Yes, U.S. did hack Elysée Palace in 2012, French ex-spy says

Bernard Barbier, a former head of the French signals intelligence service, shared a few stories with students of CentraleSupélec, the elite engineering school from which he graduated in 1976, at a symposium this summer.

There was that time he caught the U.S. National Security Agency delving into computers at the Elysée Palace, residence of the French president, for example. And flew to Washington to tell them they’d been found out. Or when the Canadians said they — and the Iranians, the Spaniards, the Algerians and a few others — had all been hacked by a Frenchman, and they were totally right, although the French government denied it.

These little confessions to the members of a student association at his old school, though, have reached a somewhat larger audience than he may have planned on.

The discussion on June 2 was recorded — from the front row, so he must surely have been aware — and found its way onto YouTube later that month. There it lay, largely unremarked, until last weekend when a reporter for French newspaper Le Monde found it and published transcripts of large parts of it. Almost immediately, the original video was taken down. Another has appeared, although the sound has been doctored, purportedly to improve the audio quality.

Barbier’s revelations can’t really be called a scoop, as the Canadian and Elysée hacks had been widely reported. They have, however, never been officially confirmed.

Until he left to join IT consulting firm Sogeti in 2013, Barbier was head of the signals intelligence division of the French Directorate-General of External Security (DGSE), a post he had occupied since 2006. During that time, he was responsible for transforming the DGSE’s spying activities into a tool for mass surveillance. Before that, he had alternated between roles at the French Commission for Atomic Energy and Alternative Energies (CEA) and other posts at the DGSE.

The students quizzed him about two events in particular.

The first concerned the run-up to the 2012 French presidential election, when the DGSE found malware on computers at the presidential residence, the Elysée Palace.

Two years previously, that same malware had been used in an attack on the European Commission, he told them.

By 2012, the DGSE had the means at its disposal to identify the origin of the new attack, Barbier said. He concluded that it could only have been the U.S., and using a technique that, thanks to Edward Snowden, we now know as Quantum Insert.

The following year, he said, the new president sent him to Washington to complain to the director of the NSA, Keith Alexander.

“We were sure it was them. Alexander wasn’t happy. In the end, he said, ‘Bernard, well done. … You French are good,’ meaning he thought we’d never catch them,” Barbier told the students.

Later that year, he heard that Le Monde had obtained an NSA briefing document about him that had been prepared for that meeting and was planning to publish it.

Barbier asked an NSA contact in Paris to give him a copy of the briefing document. “He said ‘I can’t, it’s top secret, only President Obama can declassify it.’ I said ‘Don’t mess around, six million Frenchmen are going to see it soon, and I can’t?’ I finally saw it one day before Le Monde published it,” he told the students.

Another 2013 story in Le Monde concerned a cyber-attack on Iran’s nuclear installations, which also targeted computers in Canada, Spain, Greece, Norway, Algeria and Ivory Coast. In a note leaked by Snowden, Canadian officials said they were fairly certain that the attack had been mounted by a French intelligence agency. The French government denied any involvement.

But at his old school, Barbier said that when the Canadians reverse-engineered the malware, they found that its programmer had nicknamed it “Babar” and signed it “Titi,” two clues that led them to believe he was French.

“And he was,” said Barbier, without acknowledging which agency, if any, the programmer worked for.

Security researchers later were able to link Babar to other families of malware, known as Bunny, Casper, Dino, NBot and Tafacalou.

With so many of these affairs hinted at or revealed by Snowden’s leaks, it was inevitable that one of the students would ask him what he thought of the former NSA contractor turned whistleblower.

“Snowden totally betrayed his country,” Barbier said, but with his revelations about allies spying on one another and the hacking by the U.S. of networking equipment from the likes of Cisco Systems, “Snowden helped us, on the whole.”