Cyberattack during the Paris G20 Summit

The cyberattack during the Paris G20 Summit refers to an event that took place shortly before the beginning of the G20 Summit held in Paris, France in February 2011. This summit was a Group of 20 conference held at the level of governance of the finance ministers and central bank governors (as opposed to the 6th G20 summit later that year, held in Cannes and involving the heads of government).

Unlike other well-known cyberattacks, such as the 2009 attacks affecting South Korean/American government, news media and financial websites, or the 2007 cyberattacks on Estonia, the attack that took place during the Paris G20 Summit was not a DDoS style attack. Instead, these attacks involved the proliferation of an email with a malware attachment, which permitted access to the infected computer.

Cyber attacks in France generally include attacks on websites by DDoS attacks as well as malware. Attacks have so far been to the civil and private sectors instead of the military.

Like the UK, Germany and many other European nations, France has been proactive in cyber defence and cyber security in recent years. The White Paper on Defence and National Security proclaimed cyberattacks as "one of the main threats to the national territory" and "made prevention and reaction to cyberattacks a major priority in the organisation of national security". This led to the creation of the French Agency for National Security of Information Systems (ANSSI) in 2009. ANSSI's workforce will be increased to a workforce of 350 by the end of 2013. In comparison, the equivalent English and German departments boast between 500 and 700 people.

Attacks in December 2010-January 2011
The attacks began in December with an email sent around the French Ministry of Finance. The email's attachment was a 'Trojan Horse' type consisting of a pdf document with embedded malware. Once accessed, the virus infected the computers of some of the government's senior officials as well as forwarding the offensive email on to others. The attack infected approximately 150 of the finance ministry's 170,000 computers. While access to the computers at the highest levels of office of infiltrated departments was successfully blocked, most of the owners of infiltrated computers worked on the G20.

The attack was noticed when "strange movements were detected in the e-mail system". Following this, ANSSI monitored the situation for a further several weeks.

Reportedly, the intrusion only targeted the exfiltration of G20 documents. Tax and financial information and other sensitive information for individuals, which is also located in the Ministry of Finance's servers, was left alone as it circulates only on an intranet accessible only within the ministry.

The attack was reported in news media only after the conclusion of the summit in February 2011, but was discovered a month prior in January.

Perpetrators
While the nationalities of the hackers are unknown, the operation was "probably led by an Asian country". The head of ANSSI, Patrick Pailloux, said the perpetrators were "determined professionals and organised" although no further identification of the hackers was made.