ISIS hackers take control of French TV station

News by Doug Drinkwater

Hackers claiming to be closely associated with ISIS took French TV station TV5Monde offline for hours and defaced its social media sites earlier today.

Also in:

Hackers claiming to be part of 'Cyber Caliphate', which has previously hacked Newsweek and taken over the social media accounts of the US CENTCOM, reportedly compromised the TV network, took charge of its Facebook accounts and even uploaded photos which it claimed were of personal IDs and CVs of the relatives of French soldiers participating in the campaign against ISIS.

After around three hours of no service, broadcast resumed on early Thursday morning (although initially the network was only airing pre-recorded material), with social media networks back in control by around 2am GMT.   Director general Yves Bigot called it an “unprecedented” attack.

“We are no longer able to broadcast any of our channels. Our websites and social media sites are no longer under our control and are all displaying claims of responsibility by Islamic State,” Bigot told Agence France-Presse (AFP). He later claimed the network regained control of its website and Facebook page, although TV broadcasts took longer to return to normal.

“The CyberCaliphate continues its cyber-jihad against the enemies of Islamic State,” read one of the hacker group's messages on the network's Facebook page. “Soldiers of France, stay away from the Islamic State! You have the chance to save your families, take advantage of it.” The threats were reportedly displayed in French, Arabic and English.

Hackers also accused French President Francois Hollande of committing a “grave mistake” by getting involved in the war against ISIS, AFP reported. France is part of an international coalition carrying out airstrikes on ISIS targets in Iraq and Syria.

Although the point or points of compromise remain unknown at this time, it has been said online that hackers logged in with a privileged user account, taking control of the network's server. At this point, they changed passwords for normal admins and stopped services.

Some industry commentators speculated on Twitter that the security hole may have come as a result of Ericsson providing a new broadcast platform for TV5Monde. The TV network didn't respond to our requests for comments on this at the time of writing.

Adrian Culley, an independent security consultant and former Met Police Computer Crime Unit detective, told SCMagazineUK.com that the hack pointed to more than one compromises, spoke of social media being used for an ‘asymmetrical war' and highlighted the significance of the attack.

“This, to my knowledge, is the first time there's been mention of a cyber-terrorist attack…This is a game-changer, it's unprecedented.”

He added that the attack proved there was ‘clearly no plan B as far as business continuity is concerned' and said that TV networks would continue to be targets in the move to digital transmission.

But, of most concern, he said that the UK should take note as 80 percent of critical national infrastructure is owned by commercial companies, with TV broadcasting part of that percentage.

“There are no ways about it, this is an attack on the critical national infrastructure in France, and the question should follow – are we any better?”

Cedric Pernet, senior threat researcher at Trend Micro, said in an email to SC: “This attack is very interesting. It shows once again that the media is  more and more targeted by hostile groups of hackers who use targeted attacks as a way to protest and forward their messages to massive amounts of people.”

He added that while the details of the attack were largely unknown, the clean-up operation will take time.

“It must have taken some time to get all the necessary credentials for all social networks used by TV5; this is not something you can do in five minutes. There is some reconnaissance/data gathering prior to the compromise, even if only to target the "right person" who potentially owns all these credentials.

“We will unfortunately probably see more of this kind of attacks in the future, I just hope that it will open more CISO's eyes and raise more awareness (and budget) on fighting this kind of threat.”

David Lacey, an independent security consultant former CISO at the Royal Mail, added: “This type of attack should come as no surprise. Television networks are obvious, high-profile targets for terrorists and hacktivists. Denial of service attacks are easy to mount and can be tricky to block if you're not prepared. But they can be successfully countered with smart network architecture, capacity planning, and contingency plans.

“Over-provisioning is a sensible strategy if you're likely to be attacked, as bandwidth requirements are always growing, and the more you buy the cheaper it gets.”

Edward Parsons, senior manager at KPMG's cyber security practice said in an email to journalists that this latest politically-motivated attack demonstrated how technical non-state powers can be.

Until recently the most effective attacks have been conducted by groups closely aligned to state powers, with the recent attacks on US media outlets and financial institutions serving as an example of this. Unfortunately the capabilities and infrastructure previously reserved for nation states and their proxies have been commoditised and made available to all in online criminal marketplaces.”

He added: "Companies need to protect themselves from similar incidents by treating corporate social media accounts with the same governance and protection as you would apply to any corporate account.  They must also ensure that internet facing services are patched regularly to remediate vulnerabilities that could be exploited in an attack, furthermore there needs to be a tried and tested response mechanism in place."

This news comes months after the Charlie Hebdo attack, the aftermath of which saw Islamic State sympathisers launch attacks against thousands of websites, mainly by exploiting CMS flaws.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events