World heading towards 'permanent cyber war', France warns

Head of cyber security agency says threat comes from other countries, criminals and extremists

Lizzie Dearden
Thursday 01 June 2017 17:56 BST

The world is heading towards a “permanent war” in cyberspace, the head of France’s digital security agency has warned.

Guillaume Poupard, director general of the National Cybersecurity Agency of France (ANSSI) said intensifying attacks were coming from unspecified states, as well as criminal and extremist groups.

“We must work collectively, not just with two or three Western countries, but on a global scale,” he added, saying attacks could aim at espionage, fraud, sabotage or destruction.

“We are getting closer, clearly, to a state of war - a state of war that could be more complicated, probably, than those we've known until now.”

He was speaking as the world continued to reel from the global WannaCry ransomware attack, which crippled the NHS earlier this month.

Targeting computers an outdated Windows operating system, it infected more than 230,000 computers in 150 countries in just a day, including Russia, India and Taiwan.

It came amid allegations that Russia-backed hackers were responsible for cyber attacks affecting elections in the US and France.

Man who accidentally halted global cyber attack: 'I'm no hero'

But investigators have found no evidence that a prolific Russian group was behind a hack targeting Emmanuel Macron’s campaign just days before the presidential election.

It saw a huge cache of data and documents from the candidate’s team posted online hours before reporting restrictions kicked in across France, meaning they could not be properly analysed and claims circulating on social media went unchallenged.

Analysts who found traces of Russian code in the leaks said they could be linked to the group initially suspected of orchestrating the Democratic National Campaign (DNC) leak.

Vitali Kremez, director of research with US-based cyber intelligence firm Flashpoint, said his analysis indicated that APT 28, a group tied to Russia’s GRU military intelligence directorate, was behind the attack at the time.

But a probe by ANSSI has found no trace of the outfit, also known as Fancy Bear or Sofacy, which has also been blamed for attacks targeting White House, German Parliament, Nato and French media.

Mr Poupard described the Macron campaign hack as ”not very technological“ and said "the attack was so generic and simple that it could have been practically anyone".

Without ruling out the possibility that a state might have been involved, he told the Associated Press the technique used “means that we can imagine that it was a person who did this alone,” adding: “They could be in any country.

“It really could be anyone. It could even be an isolated individual.”

Politicians across Europe have pointed the finger at Russia for alleged attempts at interfering in elections but Vladimir Putin has persistently denied the claims.

US intelligence agencies have accused the Russian President of personally commissioning the DNC email hack and other interference helping Mr Trump to victory.

Mr Putin admitted on Thursday that “patriotic” Russian hackers could have launched attacks amid worsening relations with the West, but insisted that “we don't engage in that at the state level”.

Analysts previously said APT 28 had registered decoy internet addresses to mimic the name of Mr Macron’s En Marche! party, then used the domains to send corrupted emails to hack into the campaign’s computers.

The leak came just little over a day before the second and decisive vote in the French presidential election,

Mr Macron’s En Marche! party confirmed it had “been the victim of a massive and coordinated hack” that had “given rise to the diffusion on social media of various internal information”.

A spokesperson said the communications only showed the normal functioning of a presidential campaign, but that authentic documents had been mixed on social media with fakes to sow “doubt and misinformation”.

Far-right American activists are believed to be behind early efforts to spread the documents on social media, before they were picked up by Ms Le Pen’s supporters in France.

(Getty Images
(Getty Images (Getty Images)

Ben Nimmo, of the Atlantic Council’s Digital Forensic Research Lab, said the mass document drop appeared to have been deliberately timed just hours before restrictions kicked in.

He told The Independent that the contents appeared to be “99 per cent boring” but the En Marche! leaks and other conspiracy theories targeting Mr Macron had exposed a “real confluence of interest” between Russia and the far right in Russia and France.

“They’re not necessarily coordinated, but they’re interested in a lot of the same stuff,” Mr Nimmo added.

The cyber attack came just 10 days after the En Marche! digital chief Mounir Mahjoubi said it had been targeted by Russia-linked hackers – but that those hacking attempts had all been thwarted.

There have been repeated allegations of Russian interference in elections across Europe and the US, with Mr Macron previously targeting state media for spreading “fake news” to damage his campaign.

The new French president raised the issue directly with Mr Putin at a meeting in Versailles, telling a joint news conference “Russia Today and Sputnik were agents of influence which on several occasions spread fake news about me personally and my campaign”.

“They behaved like organs of influence, of propaganda and of lying propaganda,” Mr Macron added, after barring journalists from two Russian outlets from his headquarters.

The Kremlin appeared to favour his opponent Marine Le Pen during the campaign, with Mr Putin granting the far-right leader an audience a month before the first round vote.

Sputnik, RT and the Kremlin have all rejected allegations of meddling in the French election.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in