The General Directorate of Internal Security (DGSI), the main French domestic intelligence service, is investigating the release, Sunday, December 9, a file containing information on nearly five hundred police officers, said the Paris prosecutor's office. World, confirming information from The Express. The DGSI will link its investigations to an investigation, opened December 6, attacks and threats of computer attacks, including on state sites.
The file diffused on sites claiming of the movement Anonymous, that The world has been able to consult, includes names, with phone numbers, e-mail addresses, and, in some cases, functions. It was formed from the hacking of a forum of the Alliance police union, said his Deputy Secretary General, Frédéric Lagache. “It's a place where colleagues can apply to change cities”he says, pointing out that the data obtained by the hackers have nothing to do with the membership file of the union. “This one is encrypted, we are quiet about it. “
However, if the authenticity of the file was recognized by Alliance, Frédéric Lagache was not able to specify the date of the piracy. Has it been committed in recent days – and therefore concomitant with the movement of “yellow vests” – or is it older?
If the question arises is that the dissemination of the database on the Internet was carried out by an entity posing as the “Anonymous Anarchist Agency “, whose origins, means of action and motivations remain uncertain today. Featuring the symbols of the nebula Anonymous, this informal group of hackers, active for several years, the organization completely decentralized (anyone can claim it), the Anonymous Anarchist Agency accompanied the publication of the police file of Alliance of a message: “Solidarity with comrades who face repression in France and other parts of the world. “
But is it really at the origin of piracy? The question remains open, while the technique is common among some groups Anonymous: make up already pirated files and published long ago to believe in a recent operation. However, under the slogan #opFrance (“France operation”), the dissemination of the database from Alliance was accompanied by links pointing to two other databases.
One of them was presented as a “List of the staff of the Ministry of Defense” : it contains the names, email addresses, phone numbers, functions of more than three thousand people. But as noted by the site specialized in computer security Zataz, part of the information on this list seems to date back to the 2000s. The co-ordinated information would therefore be partly obsolete, and would not result from recent piracy related to the movement of “yellow vests”.
In 2016, a database of subcontractors from the same department had already been hacked and broadcast by Anonymous: it then presented ten thousand rows of personal information, some of which also dated back to the 2000s. early December under the slogan #opFrance, shorter, is it just a simple excerpt? Contacted, the Ministry of Defense has not, for the moment, not answered our questions on the subject.
The other database distributed by the same group under the keyword #opFrance comes from one of the websites of the National School of Prison Administration (ENAP). It is the result of a recent cyber attack: Philippe Claerhout, communication manager at ENAP, told the World part of the school's online portal was hacked on December 2nd. The attack, noted the next day, affected the online store of ENAP, and allowed hackers to obtain the contact details of 1,600 customers (last name, first name, email address). This book sales portal has also been “de-tagged”, that is, its homepage has been modified.
This intrusion was accompanied by a “Message in English”, according to the details of Mr Claerhout, which indicates a complaint has been filed and that the investigation is ongoing. However, according to our findings, the distribution of this file mentioning ENAP on sites using Anonymous symbols, from the evening of December 2, is also accompanied by a message in English: it refers in particular to … Kurds against the “Fascist regime of the AKP”.
Lists of target sites
These hacks and these publications do not necessarily have any link with actions related to “yellow vests”. The movement gathering behind #opFrance however puts them forward to raise the sauce, especially in texts, which we find traces from December 7, calling for actions of “Communication” in connection with the challenge of “yellow vests”.
The #opFrance mobilization guidelines also give suggestions for action (“Directly attack the government like that it will force to reduce taxes and accept other claims” [sic], “Block the servers of various banks to block any transactions! “ [sic], or «Launch a massive and simultaneous DDOS on the media type bfm cnews» [sic]), but also broadcast messages on traditional social networks (Facebook, Twitter).
Lists of websites of French institutions, companies and media are also centralized as “Target”, for the probable purpose of performing denial of service (DDoS) attacks, which consist of saturating a query site to make it inaccessible.
Small scale attacks
It is in this context that the ISB survey on the distribution of the Alliance file comes into play. It is part of a wider procedure, launched on December 6, which also relates, according to our information, to attacks and threats of denial-of-service attacks on public service sites. Thus, the site of the taxes was the object of a DDoS attack Saturday December 8, day of mobilization of the “yellow vests”, around 13 h 30. The attackers having warned of their intentions during the week, the services of the Ministry parried the attack and their defenses were not overwhelmed.
In addition, the company FireEye, specializing in cybersecurity, said it has observed several cyber attacks to make inaccessible websites. Among the victims identified by the company, several sites, including those of the University of Lorraine and the University Paris-Sud. The first, attached by The world, said to undergo this type of attacks regularly – they are indeed very common and require little technical skills. According to her, last week was not unusual. The second explained that we did not observe any computer attacks.
So far, the computer attacks are not extensive and rely on very limited means. The use of the symbols “Anonymous” does not mean that a great movement is behind: sign of this uncertainty, others Anonymous have denied, in a video posted on Thursday, December 6, “Any operation in connection with the movement of” yellow vests “”.
Finally, at this stage, the mobilized investigators do not make links between the various attacks investigated by the ISB and the leak of a police note on the safety device concerning the mobilization of “yellow vests” of 8 December. Nothing indicates for the moment that it comes from a hacking properly speaking: the “leak” seems to have been first propagated by far-right movements that Anonymous claimed. Another investigation was opened on the subject, and entrusted to the brigade of investigations on the frauds with the technologies of the information.