Philip Lieberman, President and Chief Executive of the privileged identity management specialist, said that the case of EDF being hit with a severe fine - after a senior official hired an external company to use a trojan to spy on Greenpeace - is notable because the saga started more than five years ago.
âAccording to the various newswire reports, the power generation giant â which runs more than 50 nuclear power stations in France and 8 in the UK â tasked an external company to conduct illegal surveillance on Greenpeace's then head of campaigns in France, Yannick Jadot,â he said.
âThanks to the successful infection of Jadotâs computer, EDF was able to illegally obtain 1,400 documents about the environmental charityâs ongoing campaign against nuclear energy,â he added.
The Lieberman Software president went on to say that, while it is good to hear that the French courts have handed down actual and suspended sentences against former EDF security staff and the detective agency employed by the energy giant, there are some significant questions that remain to be answered.
These include the possibility of incursions into the computers of other senior members of Greenpeaceâs staff, how long it was before the infections were detected and how they were spotted.
And then, he says, there is the confidential court testimony that was released by a French Web site â Mediapart - two years ago, that revealed that EDF had organised surveillance not only of Greenpeace in France, but broadly across Europe since 2004.
The really big question, says Lieberman, is how many other cases of trojan-assisted industrial espionage have been carried out in recent years, especially since the external company hired by EDF are said to have relatively simple techniques to infect the Greenpeace chiefâs computer.
And itâs worth noting, he explained, that the same French court handed down a six-month prison sentence and 4,000 euro fine to the external company that EDF used - in connection with infecting computers at a French anti-doping lab - allegedly on behalf of disgraced US cycling star Floyd Landis.
âSo what do these two cases tell us? Quite simply that trojan-assisted infections are almost certainly an integral part of the modern-day private detectiveâs IT arsenal when conducting industrial espionage,â he said.
âThe most worrying question is whether terrorists are also using the same techniques to assist their campaigns. I suspect the answer is yes, meaning that IT security professionals now need to take action against the use of trojans to harvest information from the machines under their protection,â he added.