After US election hacks, France girds against cyberattacks
PARIS (AP) — French security officials, sobered by the destabilizing effect that computer hacking and email leaks had on the U.S. election, have taken the unprecedented step of allowing government cyber-snoops share their expertise with political parties.
The goal is to help France’s Socialists, conservatives, and other parties defend themselves from electronic attacks during the country’s 2017 presidential and parliamentary elections.
France’s democratic process also is at risk from the cyber-subversion that roiled Hillary Clinton’s campaign, in particular, according to Louis Gautier, who heads the French prime minister’s General Secretariat for Defense and National Security.
The Obama administration has openly accused Russia of hacking Democratic organizations and officials, and the CIA has gone further, telling U.S. lawmakers in a closed-door briefing that Russia’s intention was to help Republican Donald Trump win the U.S. presidential election. Other U.S. intelligence agencies have said it’s less clear what the Russians’ intent was, other than to disrupt the American political system. They say Republican consultants may also have had their emails compromised. Clinton campaign chairman John Podesta’s emails were stolen and posted on the internet, along with others.
“In the United States, certain political parties were recently subject to sophisticated and repeated attacks, obviously carried out by organized groups,” Gautier wrote in an Oct. 11 letter to political parties and lawmakers’ groups in parliament, inviting them to a closed briefing by the National Cybersecurity Agency. Such technology risks “could threaten the smooth progress of the political campaign in France.”
The letter was obtained by The Associated Press.
The cybersecurity agency, known by its French initials ANSSI, normally wouldn’t venture into the political or electoral domain. Created in 2009, its main task is to protect government communications and strategic French industries against cyber-snooping and attacks.
ANSSI, however, reports to Gautier’s office. Having concluded from the U.S. election that French political parties needed alerting, Gautier’s office got permission to invite them to the closed cyber-security seminar by ANSSI experts, a government official told the AP. He spoke about the internal decision-making process on condition that he was not identified.
“We took the initiative because our evaluation of the situation is pessimistic,” the official said.
France’s efforts to secure its election come amid concerns in European capitals about perceived efforts by Russian President Vladimir Putin’s government to divide and undermine Western governments.
Last week, the head of British spy agency MI6 warned of cyberattacks, propaganda and the subversion of democratic processes by “states with hostile intent” and said the threat “should be a concern to all those who share democratic values.”
Germany’s foreign intelligence chief also has warned of cyberattacks aimed at political destabilization as the country prepares for a general election in 2017.
French wariness was also heightened by a sophisticated cyberattack in April 2015 that blacked out Francophone broadcaster TV5 Monde and packed the international network’s social media sites with Islamic extremist propaganda.
Working beyond its usual government-focused purview, ANSSI intervened to get the broadcaster back on its feet, dispatching a team of 20 agents to help rebuild and secure its IT systems. ANSSI experts are now sure the attack wasn’t the work of Islamic extremists but they are divided on whether more sophisticated Russia-based hackers were instead to blame, said the official who spoke to the AP.
About 40 participants from a broad swath of France’s political spectrum attended the Oct. 26 cyber-security seminar in Paris next to Les Invalides, which houses Napoleon’s tomb. Gautier and ANSSI director Guillaume Poupard opened the briefing, then ANSSI experts walked participants through examples of recent cyberattacks and offered security advice. Of the political parties invited, only the far-right National Front did not attend, said the official who spoke to the AP.
Thick briefing dossiers for attendees included a 36-page cyber-security pamphlet for people working in politics, a 52-page guide on IT best practices, a 52-page explainer on denial-of-service attacks, a USB flash drive loaded with information about malware and computer viruses and a travel advice booklet. Also available on ANSSI’s web site , the travel booklet warns of telephone surveillance overseas and that “in certain countries, hotel rooms may be searched without you noticing.”
Bastien Ho, who attended the briefing for France’s Green Party, said much of the advice wasn’t news to technicians like him. He manages party websites and databases. But he was struck by a presentation that broke down the timing of email leaks during the U.S. presidential campaign.
“They showed a timeline of Hillary Clinton’s campaign, with the details of when the leaks happened,” Ho said, adding it showed how information leaked “at strategic moments” and how “it could have had an effect on the campaign.”
The French official who spoke to the AP said although France’s big political parties are managed like businesses, their IT practices are often second-rate.
In October, France’s data protection watchdog sanctioned the ruling Socialist Party with a public warning for security loopholes on its website that leaked the personal details of tens of thousands of party members.