How France’s TV5 was al­most de­stroyed by ‘Rus­sian hack­ers’

Malta Independent - - TECHNOLOGY -

A pow­er­ful cy­ber-at­tack came close to de­stroy­ing a French TV net­work, its di­rec­tor-gen­eral has said.

TV5Monde was taken off air in April 2015. A group call­ing it­self the Cy­ber Caliphate, linked to so­called Is­lamic State, first claimed re­spon­si­bil­ity.

But an in­ves­ti­ga­tion now sug­gests the at­tack was in fact car­ried out by a group of Rus­sian hack­ers.

The at­tack used highly tar­geted ma­li­cious soft­ware to de­stroy the TV net­work’s sys­tems.

Wed­nes­day 8 April was a big day for Yves Bigot, the di­rec­tor­gen­eral of TV5Monde.

His net­work, which broad­casts around the world, had just launched its lat­est chan­nel. French min­is­ters had been in at­ten­dance at the Paris headquarters.

That evening Mr Bigot went for din­ner to cel­e­brate with a coun­ter­part from Ra­dio Canada.

Just as they were be­ing served their ap­pe­tis­ers at 8:40pm lo­cal time, a flood of texts and calls in­formed him that all 12 chan­nels had gone off air.

“It’s the worst thing that can hap­pen to you in tele­vi­sion,” Mr Bigot saidin his Paris of­fice.

It quickly be­came clear that the net­work had been sub­ject to a se­ri­ous cy­ber-at­tack.

“We were a cou­ple of hours from hav­ing the whole sta­tion gone for good.”

It was a race against time - more sys­tems were cor­rupted with ev­ery pass­ing minute. Any sub­stan­tial de­lay would have led satel­lite distribution chan­nels to can­cel their con­tracts, plac­ing the en­tire com­pany in jeop­ardy.

“We were saved from to­tal de­struc­tion by the fact we had launched the chan­nel that day and the tech­ni­cians were there,” said Mr Bigot.

“One of them was able to lo­cate the very ma­chine where the at­tack was tak­ing place and he was able to cut out this ma­chine from the in­ter­net and it stopped the at­tack.”

At 05:25 lo­cal time, one chan­nel was re­stored. Oth­ers fol­lowed later that morn­ing.

“We owe a lot to the en­gi­neer who un­plugged that par­tic­u­lar ma­chine. He is a hero here,” Mr Bigot said.

The at­tack was far more so­phis­ti­cated and tar­geted than re­ported at the time. The per­pe­tra­tors had first pen­e­trated the net­work on 23 Jan­uary.

They car­ried out re­con­nais­sance of TV5Monde to un­der­stand the way in which it broad­cast its sig­nals. They then fab­ri­cated be­spoke ma­li­cious soft­ware to cor­rupt and de­stroy the in­ter­net­con­nected hard­ware that con­trolled the TV sta­tion’s op­er­a­tions - such as the en­coder sys­tems used to trans­mit pro­grammes.

The at­tack­ers used seven dif­fer­ent points of en­try. Not all of them were part of TV5Monde or in France. In one case, a com­pany based in the Nether­lands was tar­geted be­cause it sup­plied the re­mote con­trolled cam­eras used in TV5’s stu­dios.

At 8:40pm lo­cal time - when the first calls were made - the peo­ple in charge of dig­i­tal con­tent at the broad­caster told Mr Bigot that mes­sages had been posted on the chan­nel’s Twitter and Face­book pages.

The hack­ers said they were from a group call­ing them­selves the Cy­ber Caliphate, and made threats against France. It was only a few months since the Charlie Hebdo at­tacks and it seemed this could have been a fol­low-up strike by so-called Is­lamic State.

But as the in­ves­ti­ga­tion by French au­thor­i­ties be­gan, a dif­fer­ent pic­ture be­gan to emerge.

France’s cy­ber-agency told Mr Bigot to be care­ful about link­ing the in­ci­dent di­rectly to IS - in­stead he was ad­vised to say only that the mes­sages claimed to be from IS.

The in­ves­ti­ga­tors had come to be­lieve that the at­tack­ers had used the ji­hadist posts to try to cover their tracks.

Mr Bigot was later told ev­i­dence had been found that his net­work had been at­tacked by a group of Rus­sian hack­ers, who are known as APT 28.

“I have ab­so­lutely no idea,” said Mr Bigot, when asked why TV5Monde had been tar­geted.

He ex­plained that the in­ves­ti­ga­tors had only been able to prove two things.

Firstly, that the at­tack was de­signed to de­stroy the chan­nel, and sec­ondly, that it was linked to APT 28.

“There are two things that the in­ves­ti­ga­tion won’t prob­a­bly be able to achieve,” he added.

Newspapers in English

Newspapers from Malta

© PressReader. All rights reserved.