http://www.wired.com/news/technology/0,71363-0.html By Bruce Gain July, 12, 2006 PARIS -- A hack of a Luxembourg bank's records is emerging as a key detail of the so-called Clearstream affair here, a national scandal that's pulled top-level politicians, powerful corporate executives and now a white-hat hacking group into its orbit. Like a spy novel or a French version of All the President's Men, the scandal has captivated the press, and produced a steady stream of leaks about political vendettas, secret meetings between high-level government officials and anonymous letters penned by a mysterious "Le Corbeau" (the Raven). The apparent electronic espionage now adds a high-tech angle to what many are calling "the French Watergate." At the heart of the storm is a sophisticated conspiracy to falsely implicate a number of celebrities, high-ranking officials and political candidates in a bribery scandal. Among the falsified evidence produced by the conspirators before the fraud unraveled were confidential bank records originating with the Clearstream bank in Luxembourg, which were expertly modified to make it appear that some French politicians had secretly established offshore bank accounts to receive bribes. The falsified records were then sent to investigators, with enough authentic account information left in to make them appear credible. A French justice department official close to the probe, speaking on condition of anonymity, said prosecutors were still in the early stage of their investigation, but have confirmed that someone hacked into the bank. "It is true that someone did enter the bank's system and altered records -- we do know that," the official told Wired News. "But we still do not know who did exactly what." The complicated affair has its roots in a 2001 investigation of bribery payments deposited in Clearstream accounts from the sale of French frigates in Taiwan. While the bribes were real enough, the investigation became a platform for a Nixonian dirty-tricks operation. One of the targets of the frame-up was presidential hopeful Nicolas Sarkozy, and press reports have linked his rival, Prime Minister Dominique de Villepin, to the smear campaign. French President Jacques Chirac defended de Villepin from the charges during a nationally televised interview last month, and de Villepin has filed libel suits against four journalists. Last month, prosecutors formerly charged Lebanese-born Imad Lahoud for allegedly creating the falsified bank records. Lahoud previously worked for the French secret service and headed a department of network engineers for Airbus parent European Aeronautic Defense and Space, or EADS. Also arrested was Jean-Louis Gergorin, a former vice president for EADS, who allegedly distributed the records. Gergorin is thought to be Le Corbeau, who anonymously sent incriminating letters with the banking records to French judges. A third alleged French plumber, Florian Bourges, has admitted to having copied and retained files stolen from the banking network, which he then handed off to Lahoud. A former executive from the internal audit firm Arthur Andersen, Bourges maintains the prosecutors' case against him is barred by the statute of limitations, since he copied the banking files more than three years ago. His case is pending before a French court. Bourges told prosecutors this month that Lahoud was the one who modified the stolen bank account file -- a charge that Lahoud has denied. Lahoud's attorney declined to comment for this article. Lahoud's mysterious past has fueled numerous news reports in the French media, with topics ranging from his alleged ties to the bin Laden family and the French secret service, and his arrest for participating in an alleged fraudulent stock trading swindle a few years ago. More recently, the French investigative newspaper Le Canard Enchan divulged that members of Lahoud's engineering team at EADS also belong to a respected French white-hat hacker organization called Rstack, which has ample skills to hack an overseas banking network. Rstack members did not respond to repeated e-mail inquiries, but last month an Rstack member vehemently proclaimed the group's innocence on Rstack's blog. "This day would have been heavenly if it had not been for a weekly publication that felt obliged to play up a story based on a mlange of dubious facts and falsely drawn conclusions marginally relating to an affair that seems to only excite the media," wrote a hacker known as Sid. "Thanks guys for having ruined the week of innocent people who had nothing to do with this story." _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jul 13 2006 - 01:23:31 PDT