back to article TV5Monde was saved from airtime-KO hack by unplugging infected box

France’s TV5Monde came “within hours” of being destroyed by hackers, according to the station’s boss. TV5Monde was taken off air for hours in April 2015. The interruption might have lasted longer but for the intervention of a techie who pulled the plug on a compromised system that was spreading malware, Yves Bigot, the …

  1. Your alien overlord - fear me

    Yves Bigot - bet he's not biased :-)

    1. Anonymous Coward
      Anonymous Coward

      bâillement bâiller, claquement de mains lente

  2. Gene Cash Silver badge
    WTF?

    "increased reoccurring bill of €3m ($3.4m) for improved security controls"

    Reoccurring how often? Monthly? Yearly? For what? Did they hire a "security d00d" or are they just paying through the nose for Norton Defender?

    1. P. Lee Silver badge

      > The attack cost the TV station €5m ($5.6m) and left it with an increased reoccurring bill of €3m ($3.4m) for improved security controls.

      Or maybe it should have already spent that money but didn't? I'm not sure the attack cost them that, it was the lack of defences. Was the attack really so bad that they needed on-site personnel to unplug the device? No remote switch-port management? No VLAN reconfiguration could have done it?

      Is the recurring $3.4m up from $3.39m which is their normal IT security spend?

      If an attack costs $5.6 to clean up, your security infrastructure wasn't right to start with. Assume you are going to get hacked. Assume you will need to rebuild everything. Segment your data, segment your access. Know what you have and what happens if you lose it. Now, what infrastructure do you need?

    2. Voland's right hand Silver badge

      Whichever

      You are looking at the typical attitude of the person in his position which sees this as a non-essential, unpleasant and unwanted overhead instead of an essential cost to doing business.

      Looks like he has not learned that in his business the uptime and reputation are everything and the costs to protect either are essential costs. Not unwanted additional overheads - they should have been budgeted and paid in _ADVANCE_.

      So IMHO there will be more of the same here. It is only a matter of time.

      1. Warm Braw Silver badge

        Re: Whichever

        uptime and reputation are everything

        TV5Monde is, to all intents and purposes, a consortium of francophone state TV stations trying to push a cultural/political agenda in the same was as the BBC World Service does. There's a limit to how much money their parent broadcasters are prepared to spend on what is for them a non-core activity, much in the same way that there is a limit to the amount the BBC was prepared to spend to overcome jamming.

        And that's precisely the point of these kind of attacks - to raise the "cost of doing business" to a point at which it isn't actually worth doing the business.

  3. Dr_N Silver badge

    TV5Monde

    No one watches it anyway.

  4. peasant

    And this is from 2015

    April.......Hmmm 18 months to come to light.. I welcome full disclosure........................................................................eventually

  5. Oh Matron! Silver badge

    Incorrect....

    "Although the hack was ostensibly made by cyber-jihadists affiliated with IS,"

    Listening to the interview yesterday, it was "indicated" that the attack was by the cyber-jihadists, with later investigations showing it was Russian linked

    1. Squander Two
      Facepalm

      Re: Incorrect....

      > Listening to the interview yesterday, it was "indicated" that the attack was by the cyber-jihadists, with later investigations showing it was Russian linked

      Yes, I thought that too. Although I didn't get it from hearing the interview. I got it by continuing to read this article all the way to the end.

  6. Bob Rocket

    Technicians

    Coincidently there were some technicians on site who just happened to turn on a new channel when the whole thing went tits up, that was lucky because one of those technicians managed to pull the plug before any more damage was caused.

    Now call me a conspiracy theorist if you like but I'd suspect the technician. (but wouldn't be surprised if said technician tried to blame the bogeyman)

    1. phuzz Silver badge
      Coat

      Re: Technicians

      I've never tried to blame one of my screw ups on foreign spooks before, that one's going in the old excuses bag.

      >>>>>> mines the one with a "I'm pretty sure it's down to your internet connection, I'd give your supplier a call" in the pocket.

    2. DJ Smiley

      Re: Technicians

      I find it amusing that something like this doesn't have 24/7 on site support.

  7. Jamie Jones Silver badge
    Boffin

    They unplugged the *infected* machine?

    At that stage of events, if there was only one machine distributing the malware, (which all seemed to go domrmant on disconnection) then it's not a virus, if anything it's' a C&C node

  8. Anonymous Blowhard

    The BBC article has a lot more detail, and attributes the damage to APT28 AKA Fancy Bear.

    1. Bob Rocket

      Media company with crap security and no DR

      waits six months to announce the bad guy du jour did the dirty

      'The perpetrators had first penetrated the network on 23 January. '

      and nobody noticed until

      8 April when the network went down.

      'staff had to return to using fax machines as they could not send emails.'

      'We had to wait for months and months before we reconnected to the internet'

      this one is the killer though

      'Special authentication procedures are needed to check email from abroad, flash drives have to be tested before being inserted.'

      What's the likelihood that someone clicked on an email link for a kitten picture or plugged in an infected flash card sometime before 23rd Jan.

      Of course it is entirely possible that the devil Putin himself hacked into some frog TV station from his desk one night between eating babies.

    2. Anonymous Coward
      Facepalm

      The BBC article has a lot more detail

      @Anonymous Blowhard: "The BBC article has a lot more detail, and attributes the damage to APT28 AKA Fancy Bear."

      "The attack used highly targeted malicious software to destroy the TV network's systems." ref

      A bit scarce on the actual technical details.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021