Yes, U.S. did hack Elysée Palace in 2012, French ex-spy says

And yes, it was a Frenchman who hacked the Canadians (and the Iranians) in 2009

Bernard Barbier, a former head of the French signals intelligence service, shared a few stories with students of CentraleSupélec, the elite engineering school from which he graduated in 1976, at a symposium this summer.

There was that time he caught the U.S. National Security Agency delving into computers at the Elysée Palace, residence of the French president, for example. And flew to Washington to tell them they'd been found out. Or when the Canadians said they -- and the Iranians, the Spaniards, the Algerians and a few others -- had all been hacked by a Frenchman, and they were totally right, although the French government denied it.

These little confessions to the members of a student association at his old school, though, have reached a somewhat larger audience than he may have planned on.

The discussion on June 2 was recorded -- from the front row, so he must surely have been aware -- and found its way onto YouTube later that month. There it lay, largely unremarked, until last weekend when a reporter for French newspaper Le Monde found it and published transcripts of large parts of it. Almost immediately, the original video was taken down. Another has appeared, although the sound has been doctored, purportedly to improve the audio quality.

Barbier's revelations can't really be called a scoop, as the Canadian and Elysée hacks had been widely reported. They have, however, never been officially confirmed.

Until he left to join IT consulting firm Sogeti in 2013, Barbier was head of the signals intelligence division of the French Directorate-General of External Security (DGSE), a post he had occupied since 2006. During that time, he was responsible for transforming the DGSE's spying activities into a tool for mass surveillance. Before that, he had alternated between roles at the French Commission for Atomic Energy and Alternative Energies (CEA) and other posts at the DGSE.

The students quizzed him about two events in particular.

The first concerned the run-up to the 2012 French presidential election, when the DGSE found malware on computers at the presidential residence, the Elysée Palace.

Two years previously, that same malware had been used in an attack on the European Commission, he told them.

By 2012, the DGSE had the means at its disposal to identify the origin of the new attack, Barbier said. He concluded that it could only have been the U.S., and using a technique that, thanks to Edward Snowden, we now know as Quantum Insert.

The following year, he said, the new president sent him to Washington to complain to the director of the NSA, Keith Alexander.

"We were sure it was them. Alexander wasn't happy. In the end, he said, 'Bernard, well done. ... You French are good,' meaning he thought we'd never catch them," Barbier told the students.

Later that year, he heard that Le Monde had obtained an NSA briefing document about him that had been prepared for that meeting and was planning to publish it.

Barbier asked an NSA contact in Paris to give him a copy of the briefing document. "He said 'I can't, it's top secret, only President Obama can declassify it.' I said 'Don't mess around, six million Frenchmen are going to see it soon, and I can't?' I finally saw it one day before Le Monde published it," he told the students.

Another 2013 story in Le Monde concerned a cyber-attack on Iran's nuclear installations, which also targeted computers in Canada, Spain, Greece, Norway, Algeria and Ivory Coast. In a note leaked by Snowden, Canadian officials said they were fairly certain that the attack had been mounted by a French intelligence agency. The French government denied any involvement.

But at his old school, Barbier said that when the Canadians reverse-engineered the malware, they found that its programmer had nicknamed it "Babar" and signed it "Titi," two clues that led them to believe he was French.

"And he was," said Barbier, without acknowledging which agency, if any, the programmer worked for.

Security researchers later were able to link Babar to other families of malware, known as Bunny, Casper, Dino, NBot and Tafacalou.

With so many of these affairs hinted at or revealed by Snowden's leaks, it was inevitable that one of the students would ask him what he thought of the former NSA contractor turned whistleblower.

"Snowden totally betrayed his country," Barbier said, but with his revelations about allies spying on one another and the hacking by the U.S. of networking equipment from the likes of Cisco Systems, "Snowden helped us, on the whole."

Join the CSO newsletter!

Error: Please check your email address.

More about CiscoEuropean CommissionNational Security AgencyNSAQuantum

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Peter Sayer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts