The coordinated arson attack on high-speed rail by suspected far-left anarchists hours before the opening of the 2024 Olympic Games in Paris shows the broad array of sophisticated security threats faced by French law enforcement officials.
The potential threats to the event include a Russian-backed sabotage campaign, an attack directed or inspired by a terrorist group based in the Middle East, and a cyberattack that could disrupt communications, according to multiple current and senior law enforcement officials based in France, Europe and the U.S.
So far, French officials have not confirmed a motive or whether the group responsible for the attacks, which targeted train signals in France’s rail system, was coordinated by a foreign government.
Before the rail attack, the French minister of the interior said officials believed they had thwarted four specific and credible planned attacks on the Olympics — including one possibly tied to Russia.
On Tuesday, three days before the opening of the Games, French law enforcement officials visited the home of a 40-year-old Russian man, indicted him and took him into custody, according to the Paris prosecutor’s office.
“The elements discovered during this investigation [are] raising fears of his intention to organize events likely to cause destabilization during the Olympic Games,” the office told NBC News.
In a separate case, French Interior Minister Gerald Darmanin told a French news outlet that an 18-year-old, also arrested Tuesday, was part of a separate investigation involving a terrorist organization and that authorities are combing through his electronic devices. “We think there is a link” between the activities of the 18-year-old and a possible attack on the Games, Darmanin told BFM TV.
The arrests come amid a recent uptick in terrorism and violence in France not related to the Olympics. The national anti-terrorism prosecutor told NBC News that a suspected terrorist was arrested last Friday after attacking a taxi driver in the Loire region of France, the fourth violent incident in the past two weeks. Several other incidents have been investigated by law enforcement, including the intentional ramming of a car into a cafe and the stabbing of a police officer in the neck off the Champs-Élysées; police have not yet disclosed motives.
Heads of anti-terrorism agencies, including the FBI in the U.S., have also warned of possible attacks around the globe by groups or individuals related to or inspired by ISIS, including ISIS-K, which killed 145 people in an attack on a concert hall in Moscow in March.
Several years ago, France suffered two major ISIS-related attacks. In 2015, terrorists killed 138 people in Paris, including a large number at the Bataclan concert hall. And in 2016, a truck plowed into crowds in Nice, killing 87 people.
French and U.S. officials have highlighted smaller-scale incidents that have occurred so far in 2024 as examples of what could happen during the Games. They included bombs detonated outside stadiums, attacks on softer targets like bars and clubs, as well as multiple stabbings believed to be criminal or terrorist attacks.
Russian cyberthreat
The Olympics’ reliance on internet-connected systems that process ticket and meal payments, athlete information and critical infrastructure such as train systems makes France’s cybernetwork an attractive target to both lone-wolf and state-backed hackers, law enforcement and cybersecurity officials warn.
Chris Krebs, who served as the director of the Cybersecurity and Infrastructure Security Agency during the Trump administration, said he anticipates cybersecurity disruptions during the Olympics.
“I think it is an all but certainty that Russian cyber actors, whether it is the GRU, Sandworm or even the FSB will try to do something surrounding the Games,” Krebs, now the chief information officer for cybersecurity firm SentinelOne, told NBC News.
Krebs cited past attacks by Russian-backed groups that involved propaganda, sabotage and the use of hacks and leaks like the kind staged by Russian-affiliated hacking group “Fancy Bear” in 2016. That group obtained and published health information from the World Anti-Doping Agency on prominent U.S. athletes including gymnast Simone Biles. Biles and other athletes said they had taken medications for routine medical conditions and that they did not engage in doping.
Krebs also cited Russian-backed hackers’ use of the “Olympic Destroyer” malware before and during the opening ceremonies of the 2018 Olympics. The Justice Department later charged six members of Russia’s intelligence service — the GRU — with using the malware.
Krebs says the Russian-backed attacks are driven by the West’s support for Ukraine after President Vladimir Putin launched a full-scale invasion of the country in 2022, as well as the Kremlin’s desire to tell the Russian people, “Look how messed up the West is.”
Russia is also conducting what law enforcement officials call “gray zone attacks,” which involve attacks on European companies and infrastructure supporting and supplying Ukraine’s defense against Russia.
In June, a dual Ukrainian-Russian citizen was arrested in a hotel in Val-d’Oise, France, after he suffered “significant burns following an explosion,” according to French officials.
An official with the French National Anti-Terrorism Prosecutor’s Office said its investigation found materials used to make explosive devices and that one of those devices had exploded. No other injuries were reported.
Multiple U.S. officials briefed on the matter said the device that exploded included the homemade explosive compound TATP, which has been used in terror attacks over the past few decades worldwide but particularly in Europe.
As first reported by NBC News, the U.S. officials said authorities believed that person was trying to conduct a pro-Russian act of sabotage against a French facility that supported Ukraine’s war efforts.
U.S. and European officials say Russia is conducting a “brazen” sabotage campaign across Europe that seeks to damage railways, military bases and other sites used to supply arms to Kyiv in order to undermine Western support for Ukraine.
On Tuesday, a new arrest highlighted a potential Russian intelligence effort to disrupt the Olympics. French officials said a man, whom they did not identify, faces up to 30 years in prison on charges of conducting “intelligence with a foreign power with a view to provoking hostilities in France.”
Multiple French news outlets say the man is a Russian-born chef and member of the Federal Security Service of Russia — known as the FSB. The French newspaper Le Monde reported that he once said, “The French are going to have an opening ceremony like no other.”
U.S. and European law enforcement officials say French law enforcement is also closely monitoring potential protest activity ranging from local strikes to street demonstrations. Large climate-related protests as well as demonstrations involving pro-Palestinian groups have occurred frequently, but French law enforcement agencies are believed to have the ability to contain them.
Have the French learned lessons from past attacks?
Some observers have wondered whether French law enforcement agencies have learned from the bloody attacks France suffered in 2015 and 2016.
A review of French intelligence and law enforcement efforts following those two attacks identified a host of gaps and failures. A trove of official documents that were part of the French investigation was obtained by NBC News in 2016. They showed one suspect involved in the attack was identified in 2009, but that French officials did not send undercover informants to try to record suspects saying something incriminating, a practice long used by the FBI.
The French are now believed to be using undercover informants to disrupt plans for attacks, based on the arrests of multiple individuals leading up to the Olympics. The attack on the Bataclan concert hall also highlighted the dangers to first responders such as medics when suspects may still be firing, according to New York’s police and fire departments and other U.S. agencies that spoke with French officials after the attack.
Another lesson learned by French officials is the importance of immediately supporting the survivors of attacks. “The government understood quickly the necessity to support victims” after the Bataclan attack, said Pauline Okroglic a lawyer with the aid group France Victimes, whose 1,450 employees have supported over 300,000 victims of crimes and national disasters since its founding in 1986. The quicker that victims’ trauma was addressed, the faster their recovery.
Jerome Moreau, a spokesperson for the group, told NBC News it works with “all people with a traumatic connection” to an attack, from victims and their families to the families of perpetrators who were not aware of their relatives’ plans. “The most important thing for us is to help each victim in a terrorist attack.”