French network’s broadcasts hacked by group claiming IS ties

Published 3:11 pm Thursday, April 9, 2015

PARIS (AP) — Hackers claiming allegiance to the Islamic State group simultaneously blacked out 11 channels of the French global TV network and took over its website and social media accounts on Thursday, in what appeared to be the most ambitious media attack so far by the extremist group.

Anti-terror prosecutors opened an investigation into the attack that began late Wednesday and blocked TV5 Monde from functioning part of the day Thursday. Operations were fully re-established Thursday evening.

France’s interior minister, while counseling caution until investigators find hard evidence, said the attack was likely a terrorist act. “Numerous elements converge to suggest the cause of this attack is, indeed, a terrorist act,” Bernard Cazeneuve said at a news conference.

France is “absolutely determined to catch those who want to strike at its heart,” the minister said.

The hackers briefly cut transmission of 11 channels belonging to TV5 Monde and took over its websites and social media accounts. The channel’s director, Yves Bigot, said the attack continued into Thursday. However, the station was able to broadcast its 6 p.m. live show, “64 Minutes.”

“We are no longer dark,” the station said.

The message on the TV5 Monde website read in part “I am IS” with a banner by a group that called itself Cybercaliphate.

Hackers operating under the name Cybercaliphate have carried out a string of attention-seeking attacks against media outlets — including several in the U.S. — since late last year. Even though the hackers express support for Islamic State and routinely use the group’s imagery in their attacks, it is difficult to know for sure whether they are genuine members, simple supporters or hackers with no link to IS. Experts who have followed Islamic State online communications say its supporters have regularly expressed interest in launching cyber-attacks at Western targets.

The Islamic State group has singled out France in the past for its role in the international coalition trying to defeat the extremists. In videos posted online, French-speaking IS fighters have urged their countrymen to travel to Syria and Iraq to join the militants, or to carry out attacks in France itself. This week’s hack appears to confirm the group’s intention and ability to target France and the West in different sectors.

Experts and a French official said the ability to black out a global television network represented a new level of sophistication for the group. French Culture Minister Fleur Pellerin warned other media outlets to be vigilant, saying another such attack cannot be excluded and may even be in the planning stages.

Bigot said he was shaken when he saw the black screen across the network’s broadcasts “and when we discovered the meaning of the message appearing on our social media and our websites, it both allowed us to understand what was happening and obviously worried us.”

Hackers claiming to work on behalf of the Islamic State have seized control of the Twitter accounts of other media, such as Newsweek, and in January they hacked into the Twitter page and YouTube site of the U.S. military’s Central Command.

TV5 Monde was founded by the French government in 1984 and calls itself the “worldwide French cultural channel.” It broadcasts news and other programs produced in France, Belgium, Switzerland and Canada. Its Facebook page says its signal reaches more than 257 million homes in over 200 countries and territories.

France is still under the shock of deadly January terrorist attacks in Paris against satirical newspaper Charlie Hebdo and a Jewish grocery store. Since then, officials say hackers have targeted some 19,000 French websites.

The editor of the French investigative website Breaking3zero, which tracked the January hacks, said the latest attack can be directly linked to two Islamic State-linked militants — one in Algeria who built the malicious software and another in Iraq who helped speed up the attack.

Within a half-hour, said William Reymond, the malware had burrowed in and exploited a weakness to enter the network’s computer system and take over its central transmission server, preventing the signal from being beamed to a satellite. He said TV5 Monde will have a hard time regaining full control.

“They have to erase everything. There were at least three other encrypted viruses,” he said.

Islamic State has singled out France in particular for attacks, but Reymond could not say whether it had a particular reason to target TV5 Monde.

A French security official said investigators would examine whether the attackers had found a hole in TV5 Monde’s information defense systems that was left unguarded, or whether those systems failed outright, which he said would be a more worrying development. The official was not authorized to be publicly named discussing sensitive security matters.

The hackers also claimed to have leaked files that included resumes, passport scans and government letters, according to an analysis by the SITE Intelligence Group.

It isn’t the first time that hackers have caused on-air mischief.

British security expert and commentator Graham Cluley said the incident was reminiscent of the Zotob worm, which hit computers at CNN’s New York bureau in 2005, disrupting programming.

Cluley noted that CNN appears to have been collateral damage. Zotob’s authors were “just trying to hit as many computers as possible.”

Britain-based cybersecurity specialist Rob Pritchard cautioned that the hackers who hit the French network could have unsuccessfully attempted similar attacks against others before cracking open TV5 Monde’s system.

He said taking a global network off the air was a new step.

“They might have targeted hundreds and hundreds of broadcasters and just got lucky with this one,” he said. “The hacking group might have realized they can cause more mayhem. It might embolden them and give them bigger ideas.”