France Is Hemorrhaging Sensitive Data, And People Are Beginning To Notice
A series of leaks raises the question of whether French authorities can be trusted to protect sensitive information.
PARIS — Security failings, including a series of leaks of sensitive information, are bedeviling French officials, who fear the country is failing to protect its security forces from criminal gangs, terrorist groups, and hostile foreign powers.
The most recent case was revealed last week when a top aide to Parliament was arrested and charged with spying for North Korea. That case came after a French intelligence officer was charged with selling confidential information to organized crime groups, an ISIS member was found with a thumb drive loaded with confidential information about 7,000 French police officers, and recently unsealed documents revealed that a French police officer had helped obtain a fake ID that was used to help raise money for a ring that provided financing to the suspected organizer of the November 2015 attacks in Paris that killed 130 people.
The incidents have battered French law enforcement and intelligence communities over the past two years, but have received little public attention. Still, the sheer number of incidents is now raising questions about how vulnerable France’s institutions are to infiltration.
“It’s insane,” said one French police official with close ties to the intelligence services. “We have North Koreans infiltrating the French Senate, a member of [the French domestic intelligence service] selling information on the ‘dark web’ to mafia members, USB drives that contain the home addresses of thousands of police officials possibly ending up in the hands of jihadist groups, and god knows what else.”
The arrest last week of the Senate employee, who had long advocated for a closer relationship between North Korea and France and was charged with sharing confidential political and security information with the rogue state, is only the latest in a string of black eyes for the French intelligence services.
Other incidents include revelations that an analyst for the French domestic intelligence service, known by its initials as the DGSI, used his work resources to sell confidential information to both organized crime groups and to as yet unidentified foreign economic intelligence collectors. After the analyst’s arrest in September, it was revealed that the transactions were done using contacts through the anonymous browsing service Tor in exchange for cryptocurrency payments, often as little as $35 per tracked phone number.
In another incident this spring, a French police officer was charged with losing track of a USB drive that contained huge amounts of personal information of police officers. The drive was found in an apartment linked to a jihadi cell suspected in the June 2016 murder of a French police officer and his partner in their home outside Paris. The revelation that suspects in that murder had access to private data of police officials came after another leak in June 2016 where a civilian police employee posted the personal data of more than 100,000 French police officers to a Google document. It remains unclear if the first leak fell into the hands of terror groups or criminals but it very much alarmed police officials.
Public attention now is focused on how French police have handled three consecutive weekends of nationwide demonstrations over hikes in fuel taxes and a growing sense of anger that the French countryside badly trails the economic development of the larger cities.
But the security breaches may turn out to be a wider threat. France plays a major role in the security of Europe and leads in efforts to control Islamist radicals and other terrorism incidents. A security leak of French information could compromise other nations' faith in France's law enforcement role.
The police themselves are as angry as the protesters — claiming that the government does little to protect them as they work on the front lines of European security — including more than a dozen significant terror plots attempted or executed since 2014.
“They haven’t done shit to protect us,” said the police official, who has worked undercover in the past. “We have enormous numbers of people to investigate for links to al-Qaeda and [ISIS] and since the [November 2015] Bataclan attacks we have worked in high priority to collect information and stop future plots, but that can’t be done if civil servants are losing track of databases containing our home addresses, or if intelligence analysts are selling top-secret information to the mafia, or even spying for North Korea. If you’re willing to get paid by the mafia or North Koreans for data, you’re likely willing to work for ISIS or not know you are working for them as you get paid to give out information.”
“Police officers and their families have died because a jihadi was able to determine where they lived,” he added. “They tell us there was no criminal intent and that the USB drive wasn’t accessed by the killer, or killers, but even among police there’s not a lot of trust in the claim.”
In the case of the officer who helped his brother obtain a false ID card that allowed money to be sent to ISIS and Abu Jihad al-Munfarid, a French ISIS member, prosecutors accused the officer of betraying his country and having been duped by family connections to aid an ISIS member.
“How could you provide an identity card to your brother and his accomplice to commit scams knowing that the money was being sent to ISIS members in Syria?” asked the prosecutor, according to the French daily Le Parisien.
“I do not know,” said the officer. “What do you want me to answer you? It was stupidity, monumental idiocy. I provided ways for them to commit scams to fund the cause. The facts speak for themselves.”
One expert said that while leaks are common in France, it’s typically leaks to reporters that worry officials and prosecutors.
“There have always been leaks,” said Alain Bauer, a leading French criminologist who has advised multiple governments on internal security issues. But the frequency of the current leaks raises questions about whether French officials are aware of basic security precautions.
The USB drive case is one of those. Prosecutors have said that it was stolen from a police official by a personal friend, who then turned out to be linked to an alleged terrorist cell. The drive was recovered in a police raid last year. The suspect, identified as “Mina B,” was arrested after she contacted a cell linked to ISIS about helping a friend travel to Syria or Iraq to join the group.
The DGSI leaks case, which saw an analyst essentially offer a shopping list of sensitive data to criminal organizations, is particularly dangerous, Bauer said, because of the detailed nature of what was made available.
The questions for the French government, he said, go beyond the leaks themselves to whether the French public is aware of how much information is available online to anyone — criminal, police, or terrorist.
Still, there’s been little public outcry over the leaks. “None, sadly,” Bauer said.
Mitch Prothero reported from Brussels.