France’s intelligence services may be behind an e-mail spying operation that was aimed at Iran’s nuclear program but also ensnared other targets, including a francophone Canadian media outlet, says a report in the French newspaper Le Monde.
Relying on a document leaked by the former intelligence contractor Edward Snowden, the newspaper said Canada’s electronic spying agency uncovered the French spying software in November 2009.
The document leaked to Le Monde is a slide presentation with the logo of Communications Security Establishment of Canada (CSEC), the secretive Ottawa-based agency that tracks foreign computer, radio and telephone communications. It is classified top secret.
Prepared in 2011, the document was shared with other members of the Five Eyes, CSEC’s alliance with counterparts from the United States, United Kingdom, Australia and New Zealand. A copy given to the U.S. National Security Agency would have been among those leaked by Mr. Snowden.
The spyware, which CSEC analysts code-named Snowglobe, collected its victims’ e-mails.
It was detected in targets in Canada, Spain, Greece, Norway, Ivory Coast and Algeria.
But the target appeared to be primarily in Iran, focusing on the country’s foreign ministry, the Atomic Energy Organization of Iran, the Iran University of Science and Technology and two Tehran schools heavily involved in nuclear research, Malek-E-Ashtar University of Technology and Imam Hussein University.
There was few other details about Snowglobe’s objectives outside Iran.
Under the headline “Victimology: Global,” the document lists one possible target among the Five Eyes country: “possible targeting of a French-language Canadian media organization.”
No further specifics are provided on the Canadian target.
The slide speculates that the French eavesdroppers targeted Greece because it is “possibly associated with [the] European Financial Association,” and they were interested in Algeria and Ivory Coast because they are former French colonies.
The memo outlines circumstantial evidence that led CSEC to conclude that Snowglobe was a French intelligence operation.
The program doesn’t fit a “cybercrime profile,” CSEC said.
Also, CSEC analysts noted that the spyware’s programmer left his or her username amid the computer coding: “Titi,” a French diminutive or “colloquial term for a small person.”
Furthermore, the program’s internal name was “Babar,” an elephant character in a popular French children’s book.
The slide presentation concludes with the revelation that CSEC has now detected a more sophisticated version of the software, dubbed Snowman, which its programmers haven’t yet been able to crack.
Le Monde cited anonymous French diplomatic and intelligence sources saying that France used to have to rely on the United States and Israel for its insights about Iran. However, between 2006 and 2010, French signals intelligence agents developed a computer-spying capacity that now allows them to trade sensitive information with their American, British, German and Israeli counterparts.