A French news magazine has reported that computers in the offices of the French President were attacked by a malware created by the US to collect information – meaning, essentially, that the US has attempted to hack into the French government’s IT systems. The US, unsurprisingly, denies any such attack on their behalf, and the French government is staying surprisingly quiet on the matter. What, exactly, is going on?
The initial report came from the French newspaper L’Express yesterday, which published a story that said that, between April 22 and May 6 this year, the offices of then-President Nicolas Sarkozy had been attacked by Flame, a malware in part developed by the US (in combination with Israel) to collect information about the Iranian nuclear program. According to the report, the attack was covered up by French authorities, but was partially successful, with “secret notes recovered from hard drives, and also strategic plans” taken from computers belonging to Sarkozy staff, including his Secretary-General Xavier Musca. “Hackers have not only managed to get to the heart of French political power,” the newspaper breathlessly reported, “but they were able to search the computers of close advisers of Nicolas Sarkozy.”
(Oddly enough, the dates given for the attacks correlate to the dates of the most recent French Presidential elections; April 22 was the first round of voting, and May 6 was the date for a run-off election that put Sarkozy out of power, replaced by Francois Hollande.)
American officials quickly denied any part in the attacks, with the Department of Homeland Security’s Matthew Chandler stating in an email to Information Week that the department “categorically [denies] the allegations by unnamed sources that the U.S. government participated in a cyber attack against the French government,” and adding that “France is one of our strongest allies. Our outstanding cooperation in intelligence sharing, law enforcement and cyber defense has never been stronger, and remains essential in successfully combating the common threat of extremism.”
The French Government has so far not commented officially on whether or not there is any basis in truth to the L’Express report, although as Ars Technica points out, it has previously confirmed that the offices in the Elysee Palace were targeted by not one, but two cyber-attacks in May although it hadn’t released any further information about either attack. Information Week is a little more suspect, however, noting that the initial Kaspersky Lab report into Flame in late May didn’t mention any attack against a target in France when it listed nations that had been hit by the malware. Add to that, the simple question of… why would the US hack Nicolas Sarkozy’s computers? What information was likely to have been stored in them that was worth such a high-profile hack? Consider this curiosity an unsolved mystery that will continue to tease for years to come, most likely…