The French government is calling an urgent meeting of the country's media groups after a hacking attack on the country's TV5Monde network by a group affiliated to Islamic State.
The attackers took all 11 of the public broadcaster's TV channels off air from 10pm Wednesday to 1am Thursday (local time) and seized control of its social media accounts and website.
The station's Facebook page carried messages reading "CyberCaliphate" and "Je SuIS IS", along with copies of ID cards and other documents purportedly belonging to relatives of French soldiers engaged in the battle against Islamic State.
The Paris prosecutor’s office has opened a terrorism investigation into the attack.
With the assistance of the French National Information Systems Security Agency, ANSSI, TV5Monde was able to begin broadcasting pre-recorded programs across the channels from about 2am and has since regained full control of its channels, which broadcast to more than 200 countries.
But the station's website is still down and employees still have no access to email almost 24 hours after the attack began.
CyberCaliphate is the same name used by the attackers who took over the US military’s Central Command social media accounts in January, and those of Newsweek magazine in February.
But IS expert Wassim Nasr told the France 24 English channel that there were "weird" anomalies in the messages posted in French, Arabic and English by the attackers, "including many things that cannot be said in Arabic … it looks like Google Translate".
Christophe Birkeland, vice-president of engineering at the US-based security firm Blue Coat Systems, told The Guardian the "initial infection" was "probably either someone’s stolen credentials, probably for remote networking access, or the installation of a remote administration tool used to access deeper and deeper levels of the network and attack systems. Both of these attacks typically use social engineering."
Reports suggest that TV5Monde's internal defences were not robust and once they had gained entry to its networks, the attackers were able to reach the systems controlling playout to air and live broadcasts.
"Social engineering might be incredibly low-tech sometimes, but once you’ve got the compromise, most security systems are not set up to deal with the idea of someone using security credentials in a non-authorised way, which allows attackers to reach even the deepest, most secure sections of a corporate network, which is likely what has happened here," Blue Coat employee Robert Arandjelovic told The Guardian.