USA blamed for spy malware planted on French president's network

Filed Under: Data loss, Facebook, Featured, Malware

A newspaper has published details of what it claims was a sophisticated state-sponsored hack into the offices of the French presidency earlier this year with the intention of stealing data.

And which country does L'Express allege planted malware on computers at the Elysee Palace belonging to officials working for then-president Nicolas Sarkozy? None other than the United States.

Yes, you heard that right - for once, it's not China being blamed for spying on another nation. Instead, it's the USA - a country that you would normally imagine are on reasonably cordial terms with France.

L'Express story

According to the newspaper, the malware attack took place in May 2012, shortly before the second round of presidential elections in France, but has been kept secret until now.

The newspaper alleges that the hackers used simple social engineering tricks to worm their way into what should have been some of the best secured networks in France.

Workers at the Élysée Palace are said to have been befriended on Facebook by hackers, who then sent their victims a link to what purported to be a login page for the Élysée intranet site. In this way, it's claimed, login credentials were stolen.

It is alleged that malware was then installed on the network, infecting computers belonging to senior political advisors, including Xavier Musca, Secretary-General of Nicolas Sarkozy's office.

Arc de Triomphe. Image from ShutterstockSarkozy is said to have escaped infection himself because he did not have use of a networked PC.

(For the record, Sarkozy has previously had his Facebook account hacked, and had his bank account broken into - so maybe this was a lucky escape for him).

It is alleged that email messages and sensitive documents were scooped up the spyware - which was said to bear the hallmarks of the Flame malware that hit some computers in the Middle East (most notably Iran) earlier this year.

The United States's Homeland Security chief, Janet Napolitano, reportedly missed an opportunity to deny her country's involvement in the alleged hack, just saying:

"We have no greater partner than France, we have no greater ally than France.. We co-operate in many security-related areas. I am here to further reinforce those ties and create new ones."

We shouldn't, of course, necessarily assume that just because Napolitano chose not to deny that the USA hacked France that that means that they did do it.

After all, it's possible that Napolitano simply doesn't know if the USA was involved - and doesn't want to deny something which later turns out to be true.

Or it's possible that she's not authorised to confirm or deny the US's involvement for understandable intelligence reasons. (If you always deny everything that's not true, it's very easy for people to work out what is true when you refuse to deny it).

Janet Napolitano's involvement in this story reminds me rather of US Deputy Defense Secretary William Lynn, who squirmed on camera last year when quizzed about whether America had been responsible for the creation of Stuxnet.

(Of course, we're all a little wiser about the creation of Stuxnet now).

If it is true that the United States used malware to spy upon the French government I don't think we should necessarily be surprised. We'd be naive not to think that just about every developed country in the world is using the internet for its political, commercial and military advantage.

And you don't need to be in active hostilities with another country to have a very genuine interest in what they might be planning.

Nevertheless, you can imagine such revelations (if true) could cause some awkward conversations between the diplomats.

Arc de Triomphe image from Shutterstock.

, , , , , ,

You might like

8 Responses to USA blamed for spy malware planted on French president's network

  1. erthwjim · 1046 days ago

    I'm sorry wait, what? What the heck does France have that would actually interest the US?

  2. sparctec · 1046 days ago

    Datamining dont need a reason .. You do it because knowledge is power

  3. Dave · 1046 days ago

    Well done for correctly attributing all these allegations to "the newspaper" (actually a weekly magazine) and not to the French cybersecurity agency, ANSSI as numerous erroneous reports have done. (Do you speak French, or do you just have a good translator?)

    The story only mentions ANSSI twice: once to say it declined to comment, and once to repeat another publication's allegation in a story in July that ANSSI had spent several days cleaning up computers at the Elysee Palace.

    This latest article presents not one shred of evidence to support its allegations, although it does artfully quote a few experts' comments on malware capabilities in such a way that they appear to be supporting the allegations.

    As for Napolitano, the question she was actually answering was a real wifebeater: "The Elysee Palace was spied upon last May, between the two rounds of the presidential election. According to several sources, the U.S. may have been the source of this attack. For what purpose?"

    With so many assumptions in the question, it's difficult to see how anyone could answer it directly with a denial and not somehow lend credence to one or other of the suppositions.

    • Steve · 1045 days ago

      Dave, thanks for providing the sort of significant details that are all too often missing from so much of the news we read or hear, and quite frequently re-paints the big picture in an entirely different light.

  4. Steve · 1045 days ago

    "We'd be naive to think that just about every developed country in the world is using the internet for its political, commercial and military advantage."

    Graham, didn't you mean "We'd be naive NOT to think that..."?

  5. Lee · 1044 days ago

    "After all, it's possible that Napolitano simply doesn't know if the USA was involved". If true, it basically makes her title "United States's Homeland Security chief" a joke. Is her only job hiring airport security and developing TV programs with the border patrol?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley