A newspaper has published details of what it claims was a sophisticated state-sponsored hack into the offices of the French presidency earlier this year with the intention of stealing data.
And which country does L’Express allege planted malware on computers at the Elysee Palace belonging to officials working for then-president Nicolas Sarkozy? None other than the United States.
Yes, you heard that right – for once, it’s not China being blamed for spying on another nation. Instead, it’s the USA – a country that you would normally imagine are on reasonably cordial terms with France.
According to the newspaper, the malware attack took place in May 2012, shortly before the second round of presidential elections in France, but has been kept secret until now.
The newspaper alleges that the hackers used simple social engineering tricks to worm their way into what should have been some of the best secured networks in France.
Workers at the Élysée Palace are said to have been befriended on Facebook by hackers, who then sent their victims a link to what purported to be a login page for the Élysée intranet site. In this way, it’s claimed, login credentials were stolen.
It is alleged that malware was then installed on the network, infecting computers belonging to senior political advisors, including Xavier Musca, Secretary-General of Nicolas Sarkozy’s office.
Sarkozy is said to have escaped infection himself because he did not have use of a networked PC.
It is alleged that email messages and sensitive documents were scooped up the spyware – which was said to bear the hallmarks of the Flame malware that hit some computers in the Middle East (most notably Iran) earlier this year.
The United States’s Homeland Security chief, Janet Napolitano, reportedly missed an opportunity to deny her country’s involvement in the alleged hack, just saying:
"We have no greater partner than France, we have no greater ally than France.. We co-operate in many security-related areas. I am here to further reinforce those ties and create new ones."
We shouldn’t, of course, necessarily assume that just because Napolitano chose not to deny that the USA hacked France that that means that they did do it.
After all, it’s possible that Napolitano simply doesn’t know if the USA was involved – and doesn’t want to deny something which later turns out to be true.
Or it’s possible that she’s not authorised to confirm or deny the US’s involvement for understandable intelligence reasons. (If you always deny everything that’s not true, it’s very easy for people to work out what is true when you refuse to deny it).
Janet Napolitano’s involvement in this story reminds me rather of US Deputy Defense Secretary William Lynn, who squirmed on camera last year when quizzed about whether America had been responsible for the creation of Stuxnet.
(Of course, we’re all a little wiser about the creation of Stuxnet now).
If it is true that the United States used malware to spy upon the French government I don’t think we should necessarily be surprised. We’d be naive not to think that just about every developed country in the world is using the internet for its political, commercial and military advantage.
And you don’t need to be in active hostilities with another country to have a very genuine interest in what they might be planning.
Nevertheless, you can imagine such revelations (if true) could cause some awkward conversations between the diplomats.Follow @gcluley
Arc de Triomphe image from Shutterstock.