Citizen Lab Senior Researcher Morgan Marquis-Boire contributed to research related to Babar, a piece of malware believed to have been produced by the French government. Marquis-Boire was acknowledged as part of an investigation into Babar conducted by Marion Marschalek, an Austrian researcher at Cyphort. The malware is capable of eavesdropping on online conversations, such as those held on Skype, MSN, and Yahoo Messenger. In addition, it has the ability to log keystrokes and monitor websites accessed by the targeted user.
Evidence of the malware’s creation points to the French General Directorate for External Security (DGSE), France’s external intelligence agency. In an interview with Motherboard, Marquis-Boire explained that though Babar doesn’t appear to be as sophisticated as software produced in recently revealed NSA-campaigns, it is still “high quality.” He added that “there’s a lot of really, really badly written malware. Here, there’s the quality you could expect from a nation that has a large military industrial complex.” These findings are signs that the French government is just as capable and just as involved in digital spyware efforts as other European nations, Russia, and the United States. Marschalek indicated that though they were almost certain that France was responsible for the production of the malware, “proving this publicly is close to impossible.”
Read the full Motherboard article, or further coverage by Die Zeit, Netzpolitik, and Golem. Read reports into the DGSE’s surveillance software, titled ‘Evil Bunny‘ and ‘Elephantosis‘ after separate instances of malware which the researchers analyzed.
Marquis-Boire was also interviewed by Motherboard regarding Casper, another malware program believed to have been produced by a hacking group with ties to the French government. The tool is designed to profile victims and flag persons of interest for further monitoring. It’s structure is closely related to Babar and a series of other malware suites called the “Animal Farm” for their animal and cartoon-inspired names. In response to analysis of the software’s origins indicating French-government design, Marquis-Boire said that “it all seems to point in the same direction.” The similarities between different strains of the malware in the Animal Farm family, along with indication that closely-related Babar malware was produced by French intelligence agencies, gives strong reason for believing that Casper is no different.
Read Die Zeit coverage on Casper, as well as the full Motherboard article.