Hackers Target French Government Computers For G20

An anonymous reader wrote in to say that "IT staff spent the weekend in a massive cleaning effort to remove traces of a 'spectacular' attack on computers at Bercy, the head office of the French Ministry of Economy, Finance and Industry, a government minister said Monday."

lulz

link to data dump please!!!

France surrenders

France surrenders

Re:France surrenders

So did the Minbari.

Re:France surrenders

Ha ha! It's funny because in WWII France surrendered to the Nazis just like the rest of Europe... Ha Ha! Good thing for you they didn't surrender in 1776.

Re:France surrenders

[stealth_finger]

Ha ha! It's funny because in WWII France surrendered to the Nazis just like the rest of Europe... Ha Ha!

Ahem, not EVERY European country surrendered, and most of the rest were beaten.

Re:France surrenders

Is that all ? We are on Slashdot and the most prominent post is just on old racist joke ? How outrageous.

Re:France surrenders

[McTickles]

It is sad really, but it is american humour for you... Old, repetitive and egocentric.

Re:France surrenders

[NetNed]

YEAH! Cause I would never think of the French ever being egocentric!

Their "humour" is Jerry Lewis and that guy is funny! Oh......wait.......no he isn't? The french are some of the rudest, most egocentric people on earth??? Oh, well........at least they got that toast thing going for them. What's not to love about french toast, unless you have a egg allergy or a wheat allergy? Well they did bring us the LE CAR. Those Yogo's had nothing on them LE CARS!

Re:France surrenders

[onefineline]

This is modded "Troll", but its parent isn't? IMO, the parent is way more of a troll than this.

God forbid someone makes a sarcastic comment in reponse to a tired and idiotic statement about France's surrender in WWII. Hey, since we're at it, how about some more!...

Switzerland doesn't surrender because they're a "neutral" country that profits off of the massacre of Jews!

The British resist because of their geographic isolation from the of the European mainland!

Wow, the hilarity never stops!

Re:France surrenders

YEAH! Cause I would never think of the French ever being egocentric!

Their "humour" is Jerry Lewis and that guy is funny! Oh......wait.......no he isn't? The french are some of the rudest, most egocentric people on earth??? Oh, well........at least they got that toast thing going for them. What's not to love about french toast, unless you have a egg allergy or a wheat allergy? Well they did bring us the LE CAR. Those Yogo's had nothing on them LE CARS!

Your lack of knowledge is very laughable. I bet somewhere else in the world there is another idiot who believes that people who live in the USA are all the same, with whatever the traits that are at his own disposal. I don't know where your stories about eggs come from, but it is not a French habit. Maybe you are misleading with another country. Really, I have no idea of the source of your prejudices. Whatever, the result in history is always the same: cultivated and intelligent people will always pay for the lack of culture from people like you. I just hope you'll learn a little bit, but I don't believe you are able to change without help.

Re:France surrenders

[Atroxodisse]

But...but...but...surrender monkeys? Come on, its not like only a couple centuries previous they had an Empire that spanned all of Europe....created the symbol of liberty of the United States and if not for their help the colonists would never have defeated the British. ... ...
Wuuuuut?

History is HARD!

Re:France surrenders

and french fries, homes. And douches.

Ministry of Redundancy Ministry

IT staff spent the weekend in a massive cleaning to remove traces of 'spectacular' attack on computer at Bercy, headoffice of the French Ministry of Economy, Finance and Industry Ministry, a government minister said Monday."

I think I see the problem. Too many ministers, not enough IT people.

Re:Ministry of Redundancy Ministry

And the current MOTD is

You are a very redundant person, that's what kind of person you are.

Re:Ministry of Redundancy Ministry

[AndrewNeo]

MOTD? Ministry of the Day?

Ministry of Economy, Finance, and Industry Ministr

[Samantha+Wright]

French Ministry of Economy, Finance, and Industry Ministry of Economy, Finance, and Industry Ministry of Economy, Finance, and Industry Ministry.
What are we going to do with all of these ministries? Are IT staff going to spend the weekend in a massive cleaning to remove traces of 'spectacular' redundancy, too?

Remove traces?

Sorry what? It's not like they TP'd the office.

Good luck with that.

Next time, don't let him fill the glass.

[girlintraining]

This begs the question of why these systems were connected to the internet directly in the first place. "cyber" attacks like this aren't effective if there's no way to make a connection back to the outside world. In laymen's terms (and horribly abusing grammar in the process) -- bring the internet home, but don't trust him alone with the wine!

Re:Next time, don't let him fill the glass.

[mlts]

The answer is more of the opposite -- how can one not be connected. Yes, VPNs might be an answer, but all it takes is for one blackhat to compromise some suit's laptop with an evil maid attack, and they can easily bypass that.

It would be ideal if we had backbones similar to NIPRnet and SIPRnet, but pretty much you either completely air gap and deal with the consequences of having no connectivity, or you bring everything online and hope your firewall/IDS/IPS/host security is up to snuff.

The best one can really hope for is to bring eggs into a well secured basket (IBM sysplex on the high end for example), as opposed to having many machines with sensitive data (PII, accounts payable/receivable, etc.) that need to be hardened and protected via the network.

Re:Next time, don't let him fill the glass.

[girlintraining]

The answer is more of the opposite -- how can one not be connected.

The usual answer here is to put one machine in the DMZ, very locked down, that only has one role to fill (in this case, email). The rest have no business being directly connected.

Re:Next time, don't let him fill the glass.

[mlts]

That is true. However, even though routers are highly secure, they can become points of attack, especially if there are a lot of compromised PCs, and one belongs to the LAN admin, where he types the enable secrets on.

Of course, SecurID helps in this department to mitigate an enterprise-wide botnet infection, but it is still a note to consider.

slow news day

It would be news if some organization attracted no attacks whatsoever.

Re:Ministry of Economy, Finance, and Industry Mini

No, acually, there is only one ministry and its name is "of Economy, Finance and Industry".
It's because ministers love long title in France...

Re:Ministry of Economy, Finance, and Industry Mini

[BisexualPuppy]

"French Ministry of Economy, Finance, and Industry Ministry of Economy, Finance, and Industry Ministry of Economy, Finance, and Industry Ministry.
What are we going to do with all of these ministries? Are IT staff going to spend the weekend in a massive cleaning to remove traces of 'spectacular' redundancy, too?"

My preferred one is :
"Secretaire d'Etat aupres de la ministre de l'Economie, des Finances et de l'Industrie, charge du Commerce, de l'Artisanat, des Petites et Moyennes entreprises, du Tourisme, des Services, des Professions liberales et de la Consommation"
That's ONE guy (no need to translate, most of the words are english-ready, apart from 'small and middle sized companies'). And they *really* call him like that *everytime* it appears in the senate (often).

I am french and

[e70838]

I am always very disappointed by the level of IT illiteracy of our political class (ministers, deputy, president, ...).
They all know the minimum needed to use blogs and social networks for propaganda, and this gives them the illusion that they understand enough to legiferate about all the problems of internet.
All the french political discourse about internet contain so many mistakes (except when it comes to lobby support), that the conclusions are always illogival and incoherent.
When the bigger problem is in front of the screen, anything becomes an easy target for hackers.
For me, the main problem is not the attack, but the effect it will have on their poor understanding of internet ?
When will they learn something or get more stupid certitudes ?

Re:I am french and

[mtremsal]

Actually they have a very good understanding of what happened in this case.
It's nothing spectacular.
In the past some serious leaks and attacks happened with pretty much nobody paying attention.
This here is a publicity stunt of an old hack by the ANSI (Agence Nationale de la Sécurité Informatique - National Agency for IT Security) saying :
- Since we now have more important prerogatives (very recent change) this kind of attack won't happen again
- Also, we need more money
- And, that will teach you about not following our recommendation. Next time you WILL use an open source alternative to Adobe Reader.
Smart move but the tech part of the story is irrelevant.

"Spectacular" my ass

[DigiShaman]

Most like what *really* happened was that a default or weak password was left in place. That, and the servers weren't patched with security updates. By claiming "Spectacular", it makes it sound like their IT group wasn't so incompetent and that it could have happened to anyone. Ya well, well just have to see as the story continues to unfold, if at all.

Re:"Spectacular" my ass

[Schmorgluck]

Well, considering the attack was initiated through spoofed e-mails with malignant attachments that installed trojans, there is something spectacular to it: the inanity of the security schemes, and the ignorance of the users.

Re:"Spectacular" my ass

[bruneliv]

I definitely heard of "lemotdepasse" being used by people afraid to forget their passwords.

Re:"Spectacular" my ass

[eriqk]

I thought the password was "espadon"?

My First Thought Was...

[Kozar_The_Malignant]

Why the hell are they attacking a damn grocery store? Granted the whole supremarché idea is subversive to French culture, but still, why not pick on Franprix? Is G20 more evil in some way that escapes me? Granted their bread and cheese suck, but they have an excellent selection of € 2.00 wines.

Re:My First Thought Was...

Ahah ! You sir, win at humor !

IT Security Budget?

From TFA:
"This is just one more incident, a confirmation that we, too, need to protect our IT systems"

Wouldn't that money be better spent on Office 2010?

Re:Ministry of Economy, Finance, and Industry Mini

[mcneely.mike]

des Professions liberales et de la Consommation>

They have Professional Liberals who look in on you while you consummate your marriage?
Do they give advice too?

Harder, she likes it like zis. Now, put zee handcuffs on her.

Re:Ministry of Economy, Finance, and Industry Mini

[canajin56]

"All of these ministries"? I only see one named. Sure, you copy & pasted it 3.25 times, but it's the same name each time.

Re:Ministry of Economy, Finance, and Industry Mini

"professions libérales" != "professional liberals" (liberals that are professional)
In France, a "profession liberal" is someone whose income is not salary based and who is not a farmer. Attorney/lawyer, physician, pharmacist, entrepreneur...

Old news???

[Endophage]

Why does it have, in small text just under the title "ADDED JAN 6, 2010, UNDER: TECH NEWS". Has this actually been scraped from somewhere else and only just been put up on that site?

Re:Old news???

Appears so!

What kind of systems?

[bl8n8r]

Just wondering if these were mac, solaris, linux or windows servers that were cracked. Anyone know?

Re:What kind of systems?

it was the evil combination : Windows/Adobe Reader/Internet Explorer/IIS
Initial attack hacked into with a crafted evil PDF

Re:Ministry of Economy, Finance, and Industry Mini

[bruneliv]

Harder, she likes it like zis. Now, put zee handcuffs on her.

that was a good one.. I almost choked on my baked beans.
Anyway I think this is beautiful - maybe I'm being naive but if an important ministry gets attacked (either by smart black hats or just through tedious social engineering or whatever in between) then I would expect political pressure to eventually apply (through public opinion) to make sure this sort of embarrassment does not happen repeatedly, or not too often. So I think this is one step in the right direction, even if it might take a few catastrophes to actually get there.

Re:Ministry of Economy, Finance, and Industry Mini

[Samantha+Wright]

Not quite—when the article was posted, we had the French Ministry of Economy, Finance and Industry Ministry.

Re:Ministry of Economy, Finance, and Industry Mini

[Samantha+Wright]

Not quite—when the article was posted, we had the French Ministry of Economy, Finance and Industry Ministry. Standard complaints about breathtaking Slashdot editing. It was also originally "evidence of 'spectacular' attack", not "evidence of a 'spectacular attack".
But feel free to retro-nitpick as if it makes sense!

Re:Ministry of Economy, Finance, and Industry Mini

It is just a bad translation. I don't really speak or write English (what you read now is Swedish with pre-18th century spelling, restricted to a vocabulary of a 5 yr. old and a case of really bad grammar) or understand French that well (what I do undertsand, I understand by its similarities to Swedish, I've never learned French at school). But I think a somewhat better translation would be: Parliament Secretary to the Minister of Economy, Finance and Industry, responsible for trade, craft, small and medium enterprises, tourism, services, professional and consumer organizations .

French people love long and fancy titles even more then USians.

Re:Ministry of Economy, Finance, and Industry Mini

Parliament Secretary to the Minister of Economy, Finance and Industry, responsible for trade, craft, small and medium enterprises, tourism, services, professional and consumer organizations

Damn, "minister" should be "ministry". My brain hate jumping between languages.

Espadon

[Dr.+A.+van+Code]

Nice. I award you full marx for that one. :)