International news media are reporting today of a successful cyber attack by unknown parties against the French Government that occurred late last year. The incident was first reported by the magazine Paris Match yesterday, which the French government later confirmed.
The FT article quotes François Baroin, Budget Minister, as saying the attack had been "spectacular", while this article at the Wall Street Journal states that computer security on 12,000 of the 170,000 workstations used by the French Finance Ministry was increased this past weekend in wake of the attack.
Patrick Pailloux, head of L'Agence nationale de la sécurité des systèmes d'information (National Agency for Information Systems Security) was also quoted by the FT as saying the cyber attack was:
"... pure espionage ... one of the most important attacks, if not the most important, ever to target the public administration."
The attacks apparently began in December of last year, but weren't detected until January of this year. By the time the attacks were detected, at least 150 workstations at the Finance Ministry had been successfully penetrated.
The FT states that the workstations were penetrated via a Trojan Horse concealed in a PDF file attached to an email that supposedly came from a known source. The WSJ article says that the malware was detected when an employee at the Finance Ministry noticed an email had been sent to them from someone in the ministry who said they hadn't sent it.
Speculation is that the French Government believes the attack came from China, but is hesitant to say so for fear of losing China's support of France's G20 initiatives.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.