A private security firm hired by the state-controlled French energy firm EDF allegedly planted Trojan malware that could read and record e-mails and keystrokes of French Greenpeace officers, according to reports.
According to the Financial Times, the French judiciary is conducting a judicial investigation into allegations EDF broke the law as part of a surveillance plan to monitor eco-activists.
EDF owns British Energy, which owns the UK's nuclear power plants.
A spokesman for EDF confirmed the judicial enquiry, saying EDF believed the employees concerned exceeded their authority. EDF has asked the court to reconsider its rejection of a request to consider EDF a victim in the case.
EDF said it tried to secure its installations and people daily to prevent violent action at its sites. "Accordingly, like all industrial enterprises, EDF constantly monitors information that may affect its activity while strictly observing the legal provisions," it said, adding: "EDF wholeheartedly condemns any method aimed at obtaining information illegally."
According to the FT, EDF hired Kargus Consultants to investigate Greenpeace by going to meetings, demonstrations and talking to people linked to the organisation.
EDF denied that it sought to hack Greenpeace or others' private networks. French judges rejected an EDF effort to register itself as a victim of the affair, the FT reported.
According to the report, Kargus' owner and former spy Thierry Lorho testified that Kargus was hired by EDF to provide operational support for strategic surveillance. He said Pierre François, site protection engineer, asked him to hack into Jadot's computer as a trial run for a longer-term contract to monitor Greenpeace activities.
According to the testimony, Lorho hired Alain Quiros, a computer expert, to hack the system. Quiros, who corroborated Lohro's statement, said he planned to use a Trojan to record every e-mail and every keystroke made by Jadot.
François and EDF's head of security, Pascal Durieux, rejected these claims, the FT said. François suggested that Lorho wanted revenge after his contract with EDF ended.
EDF said it suspended François and his line manager Pascal Durieux, security manager in the Production and Engineering Division, from 10 April. This followed an internal enquiry, which showed that a monitoring contract with Securewyse, which EDF cancelled, was signed without full regard for the group's rules.
In an interview with Le Monde, Jean-Marc Sabathé, EDF's security director, said EDF had suspended François and Durieux after an internal inquiry found that contacts to hire Kargus had breached company rules. Management knew nothing of the contacts, Sabathé said.