The United States has been accused by a French news magazine of using malware similar to the Flame virus to break into the computer network of France's presidential palace in the final weeks of Nicolas Sarkozy's presidency.

Flame virus

L'Express, a 59-year-old French publication, said a cyber war agency, whose job it is to detect and prevent hacking, had found a "powerful worm" in the Elysee Palace computer network.

The publication added that hackers were able to search the contents of computers belonging to Sarkozy's advisor Xavier Musca, and steal political and strategical secrets.

While the palace has confirmed that a cyber attack did take place, the US Embassy in Paris has denied any involvement in the allegations. "We categorically refute allegations of unidentified sources," Mitchell Moss, Embassy spokesperson, told L'Express, adding:

"France is one of our best allies. Our cooperation is remarkable in the areas of intelligence, law enforcement and cyber defense. It has never been so good and remains essential to achieve our common fight against extremist threat."

Quoting an anonymous source who is apparently close to the investigation L'Express said that the hack was probably the result of France's numerous political and economic agreements with countries in the Middle East, and how they could be affected during a political transition, such as a change in presidency.

The source said: "You can be on very good terms with a 'friendly' country and still want to guarantee their unwavering support - especially during a transition period," referring to the replacement of Sarkozy by Francois Hollande in May this year.


US Homeland Security secretary Janet Napolitano told L'Express: "We have no greater partner than France, we have no greater ally than France. We cooperate in many security-related areas. I am here to further reinforce those ties and create new ones."

The news magazine claims that the attackers searched Facebook to find targets that were working inside the presidential palace and then connected to them through the social network.

Following some social engineering to learn more about the targets, the attackers are said to have sent their victims links to a fake Elysee intranet page, from which their login details were stolen.

With these usernames and passwords, the hackers were then able to legitimately access the palace computer network and search around until they found Musca's computer - Sarkozy was spared due to not having a personal machine.


Malware, believed to have similar functionality to the Flame virus was then installed onto the network. The malware was discovered shortly after the second round of voting for the presidential elections on 6 May, and it took France's security agency, Anssi, three days to remove it, L'Express reports.

Flame was discovered by Kaspersky Lab's experts in May and is the most advanced piece of malware ever discovered. The malware can steal information from infected machines and send it back to command-and-control servers located all over the world.

It is also able to connect to mobile phones within range of the infected PCs via Bluetooth and steal address book information. Those in control of the Flame malware were also able to switch on and off a PC's microphone to record conversations going on within earshot of the computers.

Security expert at F-Secure, Mikko Hypponen said on Twitter that he doubts the US was using Flame to attack the French authorities: "I have [a] hard time believing they would have used Flame in this case. It just doesn't add up and there's no proof whatsoever in the article that it would have been Flame."

According to the experts at Kaspersky Labs, Flame can "steal valuable information, including but not limited to computer display contents, information about targeted systems, stored files, contact data and even audio conversations."

The security firm believes that Flame has been in operation since August 2010, collecting data in countries such as Israel and Iran, and although it believes the malware was state-sponsored, it could not be sure of its exact origins.