Govt officials at 2011 G20 baited with porn

Govt officials at 2011 G20 baited with porn

Summary: Attendees at the Paris summit of the G20 finance ministers and central bank governors fell for an email promising nude photos of Carla Bruni, former supermodel and wife of French President Nicolas Sarkozy.

SHARE:
TOPICS: Security, Government
3

Citing "a government source in Paris," The Telegraph in Australia reports that many delegates to the February 2011 G20 summit in Paris were duped by an e-mail purporting to link to "naked pictures of Carla Bruni." Bruni is a former supermodel who became French President Nicolas Sarkozy's third wife in 2008, and was well-known for taking her clothes off in her early career.

Recipients who took the bait ran a trojan horse program which displayed X-rated photographs. The Telegraph says the email prompted users to open "an attachment" but it's likely that it actually gave a link to the program. Actual attachments have been passé for many years.

"Almost everybody who received the email took the bait," said the government source to The Telegraph, adding that this included representatives from the Czech Republic, Portugal, Bulgaria, Hungary and Latvia. The computers of senior officials were infected and forwarded the email on to others.

1236537_263353977122881_1480824083_n[1]
Carla Bruni seen here wearing clothes

The story reports that the attack was thought to originate in China, but no details are provided. The incident is still (!) under investigation.

The G20 is the Group of Twenty Finance Ministers and Central Bank Governors from 19 developed countries and the European Union. These countries "account for approximately 86% of the gross world product (GWP), 80 percent of world trade (including EU intra-trade), and two-thirds of the world population."

Ms. Bruni has moved on to a career as a pop singer.

Hat tip to The Volokh Conspiracy.

Topics: Security, Government

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Pretty funny

    There's plenty of more reputable sources where those G20 delegates could have performed the same "research" prior to the start of the summit. This really speaks to just how ill prepared they were before they got there.
    Sir Name
  • Web security is not their job.

    Not everyone is familiar with technology. They weren't trained to be IT Professionals and told not to click on everything. Either the Anti-Virus Suites they were using were inadequate (which today are useless since they aren't proactive about stopping Trojans like Conduit Search), the morals of the delegates was decayed, or something else more nefarious ... like drive-by downloads from a built-in web email weakness.
    Vapur9
  • a Windows/email client vulnerability?

    Not denying that Carla Bruni might be irresistible and that the official guys were just curious whether it was a joke. So what was the actual method of infection?
    A zero day or a fixed vulnerability which wasn't patched because machines were not up-to-date?
    If it's none of those, how could that have happen? Clicking on a link what else could that be? "This prompted many to open an attachment which turned out to be a 'Trojan Horse' with an embedded virus, although all recipients could see were the X-rated photographs."
    Otherwise, this is not normal for an application dealing with untrusted stuff to execute a script or a executable. Once again, when a system recognizes proper file permissions it''s quite elementary to strip off the dangerous ones if needed.
    It probably would be wiser for governments to use some GNU Linux, *BSD or even Mac OS X (the security competence of the latter should also be taken with a grain of salt)
    What's more interesting though, is that everyone seems to take it for granted. No, this is not a normal behavior for a system and an application. Blaming the lack of AV or it's deficiency is also ridiculous.
    So, the conclusion is don't use Microsoft Windows if you really care about your security.
    eulampius