistence.com that takes care of this for you. Put whatever it is you want in a file, the sign the file using that site. Years from now, you can prove to somebody then that this file existed right now, today.

This is just one example of many emergent phenomenon popping up around BitCoin. It’s not just about electronic currency, it’s about a lot of weird crypto concepts.

A wonkish look at bitcoin economics

Bitcoin is an increasingly popular electronic currency, used both for legitimate and illegal transactions. Economists haven’t taken a serious look at bitcoin yet, so I thought I’d take a stab at it. In particular, I’m going to look at the “intrinsic value” of bitcoin, answering the question whether the recent rapid rise in price (to $240 at the time of writing this) is justified.

The TL;DR version is this: bitcoins have real value (they are not a fantasy), and that value is between $0.01 and $15000.

I got a bitcoin!

I mean to write a more comprehensive Bitcoin (a type of cyber currency) post in the future, but in the meanwhile, there's this...

I got my first bitcoin. It was sent to my address "15fszyyM95UANiEeVa4H5L6va7Z7UFZCYP".

I did this by running a "mining" application on my desktop.

This idea of "mining" is one of the philosophically interesting bits. Bitcoin is a currency, with exchange rates (currently $7 per coin). Instead of giving out coins for free, it gives out coins for some meaningless crypto work. Since my hardware is more efficient at crypto than the average person's, I can make a slight (very slight) profit running mining software.