Attacks/Breaches
11/21/2012
12:21 PM
Connect Directly
RSS
E-Mail
50%
50%

U.S. Denies Malware Attack Against France

Unnamed French officials accuse the U.S. government of infecting government systems with the Flame espionage malware during French elections.

Did the U.S. government launch a "cyberattaque" against French government computers in the run-up to the 2012 French presidential election?

That allegation was leveled at the U.S. government by unnamed French officials, according to a Tuesday report in the weekly French newspaper L'Express. It reported that computers belonging to top advisers to then French president Nicolas Sarkozy had been hacked using the Flame cyberespionage malware, which was designed to be used in highly targeted attacks.

French officials said that the attacks occurred between April 22, 2012, when the first round of the country's most recent presidential elections was held, and May 6, 2012, when a runoff was held, which resulted in socialist Francois Hollande beating Sarkozy. The officials said the attackers had first conducted reconnaissance using Facebook, "friended" Sarkozy advisers, then sent them phishing emails that led to a fake version of the French government's intranet, which was used to capture the targets' intranet usernames and passwords.

U.S. officials rejected the allegations. "We categorically deny the allegations by unnamed sources that the U.S. government participated in a cyber attack against the French government," said Department of Homeland Security spokesman Matthew Chandler via email. "France is one of our strongest allies. Our outstanding cooperation in intelligence sharing, law enforcement and cyber defense has never been stronger, and remains essential in successfully combating the common threat of extremism."

[ As the Gaza military crisis escalates, so has the response from hackers. See Anonymous Steps Into Gaza Crisis. ]

How reliable are the Flame allegations reported in L'Express? Consider that when Kaspersky Lab first detailed Flame in late May 2012, it said that the malware had been used against Iran (in 189 attacks), Israel and Palestine (98), Sudan (32), Syria (30), Lebanon (18), Saudi Arabia (10) and Egypt (5). But it reported no attacks against French targets.

Another fact that makes the French allegations appear suspect is that in the online realm, accurately attributing attacks to a specific source is incredibly difficult, and any claims to the contrary are typically discounted unless backed by substantial, detailed evidence, produced by a reliable source. L'Express detailed no such evidence. Furthermore, while the command-and-control servers used in attacks may be traced back to a specific country -- such as the United States -- it's easy to rent hosting space or use compromised PCs in that country to launch attacks, thus covering one's tracks and complicating efforts to accurately ascertain attackers' true location or location.

L'Express also published excerpts from its wide-ranging interview with Janet Napolitano, the U.S. secretary of Homeland Security, who was asked directly if the U.S. government had authorized a cyber-espionage campaign against the French government. "Let me answer the following," she said (her comments have been translated from French to English). "We have no more important partner than France, we have no ally greater than France. We cooperate in many areas related to security. And I'm here to further strengthen these links and develop new ones."

Napolitano was also asked if it wasn't ironic that while the United States has been sounding alarms over the growing amount of malware that's targeting U.S. government system, it also commissioning the Stuxnet and Flame cyber-espionage malware used against Iran. Napolitano, however, pled official ignorance. "These programs were never attributed in any way to the U.S. government. Beyond this point, your question presupposes a yes-or-no answer, while my job is to protect the civilian networks using all the technology we have at our disposal. We seek to ensure a high level of security -- the highest possible. To do this, our cybersecurity budget was increased by 40% last year and president's recommendation for the coming year is that it should increase by 75%."

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Maczin
50%
50%
Maczin,
User Rank: Apprentice
11/23/2012 | 2:32:57 PM
re: U.S. Denies Malware Attack Against France
A while ago it has been revealed in the Washington Post: FLAME was developed by the United States and shared with Israel. Security analysts say it was a highly sophisticated malware program. The FLAME windows malware shows why President Hollande should develop a French Operating System based on Linux, as some nations in Asia did. Closed source operating systems are a high risk for national security.
PJS880
50%
50%
PJS880,
User Rank: Ninja
12/10/2012 | 2:57:26 AM
re: U.S. Denies Malware Attack Against France
If the United States decided to hack the French Government, we most likely would not be reading about it. Furthermore if the US was performing reconnaissance I would hope their sources would be more reliable than Facebook. Just because the malware used is specific for high targets, doesn't implicate nor point at the US. Sounds like the french newspaper needed to sell some newspaper, because I haven't read one fact backing their claim.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2413
Published: 2014-10-20
Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php.

CVE-2012-5244
Published: 2014-10-20
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to...

CVE-2012-5694
Published: 2014-10-20
Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) platformDD1 parameter to frameworkgui/attach2Agents.p...

CVE-2012-5695
Published: 2014-10-20
Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (2) SQL injection attacks or (3) send an SMS m...

CVE-2012-5696
Published: 2014-10-20
Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a direct request.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.