March 08, 2011, 3:14 PM — The French National IT Systems Security Agency has released further details of the recent attack on French government computers, saying they were targeted by cyberspies.
Around 150 IT staff spent the weekend on a massive clean-up operation to undo the effects of the attack on computers at the French Ministry of Economy, Finances and Industry, the security agency's director-general said Monday night.
The attack compromised around 150 of the ministry's 170,000 PCs, agency director-general Patrick Pailloux said at a news conference.
It began with a wave of e-mail messages with malware-laden attachments that exploited then-unknown or unprotected flaws in the software running on the ministry's PCs. The messages were addressed to ministry staff of all levels, and purported to come from colleagues or regular correspondents elsewhere, while the attachments appeared to relate to their work, Pailloux said.
When the attachments were opened, they installed Trojan horse software on the PCs. Under the control of the unidentified attackers, that software was then used to compromise other PCs, to send data out of the ministry hidden in other Internet traffic, and finally to cover up its activities.
The attackers had access to mailboxes and servers over the course of several weeks. It took the agency until last week to figure out what the Trojan horse was doing, and just how far it had spread, Pailloux said.
While attacks on other French government computers were made during this time, none of them appeared to have succeeded, he said.
The technical level and coordination of the attacks on the Finance Ministry show that the hackers were determined and organized professionals, he said.
After disconnecting the ministry from the Internet, it took 150 IT staff all weekend to clean things up and strengthen security systems before bringing the Internet connection back up on Monday morning, Pailloux said.
Pailloux declined to comment on who might be behind the attack, although he did acknowledge that it resembled an attack on Canadian government IT systems last month. That attack was initially blamed on the Chinese, an accusation the Chinese swiftly denied.
French Budget Minister François Baroin said this latest attack was probably from outside France: "We have some leads, but at this stage it's impossible to confirm them," he said in a radio interview Monday morning.
There is no sign that personal tax files were targeted, Baroin said, something later confirmed by the security agency.