[ISN] Hacker Spawns a French Watergate

From: InfoSec News (alerts@private)
Date: Thu Jul 13 2006 - 01:15:27 PDT


By Bruce Gain
July, 12, 2006

PARIS -- A hack of a Luxembourg bank's records is emerging as a key detail 
of the so-called Clearstream affair here, a national scandal that's pulled 
top-level politicians, powerful corporate executives and now a white-hat 
hacking group into its orbit.

Like a spy novel or a French version of All the President's Men, the 
scandal has captivated the press, and produced a steady stream of leaks 
about political vendettas, secret meetings between high-level government 
officials and anonymous letters penned by a mysterious "Le Corbeau" (the 
Raven). The apparent electronic espionage now adds a high-tech angle to 
what many are calling "the French Watergate."

At the heart of the storm is a sophisticated conspiracy to falsely 
implicate a number of celebrities, high-ranking officials and political 
candidates in a bribery scandal.

Among the falsified evidence produced by the conspirators before the fraud 
unraveled were confidential bank records originating with the Clearstream 
bank in Luxembourg, which were expertly modified to make it appear that 
some French politicians had secretly established offshore bank accounts to 
receive bribes. The falsified records were then sent to investigators, 
with enough authentic account information left in to make them appear 

A French justice department official close to the probe, speaking on 
condition of anonymity, said prosecutors were still in the early stage of 
their investigation, but have confirmed that someone hacked into the bank. 
"It is true that someone did enter the bank's system and altered records 
-- we do know that," the official told Wired News. "But we still do not 
know who did exactly what."

The complicated affair has its roots in a 2001 investigation of bribery 
payments deposited in Clearstream accounts from the sale of French 
frigates in Taiwan. While the bribes were real enough, the investigation 
became a platform for a Nixonian dirty-tricks operation.

One of the targets of the frame-up was presidential hopeful Nicolas 
Sarkozy, and press reports have linked his rival, Prime Minister Dominique 
de Villepin, to the smear campaign. French President Jacques Chirac 
defended de Villepin from the charges during a nationally televised 
interview last month, and de Villepin has filed libel suits against four 

Last month, prosecutors formerly charged Lebanese-born Imad Lahoud for 
allegedly creating the falsified bank records. Lahoud previously worked 
for the French secret service and headed a department of network engineers 
for Airbus parent European Aeronautic Defense and Space, or EADS.

Also arrested was Jean-Louis Gergorin, a former vice president for EADS, 
who allegedly distributed the records. Gergorin is thought to be Le 
Corbeau, who anonymously sent incriminating letters with the banking 
records to French judges.

A third alleged French plumber, Florian Bourges, has admitted to having 
copied and retained files stolen from the banking network, which he then 
handed off to Lahoud. A former executive from the internal audit firm 
Arthur Andersen, Bourges maintains the prosecutors' case against him is 
barred by the statute of limitations, since he copied the banking files 
more than three years ago. His case is pending before a French court.

Bourges told prosecutors this month that Lahoud was the one who modified 
the stolen bank account file -- a charge that Lahoud has denied. Lahoud's 
attorney declined to comment for this article.

Lahoud's mysterious past has fueled numerous news reports in the French 
media, with topics ranging from his alleged ties to the bin Laden family 
and the French secret service, and his arrest for participating in an 
alleged fraudulent stock trading swindle a few years ago.

More recently, the French investigative newspaper Le Canard Enchan 
divulged that members of Lahoud's engineering team at EADS also belong to 
a respected French white-hat hacker organization called Rstack, which has 
ample skills to hack an overseas banking network.

Rstack members did not respond to repeated e-mail inquiries, but last 
month an Rstack member vehemently proclaimed the group's innocence on 
Rstack's blog.

"This day would have been heavenly if it had not been for a weekly 
publication that felt obliged to play up a story based on a mlange of 
dubious facts and falsely drawn conclusions marginally relating to an 
affair that seems to only excite the media," wrote a hacker known as Sid. 
"Thanks guys for having ruined the week of innocent people who had nothing 
to do with this story."

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.

This archive was generated by hypermail 2.1.3 : Thu Jul 13 2006 - 01:23:31 PDT