During the French presidential election in May, incumbent Nicolas Sarkozy was targeted by a sophisticated cyber attack from the US, which monitored the computers of his closest staff members, a French magazine reported this week.
Between the first and second rounds of the French presidential election in May this year, high-ranking staff members of incumbent president Nicolas Sarkozy came under cyber attack from the US, French weekly L’Express reported on Tuesday.
The report, which reveals dangerously weak levels of cyber protection in the presidential palace, has left the French authorities not only alarmed, but also questioning their security relationship with the US.
Questioned by L’Express, US Secretary of Homeland Security Janet Napolitano said only that “the US has no stronger ally when it comes to security than France”. ANSSI, the French Network and Information Security Agency, refused to comment on the story.
Complex program, simple hack
According to the magazine, the program used to retrieve the data closely resembles that of the Flame malware, an infamous virus dreaded by security experts. It was employed for an extensive espionage operation targeting Iran in 2010, supposedly orchestrated by the US. In May, Russia’s leading IT security authority Kapersky described the program as “the most complex and functional known to date”.
Once safely installed on a computer, the program can retrieve data from a number of locations. It is able to control the computer’s intranet connection, log in to Skype and save conversations, retrieve entire databases from any device, such as the address book of a mobile phone connected to the computer via Bluetooth, or make screen grabs at regular intervals when a chat or email program is launched.
But while the program used is recognised as a complex and sophisticated one, the procedure used to hack into the Elysée network couldn’t have been simpler.
According to the report, the hackers accessed the computers by targeting one of the staff members on social media site Facebook. After “friending” this person, they then sent them a link to follow. The link led to an exact imitation of the Elysée Palace staff access page, which the employee then used their login account and password to enter. With these login details safely retrieved, the hackers were able to access several computers. The only reason Sarkozy was not personally targeted was because he did not own a computer, the report explains.
Data retrieved included “secret notes” and strategic plans,” the report details, but the purpose of the operation is not stated.
Date created : 2012-11-21