The mistake is human (even in cyber defense)

20/09/2019 in "Cybersecurity"

This is an article that made a lot of noise. On February 13, Le Canard Echaîné released the article "The Ace of cyber defense have left behind their little secrets on the web". Behind this sensationalist title, hid a fact: the negligence of the Clusif (Club of the security of the French information systems), allowing the escape of more than 2000 confidential cards. A "scandal" quickly defused by some journalists and the CLUSIF itself. So, big mistake or human forgetfulness? Focus on the controversial news of cyber defense.

This is really what we call, in the media jargon, a "buzz". By this means an event, not necessarily important, but so quickly mounted that it will become, the time of a few days, unavoidable.

On February 13, the paper duck Chained, signed the aptly named Jerome Canard, had the effect of a bomb. Entitled in a very explicit way "The aces of the cyberdefense left behind their little secrets on the web", he reported a flaw resulting from a negligence of security, discovered on the official site of the Clusif (Club of the security of the French information systems). According to the article, this error would have allowed Internet users to have access, self-service, "ultra-confidential list of its correspondents, senior executives of large companies and senior officials responsible for computer security. With, as a bonus, their Internet addresses and their phone numbers, including mobile! ".

But how could such a thing have happened? According to the article, it would have just enough users to type the names "Clusif" and "CSV" (for Comma-separated values) in Bing (the search engine of Microsoft) to have access to the data hitherto preciously guarded. An advertisement that would certainly have passed the Clusif, which, according to the paper, would have broadcast "more than 700 individual cards and the contact details of nearly 1500 recently registered officials to take a home training . " The organization did not wait for the publication of the Chained Duck article to take the lead. Warned that there had been a leak, Jean-Marc Gremy, president of the Clusif, has published, as of February 12, a press release to defuse the situation. According to these words, "it is not an act of malicious intent, a human error has been committed in the management of our website. We will therefore strengthen the control actions ". After all, as rightly so, the error is human. And even for those easily qualified "ace of cyber defense".


It did not take long before the response came. A few days later, on February 18th more precisely, appeared the article, ironically titled "The duck hiccup" on the site of First, the idea that the Clusif is a specialist in cyber defense is dismantled. On the contrary, according to the paper, it is simply a "platform of exchange whose mission is very useful (the publications of the Clusif are of high quality) and in no case we are dealing with the NSA or a pharmacy of barbouzes barded electronics and flashing gadgets. That is clear. In addition, the article also discusses this information disclosed by Chained Duck, stating that it would have been easy to find the full coordinates of the RSSI (Information Systems Security Officer) of the presidency. According to the paper of DSIH, this information does not stand up. Find the full coordinates of the RSSI of the Presidency? "In a few clicks, it is possible to retrieve them on the Internet; the post is not confidential ". This is called disassembly in good and due form.

The "leakage" of Clusif's data comes at a time when there is more than ever a question of cyber defense, and this, in different areas. On March 14, an enigmatic tweet from the Armed Forces Staff raised a number of questions. At first glance, this message (a sort of chain of letters and numbers) is incomprehensible to ordinary people. It is actually a coded language, as part of an annual cyber defense exercise called Defnet, on behalf of the French army, as revealed by the site of the Journal du Geek. In addition to the military, cyber defense can also be surprisingly inviting in the literary sector. A few months ago, came out indeed the Cépanou Cyberfatale comic book. This album on the secret world of the French cyber defense is the work of a woman, Isabelle Valentini, member of the staff, in charge of the cyberdefense. A fun way for minds curious to learn more about this mysterious world. Good news, a second volume is currently in preparation. In one way or another, we have not stopped hearing about cyber defense!

Antoine Le Fur

In the same category

Cybersecurity, current and fundamental data
In 2018, it will be a term that will be more than ever present. In recent years, cybersecurity has become a major issue for companies. Faced with the attacks that have multiplied last year, new strategies have been put in place to improve the relationship of employees with this vast space that is Internet. Some answers with Patrick Bodin, Director of Silicom's Cyber Defense Division.
Read more
Cyberdefense, a topical and delicate topic for French companies
<p> The terms cyberdefense and cyberattack are now well known to businesses. Being threatened by computer attacks is unfortunately the lot of many companies. A risk that does not escape some French firms. While the Orange Cyber Defense Group is multiplying initiatives around the concept of cybersecurity, we can see that the threat risk is still there. How to fight effectively against this plague 2.0? Spotlight on one of the evils affecting millions of people around the world. </p>
Read more