France sees rise in cyberattacks surrounding Paris bombings

A disturbing increase.


Dell Cameron


Published Nov 20, 2015   Updated May 27, 2021, 3:09 pm CDT

France has suffered a sharp increase in malicious cyber activity over the past few days, but it remains unclear if the rise in cyberattacks is related to the Nov. 13 terrorist attacks in Paris.

While monitoring the flow of malware detected by antivirus installations across the globe, Moscow-based security firm Kaspersky Lab says it picked up several bursts in the number of unique users attacked in France during the past two weeks. Infectious URLs visited by users fluctuated until the 14th, the day after 129 people were killed in the French capital.

“To those who believe cyberattacks can be done with impunity, I say that impunity no longer exists.”

Linked or not, the terms “cyberthreat” and “terrorism” are now frequently uttered by world leaders in the same breath. President Obama’s comments at the G20 Summit in Turkey this week transitioned from the mention of cyberattacks into the announcement of a new intelligence sharing partnership with France. 

On Tuesday, British chancellor George Osborne promised to double the budget of the GCHQ, the nation’s top intelligence and security agency.

“To those who believe cyberattacks can be done with impunity, I say that impunity no longer exists,” said Osborne, warning citizens of an impending threat from Islamic State hackers on British airports, hospitals, and electrical stations. 

The so-called “bursts” observed by Kaspersky in France seem less erratic when compared to other spikes in activity observed by researchers this year. “We don’t see an increase in the number of Web-based attacks in November, compared to other months in 2015,” Kaspersky’s threat research team told the Daily Dot, prognosticating, however, that November would likely see more cyberattacks than October based on existing figures.

Noting a significant reduction in activity on Nov. 14, the Kaspersky researchers explained, “[The people of France] were using the Internet less after the tragedy.”

During the course of the attacks, there was an initial spike in data usage as users rushed to find out what was happening. This is, as one might assume, common during a tragedy. The Internet effectively “broke” during the Sept. 11, 2001, attacks on the World Trade Center, for example, albeit that was in the age of DSL and dial-up. But that rush is inevitably followed by a period of diminished activity. 

Distinct/unique malicious URLs visited by users in France. —

Distinct/unique malicious URLs visited by users in France. —

Kaspersky Lab

Jamie Woodruff, chief technology officer at Patch Penguin, a U.K.-based cybersecurity firm, was monitoring an influx of digital attacks on French targets throughout the day before Islamic State terrorists began the Paris assault at roughly 9:20pm local time.

The 22-year-old, who’s described as an ethical hacker and has provided technical analysis for past Daily Dot reporting, recently returned to London from Amsterdam, where he was demonstrating before an audience of senior airport officials how “simple” it is to hack the navigational systems on a commercial aircraft.

“France is not typically among the top destinations for cyberattacks,” said Woodruff, naming the U.S., China, Saudi Arabia, and Russia as commonly topping the list. “But in the days and weeks prior to the Paris bombings, France was increasingly targeted by malicious traffic—to the point that, for hours at a time, the activity was similar to what we observed in the wake of the Charlie Hebdo attack this past January.”

An “attack map” 24 hours after the Paris bombings displays a heightened level of cyberattacks. —

An “attack map” 24 hours after the Paris bombings displays a heightened level of cyberattacks. —


Researchers at Norse, a prominent cybersecurity firm that operates a global “dark-intelligence” platform, says its analysts “are aware of and have been investigating a recent increase in traffic directed towards France” since Nov. 2.

The 351-percent traffic increase is coupled with a 77-percent increase in unique source IP addresses from which that traffic originates. “However, it is important to note that we observed similar increases periodically over the past few months,” the company said.

Adds Norse: “While the most recent spike has been more prolonged, further investigation is required to determine what—if any—relation exists to recent terrorist events in France.”

In the last year shootings in France attributed to the Islamic State have routinely been followed by attacks online. In the wake of the Île-de-France attacks in early January—in which 17 French citizens were killed, including 12 at the offices of satirical newspaper Charlie Hebdo—roughly 20,000 websites were targeted, according to Defense Ministry officials.

Among the sites taken down by the hackers were regional newspaper Le Parisien, left-wing weekly magazine Marianne, and 20 Minutes, a free daily paper popular with Parisian youth.

Other sites claimed they were defaced, their homepages replaced by extremist propaganda and the “black flag of Jihad,” even while Montrouge shooter Amedy Coulibaly was still carrying out a killing spree, which ended after a municipal police officer and four hostages had been executed. 

Photos via Yuri Konovalov and supertrooper/123RF Stock Photo | Remix by Fernando Alfonso III

Share this article
*First Published: Nov 20, 2015, 12:26 am CST