French television network hacked by IS-linked group (+video)
The Islamic extremist group has claimed complex hackings before, but experts and a French official said the ability to black out a global television network represented a new level of sophistication for the group.
Paris — Hackers claiming allegiance to the Islamic State group seized control of a global French television network, simultaneously blacking out 11 channels and taking over the network's website and social media accounts. The attack appeared to be an unprecedented step in the extremist group's information warfare tactics.
The hackers briefly cut transmission of 11 channels belonging to TV5 Monde and took over its websites and social media accounts starting Wednesday night. The channel's director, Yves Bigot, said the attack was continuing Thursday. He told RTL radio that the network has restored its signal but can only broadcast recorded programs.
The Islamic extremist group has claimed complex hackings before, but experts and a French official said the ability to black out a global television network represented a new level of sophistication for the group. The Paris prosecutor's office said Thursday it has opened a terrorism investigation into the attack.
Bigot said he was shaken when he saw the black screen across the network's broadcasts "and when we discovered the sense of the message appearing on our social media and our websites, it both allowed us to understand what was happening and obviously worried us."
The message on the TV5 Monde website read in part "I am IS" with a banner by a group that called itself Cybercaliphate. It was replaced later Thursday by a simple message saying that it was undergoing maintenance.
Hackers claiming to work on behalf of the Islamic State have seized control of the Twitter accounts of other media, such as Newsweek, and in January they hacked into the Twitter page and YouTube site of the US military's Central Command.
Prime Minister Manuel Valls, on his Twitter account, called the attack "an unacceptable insult to freedom of information and expression," and French government ministers visited the channel's Paris headquarters Thursday.
TV5 Monde, which was founded by the French government in 1984 and calls itself the "worldwide French cultural channel," broadcasts news and other programs produced in France, Belgium, Switzerland and Canada. Its Facebook page says its signal reaches more than 257 million homes in over 200 countries and territories.
After January terrorist attacks in France by gunmen claiming links to the Islamic State group and Al Qaeda in Yemen, officials said hackers had targeted some 19,000 French websites. William Reymond, editor of the French investigative website Breaking3zero, which traced the January hackings, said the latest attack can be directly linked to two Islamic State-linked militants — one in Algeria who built the malicious software and another in Iraq who helped speed up the attack.
Within a half-hour, he said, the malware had burrowed in and exploited a weakness to enter the network's computer system and take over its central transmission server, preventing the signal from being beamed to a satellite. He said TV5 Monde will have a hard time regaining full control.
"They have to erase everything. There were at least three other encrypted viruses," he said.
Islamic State has called out France in particular for attacks, but Reymond could not say whether they had a particular reason to target TV5 Monde.
A French security official said investigators would examine whether the attackers had found a hole in TV5 Monde's information defense systems that was left unguarded, or whether those systems failed outright, which he said would be a more worrying development. The official was not authorized to be publicly named discussing sensitive security matters.
The hackers also claimed to have leaked files that included resumes, passport scans and government letters, according to an analysis by the SITE Intelligence Group.
It isn't the first time that hackers have caused on-air mischief.
British security expert and commentator Graham Cluley said the incident was reminiscent of the Zotob worm, which hit computers at CNN's New York bureau in 2005, disrupting programming.
Cluley noted that CNN appears to have been collateral damage. Zotob's authors were "just trying to hit as many computers as possible."
Britain-based cybersecurity specialist Rob Pritchard cautioned that the hackers who hit the French network could have unsuccessfully attempted similar attacks against others before cracking open TV5 Monde's system.
He said taking a global network off the air was a new step.
"They might have targeted hundreds and hundreds of broadcasters and just got lucky with this one," he said. "The hacking group might have realized they can cause more mayhem. It might embolden them and give them bigger ideas."
TV5 had recently upgraded to an automated high-definition broadcast platform run by Ericsson, according to a promotional video posted to the web by the Swedish company earlier this month. TV5 official Alexis Renard said in the video: "Everything is managed by this new system. There is no surprise. It works."