Skip to main content

US accused of launching cyberattack against French government

US accused of launching cyberattack against French government


Flame-like malware allegedly targeted high-level advisors to then-President Nicolas Sarkozy, exposing national secrets in the process

Share this story

Nicholas Sarkozy White House Press Photo
Nicholas Sarkozy White House Press Photo

Earlier this year, the French government fell victim to a sophisticated cyberattack that forced a complete overhaul of its network. At the time, media outlets speculated that China may have been behind the attack, citing military secrets as a potential motive, but a report this week from French daily L'Express points the finger squarely at the US government.

The attack in question was launched sometime between the conclusion of France's presidential election on May 6th and the day incoming President François Hollande took office on May 15th. Its perpetrators allegedly used Facebook to first find and connect with close advisors to outgoing president Nicolas Sarkozy, before inviting them to join the Elysée intranet on a fake government web page. There, officials were prompted to enter their intranet passwords, which allowed hackers to infect their computers with a virus that security experts are now comparing to Flame — a sophisticated espionage worm developed by the US and Israel to attack Iran's nuclear program.

"We have no greater partner than France, we have no greater ally than France."

The virus rapidly spread throughout Sarkozy's coterie, working its way all the way up to Chief of Staff Xavier Musca, though the president himself remained unscathed, since he didn't use a personal computer in office. The extent of the breach remains unclear, though sources close to the matter tell L'Express that hackers obtained classified documents and "strategic plans" from government hard drives. Investigators at France's national cybersecurity agency at first struggled to pinpoint the source of the attack, but sources now suspect that it was launched by the US government, citing its striking resemblance to Flame, as well as its high level of sophistication.

The motive behind the alleged attack remains unclear, though its timing may hold clues. A person with knowledge of the case speculated that the US may have been looking to guarantee ongoing French diplomatic support, even under a new president. "You can be on very good terms with a 'friendly' country and still want to guarantee their unwavering support — especially during a transition period," the source said.

The Elysée itself has yet to comment on the report. During an interview with L'Express Tuesday, Homeland Security Secretary Janet Napolitano would neither confirm nor deny allegations of US involvement. "We have no greater partner than France, we have no greater ally than France," Napolitano said. "We cooperate in many security-related areas. I am here to further reinforce those ties and create new ones."

Update: In a statement provided to The Verge, a spokesperson from the US Embassy in Paris "categorically" denied the accusations of US involvement:

"We categorically deny these allegations from unnamed sources, published in L'Express, that the United States government has participated in a cyberattack against France. France is one of our best allies. Our cooperation is remarkable in the areas of intelligence, law enforcement, and cyberdefense. It has never been as strong and essential to our common fight against the threat of extremism."