U.S. Denies Malware Attack Against France

  /     /     /  
Publicated : 22/11/2024   Category : security


U.S. Denies Malware Attack Against France


Unnamed French officials accuse the U.S. government of infecting government systems with the Flame espionage malware during French elections.



Did the U.S. government launch a cyberattaque against French government computers in the run-up to the 2012 French presidential election?
That allegation was leveled at the U.S. government by unnamed French officials, according to a Tuesday
report
in the weekly French newspaper
LExpress
. It reported that computers belonging to top advisers to then French president Nicolas Sarkozy had been hacked using the
Flame cyberespionage malware
, which was designed to be used in highly targeted attacks.
French officials said that the attacks occurred between April 22, 2012, when the first round of the countrys most recent presidential elections was held, and May 6, 2012, when a runoff was held, which resulted in
socialist Francois Hollande
beating Sarkozy. The officials said the attackers had first conducted reconnaissance using Facebook, friended Sarkozy advisers, then sent them phishing emails that led to a fake version of the French governments intranet, which was used to capture the targets intranet usernames and passwords.
U.S. officials rejected the allegations. We categorically deny the allegations by unnamed sources that the U.S. government participated in a cyber attack against the French government, said Department of Homeland Security spokesman Matthew Chandler via email. France is one of our strongest allies. Our outstanding cooperation in intelligence sharing, law enforcement and cyber defense has never been stronger, and remains essential in successfully combating the common threat of extremism.
[ As the Gaza military crisis escalates, so has the response from hackers. See
Anonymous Steps Into Gaza Crisis
. ]
How reliable are the Flame allegations reported in
LExpress
? Consider that when Kaspersky Lab first
detailed Flame
in late May 2012, it said that the malware had been used against Iran (in 189 attacks), Israel and Palestine (98), Sudan (32), Syria (30), Lebanon (18), Saudi Arabia (10) and Egypt (5). But it reported no attacks against French targets.
Another fact that makes the French allegations appear suspect is that in the online realm, accurately attributing attacks to a specific source is incredibly difficult, and any claims to the contrary are typically discounted unless backed by substantial, detailed evidence, produced by a reliable source.
LExpress
detailed no such evidence. Furthermore, while the
command-and-control servers
used in attacks may be traced back to a specific country -- such as the United States -- its easy to rent hosting space or use compromised PCs in that country to launch attacks, thus covering ones tracks and complicating efforts to accurately ascertain attackers true location or location.
LExpress
also published excerpts from its wide-ranging
interview with Janet Napolitano
, the U.S. secretary of Homeland Security, who was asked directly if the U.S. government had authorized a cyber-espionage campaign against the French government. Let me answer the following, she said (her comments have been translated from French to English). We have no more important partner than France, we have no ally greater than France. We cooperate in many areas related to security. And Im here to further strengthen these links and develop new ones.
Napolitano was also asked if it wasnt ironic that while the United States has been sounding alarms over the growing amount of malware thats targeting U.S. government system, it also
commissioning the Stuxnet and Flame cyber-espionage
malware used against Iran. Napolitano, however, pled official ignorance. These programs were never attributed in any way to the U.S. government. Beyond this point, your question presupposes a yes-or-no answer, while my job is to protect the civilian networks using all the technology we have at our disposal. We seek to ensure a high level of security -- the highest possible. To do this, our cybersecurity budget was increased by 40% last year and presidents recommendation for the coming year is that it should increase by 75%.

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
U.S. Denies Malware Attack Against France