Infosec 2015 The Edward Snowden leaks might imply that electronic espionage is a relatively new innovation but an under-publicised story from the supersonic age bursts that myth, as well as highlighting the French as a major power in activities these days more closely associated with China and the US.
Ed Wallace, director of incident response and advanced threats at security consultancy MWR Infosecurity, pointed us towards forgotten reports that French spies routinely bugged first-class passengers flying with Air France – including Concorde passengers – back in the 1990s.
The idea was that business people relaxing on a long trip, and perhaps enjoying a drink or two, might discuss all manner of commercially sensitive information, oblivious to the possibility of eavesdropping. The motive was economic espionage rather than national security or anti-terrorism.
In 1993, The Independent revealed the existence of a French intelligence document compiled by the Department of Economics, Science and Technology that provided commercial shopping list for agents, a guide to which industrial secrets France wanted to snaffle from her allies.
The shopping list included British helicopter technology from Westland, solid-rocket booster technology, satellite research and information about high-definition televisions, a technology where European companies lagged far behind America.
American and Canadian intelligence services got wind of the snooping and issued discreet warnings to companies advising them to assume that their executives were being bugged whenever they flew first-class with Air France. The airline has long denied that any of its employees were involved in the practice, but suspicions persist that the operation could have been carried out without the involvement of flight crew.
Intelligence agents could be tasked to plant bugs before periodically recovering recordings all without the involvement of flight crew.
Steve Armstrong, MD of Logically Secure Ltd and former lead of the RAF's penetration and TEMPEST testing teams, told El Reg that Concorde (for example) might have been bugged with standard microphones of the time either within seats or built into an aircraft's infrastructure.
"Units could be dropped in for 'safety purposes', noise cancellation or several other purposes with feeds fed to a multitrack recorder," Armstrong told El Reg.
Armstrong – who previously worked in teams that swept British embassies for bugs – said that the scenario that French spies bugged Concorde was both "plausible and easy to implement".
"Surveillance systems could be integrated with the wiring and infrastructure of the plane," said Armstrong. "The recording could be fed to a black box, with a new box used every day. Flight crew would not need to be involved."
Concorde was a joint Anglo-French project that ran between January 1976 until its retirement in November 2003.
French intelligence agents also reported penetrated Wall Street banks, securities houses and consultants, including Citibank, Chase Manhattan and Goldman Sachs, in an effort to discover investment plans in Europe. Agents were instructed to pay particular attention to lawyers and consultants who are often privy to clients' secrets but who are habitually careless with documents and in discussing business on the phone.
"Espionage like this nothing new, it’s the scale, relative cheapness and deniability that underpins the explosion of APT and cyber espionage across the globe," Wallace told El Reg. He added that Germany remained more concerned about French spying than anything the NSA was doing – at least, until recently.
Berry Smutny, head of German satellite company OHB Technology, was quoted in a US diplomatic note from October 2009 as saying: "France is the Empire of Evil in terms of technology theft, and Germany knows it". The scathing assessment came in diplomatic cables released by Wikileaks. ®