In 2019, they remotely neutralized “Retadup”, a formidable global botnet. Put out of state to harm three cyber crooks at the origin of a vast scam in the false computer support. Interrogated a former company executive who had avenged his ex-associates by stealing 1.3 million euros in bitcoins. The thirty-two gendarmes of the Center for Combating Digital Crimes (C3N) are investigating the most complex computer crimes. On the occasion of the International Cybersecurity Forum (FIC) which opens in Lille (North) on Tuesday, their patron, Lieutenant-Colonel Fabienne Lopez, draws up an inventory of cybercrime.
Scams, hacks … Are we witnessing an increase in cyber crimes?
In the gendarmerie zone, more than 82,000 cybercrime-related offenses were reported in 2019, which represents an increase of 20% compared to last year. Scams represent 70% of reports. But we think there is a black figure: victims of blackmail with feelings or intimate videos do not report, companies do not file complaints for fear of repercussions on their image … We are far from the real figure.
In December, your service arrested a Frenchman suspected of having attacked his former associates by computer to steal them. Is this the heart of C3N’s missions?
At C3N, we only deal with offenses at the top of the spectrum: sensitive, complex and with a significant number of victims and / or high harm. In 2019, we had 86 investigations in the portfolio and we seized 5.8 million euros in criminal assets, which represents as much less money in the portfolio of offenders. The other part of the litigation is managed by the cyber chain of the gendarmerie, from brigades to research sections according to importance. This Bitcoin theft case is totally within our scope. It is one of the attacks on an automated data processing system. It can be hacking with data theft or embezzlement, as here, but also blackmail with the famous ransomware (ransomware). Concretely, the hacker enters a computer system, encrypts the data and copies them, then threatens his user to divulge or delete them if he does not pay a ransom, often in cryptocurrency. It is especially the companies which are targeted, of all activities and of all sizes – from the very small company to the multinational, industry or bank – but often with the particularity of having a strong sensitivity locally. This means that if the activity remains blocked by the pirate, layoffs are at stake. It is a major scourge and in full expansion.
As for cyber scams, what are the trends?
In particular, there has been an increase in scams involving false computer media. Behind his screen, a victim sees a false warning message from the operating system that appears authentic, serious and urgent, telling them that their computer is infected. She is invited to call for assistance over the phone. At the other end, call centers claim that they will delete the virus or regain control of the computer, which has never been infected. A billed intervention. In the last investigation processed, there was almost 2 million euros of damage. However, simply restarting the computer will solve the problem.
There are also, real mass computer infections …
Yes, this is called botnets: the takeover by a hacker of several computers of individuals or institutions that it controls remotely. These zombie computers will then “work” for the hacker without their owners’ knowledge, for example by carrying out attacks to bring down a website (DDOS) or by manufacturing cryptocurrency. The Botnet Retadup, one of the largest in the world, had, for example, been used to attack Israeli hospitals. We detected a fault in the server when it was positioned in France and managed to wipe out the effects of the virus for 1.3 million computers, including hundreds in France.
What does the profile of neopirates reveal to us?
It is very delicate to draw a robot portrait of the pirate. Because if we manage to stop an offense, it is however more difficult to go back to the author because of the many anonymization techniques and lures used by him. There are also sometimes international links. What is certain, in any case, is that the French are not outdone. Not everyone can become a hacker because it requires top-flight techniques, but there is a whole generation for whom the digital world is natural.
Recently, the gendarmerie has also been using connected objects for its investigations …
These everyday objects can help gather evidence. We had a fire which was an insurance scam: the owner wanted to make it look like an accident. The man tells us that he was very afraid, thought he was dying … Except that his smartwatch that follows his heart rate shows no peak in his heart. This helped guide the investigation. We are also working on the diversion of objects for malicious purposes. In particular, we were able to arrest a pedophile who had hidden a flea with child pornography images in a deodorant. There was also this father who had installed a geolocation system in a toy of his daughter to follow his ex-wife, or this pirate who had hijacked a wi-fi repeater to surf on child pornography sites. Be careful not to be a victim of your connected objects, the vulnerability of which is now exploited by criminals.
In 2019, a “ripou” investigator from your service was arrested for having minted confidential information on the Darknet. What inspires you?
It is a personal drift which in no way compromises the integrity of the staff of the C3N. This individual was quickly removed from the institution. It is a punctual accident, regrettable, but which remains the action of a single individual who has chosen to become an offender.