Oui, La NSA hacked France in 2012

If you speak French and have one hour available, just skip the article and go straight to the video. Otherwise, here are some notes from the video interview.

Le Monde just published an article confirming that the U.S. (NSA) indeed hacked the French White House (Elysee) in 2012.

This claim is based on a video interview done at a French Engineering School and had been uploaded on June 18 2016 of Bernard Barbier former head of the French Intelligence Service (DGSE).

Unfortunately, as the comments on YouTube can attest — the sound quality is pretty mediocre which explains why it took so long for someone to actually write something about it (3 months!).

Barbier mentions his official visit with Mr Patrick Pailloux, Head of the French NSA (ANSSI) to Keith Alexander (former Director of the NSA) in order to complain and showing all the evidences of the 2012 Hack of the Elysee on request from the President Francois Hollande.

This is the first time that this hack had been officially confirmed — until now the only “suspicions” were due to the above memo, that got disclosed through the Snowden documents.

“I received the order from the successor of Mr Sarkozy (Francois Hollande) to go in the U.S. to shout at them. We were sure it was them. At the end of the meeting, Keith Alexander (Director of the NSA) was not happy. When we were in the bus, he told me he was disappointed because he never thought we would detect them and he even added “You guys are good”. The major Allied Powers, we do not spy on them. The fact the U.S. broke this rule was a shock” — Bernard Barbier
EDIT: The original video had been removed few days after the publication of this article. The above version is another version that had been reuploaded.

Barbier mentions that they randomly discovered the malware through existing signature which was similar to the 2010 hack of the European Commission — which had been reversed by his team of reverse engineers.

Barbier also mentions he enjoyed working with the U.S., U.K. and the Israelis in 2006 — because they were the strongest actors in the cyber security industry.

Although Barbier says the relationship with the U.S. isn’t tense as in the Intelligence World you don’t have friends but only allies — and the U.S. is the best ally France has — he continues by admitting the difference in term of capacities between the French and the U.S. agencies, with a workforce 20 times bigger, and a budget 40 times bigger.

Barbier highlights even though they have lots of money, the Americans are wasting a lot of money — but the French capacities are not matching the military & strategic expectations of the French government especially given the fact that France decided to be involved in foreign countries such as Mali and Syria. He follows by comparing that GCHQ (UK) & 8200 (Israel) have twice more resources.

Barbier also confirms that BABAR, which was analyzed by Marion Marschalek in 2015 was indeed French — and jokes that the Canadian find out because the French developer who did it used the “BABAR” and “TITI” strings which are popular French cartoon characters — and that it was a stupid mistake from the developer. #OPSECFAIL

Barbier evokes the creation of an European Intelligence Service to provide better performances but this would unfortunately be impossible as it would mean that 28 different countries with different cultures and languages would need to collaborate efficiently.

On Daesh, Barbier explains that HUMINT could have been very useful in 2012 — but that this is unfortunately almost impossible as those circles are very difficult to infiltrate as terrorist groups are very careful with insiders as they only work with people they know. Moreover, he mentions that he does not know if the Algerians and Moroccans services had additional information — given the fact that most of those subjects are from Maghreban origins.

Barbier also admit that information security is not really recognized in France, especially during the 2000s and that most of the people who are working in big French groups doing information security are inexperienced. He also says that France only has 50–60 skilled pentesters, and the problem they have to recruit is that since being a hacker is not an academical skills — it is very hard for them to recruit people who are “wired correctly” who started early enough and that finishes by saying that France needs to develop more technological branches to train people on cyber-security matters.

Barbier also mentions the creation of the Chinese Cyber Unit within the People’s Liberation Army in the late 90s to be able to compete with the U.S. now instead of in 50–60 years.

Another surreal part is when Keith Alexander told Bernard Barbier about the “Find & Fire” projects they have in Iraq to identify (within a 7km radius) & eliminate bad guys with drones. So apparently France is working on similar technologies as Barbier managed to convinced them to do the same, and they need more students to join the government to improve the technology — which had been used in 2010 to prevent a terrorist attack against the French Embassy in Mauritania.

Barbier also jokes (at 55:20) that in France unlike in the U.S. we do care about avoiding “collateral damages” before neutralizing a target.