USA blamed for spy malware planted on French president’s network

Graham Cluley
Graham Cluley
@[email protected]

A newspaper has published details of what it claims was a sophisticated state-sponsored hack into the offices of the French presidency earlier this year with the intention of stealing data.

And which country does L’Express allege planted malware on computers at the Elysee Palace belonging to officials working for then-president Nicolas Sarkozy? None other than the United States.

Yes, you heard that right – for once, it’s not China being blamed for spying on another nation. Instead, it’s the USA – a country that you would normally imagine are on reasonably cordial terms with France.

L'Express story

Sign up to our free newsletter.
Security news, advice, and tips.

According to the newspaper, the malware attack took place in May 2012, shortly before the second round of presidential elections in France, but has been kept secret until now.

The newspaper alleges that the hackers used simple social engineering tricks to worm their way into what should have been some of the best secured networks in France.

Workers at the Élysée Palace are said to have been befriended on Facebook by hackers, who then sent their victims a link to what purported to be a login page for the Élysée intranet site. In this way, it’s claimed, login credentials were stolen.

It is alleged that malware was then installed on the network, infecting computers belonging to senior political advisors, including Xavier Musca, Secretary-General of Nicolas Sarkozy’s office.

Arc de Triomphe. Image from ShutterstockSarkozy is said to have escaped infection himself because he did not have use of a networked PC.

(For the record, Sarkozy has previously had his Facebook account hacked, and had his bank account broken into – so maybe this was a lucky escape for him).

It is alleged that email messages and sensitive documents were scooped up the spyware – which was said to bear the hallmarks of the Flame malware that hit some computers in the Middle East (most notably Iran) earlier this year.

The United States’s Homeland Security chief, Janet Napolitano, reportedly missed an opportunity to deny her country’s involvement in the alleged hack, just saying:

"We have no greater partner than France, we have no greater ally than France.. We co-operate in many security-related areas. I am here to further reinforce those ties and create new ones."

We shouldn’t, of course, necessarily assume that just because Napolitano chose not to deny that the USA hacked France that that means that they did do it.

After all, it’s possible that Napolitano simply doesn’t know if the USA was involved – and doesn’t want to deny something which later turns out to be true.

Or it’s possible that she’s not authorised to confirm or deny the US’s involvement for understandable intelligence reasons. (If you always deny everything that’s not true, it’s very easy for people to work out what is true when you refuse to deny it).

Janet Napolitano’s involvement in this story reminds me rather of US Deputy Defense Secretary William Lynn, who squirmed on camera last year when quizzed about whether America had been responsible for the creation of Stuxnet.

(Of course, we’re all a little wiser about the creation of Stuxnet now).

If it is true that the United States used malware to spy upon the French government I don’t think we should necessarily be surprised. We’d be naive not to think that just about every developed country in the world is using the internet for its political, commercial and military advantage.

And you don’t need to be in active hostilities with another country to have a very genuine interest in what they might be planning.

Nevertheless, you can imagine such revelations (if true) could cause some awkward conversations between the diplomats.

Arc de Triomphe image from Shutterstock.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.