Fighting in French counterintelligence. In December 2018, agents from the DGSI and experts from ANSSI (the French cybersecurity gendarme) discover that the computer networks of the engineering specialist Expleo (ex-Assystem) were penetrated by a mysterious assailant. Going up the line of attack, the real target quickly appears. The European champion Airbus, of which Expleo is a major supplier, saw its networks penetrated via its subcontractor. “It was a fairly sophisticated rebound cyber attack targeting Airbus aircraft certification data, ” specifies one of the cyber-investigators. A suspect is quickly identified: a group of hackers known as APT10, known to be close to the Chinese intelligence services. “Certification (validation of the safety of aircraft parts and of the aircraft itself) is the Achilles heel of Chinese aeronautics, which especially breaks its teeth on that of its single-aisle aircraft, the C919 “, points out a former director of Airbus. In fact, the entry into service of this competitor of the A320 continues to be delayed.
A few months earlier, it was on the other side of the Channel that Beijing had attacked the European aircraft manufacturer, as Challenges reveals it here. In spring 2018, counter spies British from Center for the Protection of National Infrastructure (CPNI), an agency attached to MI5, the famous interior intelligence service in the United Kingdom, spot strange trips to the Chinese province of Jiangsu, made by some Airbus employees from the Broughton (Wales) and Filton (England) sites, where the wings of Airbus aircraft are manufactured. Invited to attend conferences at the Nanjing Aeronautical University during their vacation, they were also “debriefed “ by agents of the most powerful Chinese intelligence service, the Ministry of State Security (MSE), discovers MI5. According to our information, Airbus separated in 2019 from four employees, accused of having transmitted to China elements of certification and data on the coating of the wings of aircraft of the European champion.
“Enders had a hell of a blast”
The love story between Airbus and Chinese spies is ancient. In 2013, the European giant is contacted by the Chinese air force who wishes to acquire its A400M military transport aircraft. The demand is quite baroque: since the repression of the Tian'anmen student movement in 1989, China has been under a European embargo for all arms sales. Faced with Airbus' polite refusal, Beijing first tried to return Spanish employees of the group, without much success. Before changing gear: in early 2014, the GCHQ, a powerful electronic intelligence service in the United Kingdom, detected a cyber attack on the aircraft manufacturer's networks. After six months of stalking, the French and English services finally discover that “hacker groups working for the Chinese government were looking for technical documents relating to the A400M and electronic defense activities “, tell a former Airbus executive. Contacted by Challenges, the aircraft manufacturer does not comment. As for the Chinese Embassy in Paris, it judges these cases “totally spooky”.
The A400M military transport plane, whose program was launched in 2000 and cost a whopping 30 billion euros, was the subject of a Chinese cyber attack in 2014. (vs) AFP / Archives – John MACDOUGALL
Spooky? To have. In 2011, Beijing even attacked the heart of French deterrence: the strategic missile M51, a technological gem at 120 million euros each that equips French nuclear-powered submarine submarines (SNLE). The cyber attack, never revealed until now, targeted the manufacturer of this nuclear-headed missile, the space subsidiary of Airbus Astrium (now ArianeGroup). “It targeted the technical characteristics of the missile and the results of the last test of the M51 from the submarine the terrible“, tells Challenges a close source. Identified by British and French services several months after its launch, the attack had taken advantage of huge flaws in Airbus' cybersecurity system. “Tom Enders, boss of Airbus at the time, had a hell of a blast from the French government,” said a former services.
Russia is also showing a certain interest in French deterrence. In addition to the submarines that she regularly posts off the base of Ile Longue, near Brest in an attempt to track down French SSBNs, she regularly engages in human intelligence operations. In early 2010, as revealed the new observer, a Russian naval attaché had tried to bribe, a suitcase of tickets, an officer of the French Navy to obtain data on the sound signature of the French SNLE. Documents had been sent, but with adulterated data. In this case, fakes lovingly concocted by the DRSD, the counter-interference service of the Ministry of the Armed Forces. The GRU, Russian military intelligence service, remains, since, very active on French territory. Like his cousins SVR (equivalent to DGSE) but also FSB (internal intelligence), which is not reluctant to plan operations outside Russian borders. One of them, more unusual, has led in recent years to the relocation to Poland of a Champagne SME specializing in the manufacture of cork stoppers. “There was a Russian service raid aimed at weakening a whole commercial chain, “recalls a former French counterintelligence.
Israel also regularly tries to “stamp” (return) French leaders and officers. A senior officer of the Directorate for the Protection of Defense Facilities, Means and Activities (DPID) was the subject of an attempted approach in 2015 by a sympathetic forty-something man. Regularly invited to salons (Milipol …) and military conferences, this jihadist specialist, considered as an agent of Mossad by French counterintelligence, would have tried to obtain classified documents from the officer. Has the person concerned cracked? François Hollande, then at the Elysée, would have decided in defense council not to launch the big maneuvers. “No document was transmitted, there was just recklessness”, assures a familiar with the file. This did not prevent the officer from being transferred immediately to the Armed Forces communication service.
China is also looking closely at the tricolor military galaxy. In a secret report of July 2018, the General Secretariat for Defense and National Security (SGDSN) has thus pointed out the increased number of marriages between soldiers based in Brittany and young Chinese women. This document, revealed in the book France-China, dangerous connections (Stock), specifically mentioned the repeated approaches of the local defense community by Chinese female students from the University of Western Brittany, based in Brest. “The technique of the swallow that is sent to the front to seek sensitive information is a great classic of Chinese espionage”, observes a French official.
“There is no point in arriving with the cavalry …”
And it also applies to the private sector. According to our information, the marriages of at least two Dassault engineers with young Chinese women, between 2013 and 2016, also alerted our intelligence services. “Each time it concerned men in their fifties working in sensitive design offices, says a familiar with the family aircraft manufacturer. This does not mean that they are spies but these unions challenge and bring us to be vigilant. ” In spy language, this means that the services keep a close eye on the tribulations of these newlyweds. “There is no point in ringing the bell and arriving with the cavalry, it is better to find out what is really going on,” confides a master spy. For example, an attractive Chinese couple with a senior executive of the EADS group (now Airbus) had been caught in the bag in Moscow in 2009 by the DGSE, which acted in connection with the DPSD (renamed since DRSD). French agents had discovered in the young woman's affairs several copied technical documents belonging to EADS.
Another tool used by China: the “white hair program” which consists of discreetly flirting with young retirees from the technical departments of the major defense industries (Dassault, Airbus, etc.) or nanotechnologies. “We first offer them a conference in China, with a sympathetic payment, then possibly to open a research laboratory on site,” explains an industrialist. Layers of the Academy of Technologies have recently been approached. “This is a real subject, and not only vis-à-vis China, because other countries are also recruiting, including by hiring assets, ensures Challenges General Eric Bucquet, patron of the DRSD. This is a subject of attention and we follow this population when there is a significant risk of technology transfer. “
The DGSE reading room
French services are not, however, confined solely to defensive. During the merciless war between the Airbus-Thales tandem and the American Lockheed Martin to sell spy satellites to the United Arab Emirates in 2013 – a “Falcon Eye” contract had finally been won by France – the DGSE had obtained the cartography political decision-makers met by American industrialists and politicians and information on their offers. “It remains 1% of what the Americans do, but we're not penguins either,” says an industrialist. What did not prevent some famous flaws, like at the end of 2010 in Toulouse. Three DGSE agents, who searched the room of the boss of the company China Eastern at the Crowne Plaza, had been caught in the bag by the person concerned. Before leaving without asking for their rest …
The DGSE also has a sort of reading room, within the “Centrale”, the headquarters of boulevard Mortier, where manufacturers can come and consult files collected by the service. The principle ? “Eyes only“: Each industrialist can send an emissary, often a former service member or a trusted executive from the general secretariat, who wants to come and consult the documents, but does not have the right to photograph or take them away.” 99.9% some information is dated or irrelevant, but by spending time on it, you can also come across a nugget, “assures someone familiar with the place.