France’s culture minister is to call an urgent meeting of French media groups to assess their vulnerability to hacking after the public service television network TV5Monde was taken over by individuals claiming to belong to Islamic State, blacking out broadcasts as well as hacking its websites and Facebook page.
All TV5Monde broadcasts were brought down in a blackout between 10pm and 1am local time on Wednesday to Thursday by hackers claiming allegiance to Isis. They were able to seize control of the television network founded by the French government in 1984, simultaneously hacking 11 channels as well as its website and social media accounts.
Experts say the cyber-attack represented a new level of sophistication for the Islamist group, which has claimed complex hacking before, but nothing as big as this. The Paris prosecutor’s office has opened a terrorism investigation into the attack.
The culture minister, Fleur Pellerin, said she would bring together all heads of big French TV companies as well as newspaper groups and the news agency Agence France-Presse within 24 hours “to assure myself of their vulnerable points, any risks that exist and the best way to deal with it”.
The interior minister, Bernard Cazeneuve, said France had already increased its anti-hacking measures to protect against cyber-attacks following January’s gun attacks on the satirical weekly Charlie Hebdo and the bloody hostage-taking at a Kosher grocery store in Paris, which left 17 people dead.
The prime minister, Manuel Valls, called the attack on TV5Monde “an unacceptable insult to freedom of information and expression”.
During the attack, the hackers posted documents on TV5Monde’s Facebook page purporting to be the identity cards and CVs of relatives of French soldiers involved in anti-Isis operations, along with threats against the troops.
“Soldiers of France, stay away from the Islamic State! You have the chance to save your families, take advantage of it,” read one message.
TV5Monde had regained control of its social networks by 2am on Thursday but said television broadcasts were likely to take hours, if not days, to return to normal. The station restored its signal later in the morning but was still only able to broadcast pre-recorded material.
At 6pm, TV5Monde had regained control of its social networks and television broadcasts had returned to normal, including live broadcasts.
The network’s director general, Yves Bigot, said its systems had been severely damaged and that hacking on this scale would have needed weeks of preparation.
He told RTL radio: “When you work in television and you hear that your 11 channels have been blacked out, it’s one of the most violent things that can happen to you. At the moment, we’re trying to analyse what happened: how this very powerful cyber-attack could happen when we have extremely powerful and certified firewalls.”
The cyber-attack on the station’s Paris headquarters completely shut down the computer systems – which run everything from email accounts to production equipment, including the servers used to broadcast TV5Monde’s television signals.
“This is a typical cyber-attack in today’s cyber landscape,” said Christophe Birkeland, vice-president of engineering at the US-based security firm Blue Coat Systems. “The initial infection is probably either someone’s stolen credentials, probably for remote networking access, or the installation of a remote administration tool used to access deeper and deeper levels of the network and attack systems. Both of these attacks typically use social engineering.”
Social engineering is the practice of tricking people into installing programs or giving up sensitive information, often via email or similar communications methods. Typically companies employ different zones within their computer networks to create a multilayered defence so that attackers cannot reach production systems, such as the computers that control broadcasting, even if they hack into a lower level of the network.
Reports indicate that TV5Monde did not use such tactics, making it easier for attackers to damage critical computers and equipment.
“Social engineering might be incredibly low-tech sometimes, but once you’ve got the compromise, most security systems are not set up to deal with the idea of someone using security credentials in a non-authorised way, which allows attackers to reach even the deepest, most secure sections of a corporate network, which is likely what has happened here,” said Robert Arandjelovic, also from Blue Coat Systems.
It is likely that this targeted attack by pro-Isis forces took weeks to implement, with multiple stages and attacks needed to take the French TV station offline.
“Typically you have difference phases in an attack like this. The first one would be identifying who has the necessary access to the systems to actually do harm. Infecting just some random computer generally isn’t enough. They go to unprecedented levels and a great deal of effort during the planning phase, researching the targets as apposed to actually hacking them,” said Birkeland and Arandjelovic.
“What we’re seeing here is real world impact, the disruption of critical infrastructure, access to information and an important part of a democratic society. The attackers are breaking new ground, and this might not be the last we hear of this. We could see a broader campaign, where TV5 was just one hit,” said Arandjelovic. “We’re seeing TV5 coming back online, but it’s entirely possible that they haven’t purged all traces of the attack from their systems and could still be compromised.”
The attack appears to have been orchestrated by the Isis hacking division, which took credit for alleged attacks resulting in the leak of personal information of US military personnel in March, prompting an investigation by the Pentagon. Hackers claiming to work on behalf of Isis have seized control of the Twitter accounts of other media groups, such as Newsweek, and in January they hacked into the Twitter page and YouTube site of the US military’s Central Command.
The message on the TV5Monde website had read in part “I am IS” with a banner by a group that called itself Cybercaliphate.
The hackers had accused the French president, François Hollande, of having committed “an unforgivable mistake” by getting involved in “a war that serves no purpose”.
“That’s why the French received the gifts of Charlie Hebdo and Hyper Cacher in January,” it said on the broadcaster’s Facebook page, referring to the bloody twin attacks by Islamist gunmen in Paris which traumatised France.
France is part of a US-led military coalition carrying out air strikes against Isis in Iraq and Syria, where the jihadi group has seized swaths of territory and declared a caliphate.
More than 1,500 French nationals have joined the militants’ ranks, where they represent almost half the number of European fighters present, according to a report released on Wednesday by the French senate.
View all comments >
comments (95)
Sign in or create your Guardian account to join the discussion.
This discussion is closed for comments.
We’re doing some maintenance right now. You can still read comments, but please come back later to add your own.
Commenting has been disabled for this account (why?)
Did viewers even notice any difference? After all, this is virulently anti-Israel, pro-arab, muslim pandering French TV. So, what's all the fuss about?
So, a few days ago when TV5Monde broadcast the movie Jacky au royaume des femmes (Jacky in the Kingdom of Women), a blistering parody of Gulf Arab countries, with men's and women's roles reversed, that was just window-dressing to hide how virulently pro-Arab and pro-Muslim French TV really is?
And by the way, viewers noticed. I have a friend who subscribes to TV5 Monde here in the States and he says it was down yesterday.
TV5 went off air last night between 8 and 9pm on all satellites eg Sky Ch 796, Hotbird and Astra. They broadcast on 11 satellites round the globe to Europe, USA Canada, South America, Africa and most Asian countries; so, Yes the viewers noticed. Their website and Facebook and Twitter sites were hacked and blocked. This morning they managed to get a common programme running during the morning after staff spent all night trying to repair the damage. They finally went fully live again this afternoon. The staff of TV5Monde deserve a huge round of applause for achieving the recovery so quickly.
Coverage of this attack in the UK has been pitiful. It is front page news everywhere else in Europe. If the Beeb had been attacked, and it still might be, we wouldn't hear the end of it. Online security has never been so much at risk, and we cannot be complacent thinking "it couldn't happen here'.
BBC won't get hacked,not with its apologist bias
Islamic State don't have the capability. Just as they don't have the capability to manufacture fleets of shiny new SUV's.
Just as the Sony hack was impossible, as described. Only Sony insiders knew how impossible.
I find it hilarious how many people still believe DPRK did that one. According to them, it went like this:
1) Kim Jong-Un gets offended (true)
2) He orders the hack (plausible)
3) Stuff is released and Sony shuts down the film distribution
4) The hacking stops
5) Sony brings the film back into the cinemas
6) Hacking doesn't continue
Point 6 makes no sense if DPRK did it, but makes perfect sense if Sony insiders did it, as they effectively got away with it and had no reason to expose themselves further.
Did they actually manage to broadcast anything?
I imagine that the network pulled the plug before anything actually aired.
If your going to "seize" a t.v station, you need hardware as well as software.
Must have had insider info if not person(s).
Le Pen's part will get a boost from this kind of actions.
Considering that the US and Saudi Arabia created ISIS, and still finance and control it, I suspect one should look to the NSA for this hack.
If the NSA could shut down all of North Korea's internet at a push of a button, why can it not shut down the access to the internet for ISIS?
Only logical answer -- It doesn't want to. America wants this chaos. America doesn't care if millions of innocents must die or enter concentration camps, so long as its lunatic scheme of profit through war continues.
Goofy troll.
Not really. He could be right here. The facts don't support the alleged hack.
The next logical step for the "bad-guys" is to use force to hold a tv station once it has been captured.
I wondered why Tele Matin wasn't on at 5.30 this morning, and it's replacement was a not very well chosen documentary about tree sloths in the Amazon, or some other such filler.
Thought there was another French tv technicians strike on again
Maybe the staff of TV5Monde deserve a round of applause for getting back up and running, but the head of IT systems at TV5Monde deserves a right kicking for this.
For someone to take control of the broadcast at transmitter level, is clumsy (but has been done before) but to knock out the channels at playout level, as someone says, needs in-depth knowledge at just how lax the dedicated lines around the control rooms at the channel actually were.
All the hallmarks of weak security holes in the systems littered in the transmission chain from ingest, to servers and to playout.
Absolutely - its beyond belief that the playout, & ingest servers or matrix might even be anywhere an open network.
I don't get why they can't just override the automation systems and hard patch if need be.
lol
They hacked a BBC live broadcast today. The footage is on Youtube.
Who? Who is this 'they.' Someone did. But let's stop being led here.
The Sony hack was an inside job. And I'm confident the French TV hack will turn out to be, at some level.
The question is, which insiders?
Yeah !! Strange use of language ,sounds more like something spewing
out from some smart cyberpunk..
'hacked'. when speaking about ISIS the word is apropos no? thankfully it was only a TV station.
ISIS is worse than Justin Bieber.
Seconded...........But it was pretty close!
Hey, cheer up, at least they didn't chop your head off.
There is ongoing radio station strike here with France Inter ( a bit like BBC radio4 ) and it now plays cool ambient music; which sounds a lot better than the previous serious 'talk talk' stuff. Now, if the jihadi/fanatics that hacked TV5 and did the same, it might have had more appeal than putting out their usual 'head chopping' nonsense!
Yeah the security guard with a Ruger Mini-14 is totally going to stop the hackers from breaching that firewall.
I expect to see heightened security at all t.v stations now.
Which will add to the sense of 1984ism for any employees, no doubt.
To date they are LRHI (Low-risk,High Impact, i'm sure someone can come up with a better abreviation though ;) ) targets for any would be rogue agent.
Or low-laying fruit so to speak.
I'm still waiting for nyan-cat's full 10-minute outing.
low hanging fruit,obi- ohnokinobi...
Why is there a government TV station in France? This is like Soviet Russia?
Nobody else's does it ......
It's not a governement TV station. It's one of many TV stations paid by the french state.
It seems close on your side of the Channel, but it's not on our.
Do you have any idea on how media work outside the U.S.? There are public TV channels in all countries. Never heard of BBC in the UK, Rai in Italy, TVE in Spain, the ARD network in Germany, NHK in Japan, CBC in Canada, ABC in Australia... ? All major networks in their countries and abroad. You know, everything doesn't have to belong to Murdoch.
This is an interesting real life experiment in seeing what happens when Western civilization pretends total war has not been declared and waged against it. Who knows, the strategy might work.
We call them apologists.
Hardly.
Look, someone pulled off a number of hacks, but that someone was almost certainly not IS.
I knew on day one that the Sony hack was impossible, as it was described. Therefore, I reasoned, something else was going on. The most probable explanation, I reasoned, was an insider at Sony.
As it turned out, it was a marketing stunt, dressed up as 'disgruntled' ex-employees, Sony were rolling out their online movie service and a desperate piece of shit comedy with a dubious premise. In creating a hack then selling the story as an attack on free speech by North Korea, they pushed the patriotism button, they turned a flop into a respectable success and launched their new direct download service in style. In other words viral marketing.
For example ask yourself a question, who benefits most from computer viruses? The answer is probably the major purveyor of viruses, one way or another.
Yes but thats a product site, rather than a site for TV, in otherwords information distribution owned by the French Government.
Its a grab for information control and to insert fear in peoples living rooms and remind them of their vulnerability.
So why could it not be IS?
Putting aside Sony, please explain specifically what it is that makes you suspect otherwise?
Because it certainly bears the signature of all their other atrocities.
"... to ascertain their vulnerable points, any risks that exist and the best way to deal with them". Fixed that for you. I get that you might not have mastered the French language, but don't the alarm bells go off when your English translation sounds incoherent?
I would start the investigation with their IT and Comm. TECH. employees. A multi-platform action such as this likely has an insider or 'State Sponsor' behind it, and I don't mean ISIS. Likelynthey aremcheap and sloppy, neglecting to do thorough background investigations on their staff.
I guess ISIS doesn't like French movies. Too much talking, not enough beheading.
Sexual immorality is a sin. Exterminate...
The comments above are some of the most fatuous on cif for a long while - purposefully blind to the implications and significance of this.
Explain please.
Imagine if it happened in the States where Im assuming you are from, on a well known station.
It intrudes right into the heart of French life, into peoples living rooms,reminding them which of their childrens/parents/friends are at risk - threatening them through the most public medium for all to see- the message is 'we can get in, you cant keep us out'.
It is utterly ruthless with no thought of consequence, as are all their acts.
Imbued with the concept of appocalypse, they act with no thought of loss and as yet with no apparent limit on how far they will go.
They are significantly more dangerous than the Taliban because the Taliban play a longer game, and by its very nature that allows for other factors to influence the situation.
But with IS it is immediate and so fast there is almost no time to react - Their modus operandi is that of the stormtroopers.
thank you. An excellent reply. Yes, I am from the US where we have an ocean to protect us. Of course we don't need ISIS we have our police, executing people on the spot.
How does one tell the difference between neocon-controlled media and ISIS TV? How will I know whether my local Fox Tee Vee affiliate has been hijacked by the mean-looking boys in black? Any telltale signs?
yeah.. theyll spout the same crap but tge clue is the bearss
I dunno, call me cynical but whenever something happens I just refer to it as justification.
What, where, who, when and why are all total mysteries to me.
Its probably just justification.
One hopes the post-hack analysis will lead to improvements in tech security.
I'm not worried about ISIS. Obama says they're the JV.
Post this one more time, and you'll get cut from the JVs.
As France has made a high profile response to Islamist terrorism in parts of Africa and the Middle East it has been and will be a target for Islamist attacks. France also has rather a lot of its citizens misguided enough to be fighting alongside the Islamists. It has untold numbers of Islamist sympathisers inside the country. Trouble is bound to arise as it has done on many fronts already. A good start has been made in dealing with Islamism at home and at source but a long hard struggle ahead remains. In the meantime the rest of the EU is hardly exempt from the problem. I fear we worry rather too much about the idiots leaving EU countries to fight and die for a daft but dangerous cause. We need to concentrate very much more on detaining and punishing any Islamists who attempt to return to EU countries after their forays abroad. Perhaps Mr Cameron's much delayed counting in and out could be of use in this area. At least there's a chance for a closer look at these buggers, where they're going to and coming from and just what they've been up to.
This makes sense; however, countries that colonised (and exploited) other countries are now bearing the brunt of the reciprocal visa arrangements. Too many shades of grey to do a neat head count without accepting that the West has made many potentially dangerous enemies due to occupying corrupt militant countries. The regime is bad but the people are good is not a mind-set met if you are a Christian or Shiite in Syria or certain parts of Africa. Furious and dispossessed people are seldom rational or just. We are witnessing a revolution with very foggy motives and goals. These buggers think that you're the bugger. Go figure. If anyone has a clue about containing this rampant virus they are sure keeping quiet.