The police officers from the Paris police headquarters’ anti-cybercrime brigade did not hang around. A week after the opening of their investigation into the hacking of France Travail, the public administrative establishment responsible for the employment market, the Paris prosecutor’s office has just announced three arrests.
According to prosecutor Laure Beccuau, three suspects were in fact identified by the police. These are three people aged around twenty born in Yonne and Ardèche.
They were implicated, continues the magistrate, following technical and telephone investigations, without further details. Searches also “confirmed for some of them a fraudulent activity using the phishing technique”, finally reports the prosecution.
Judicial information
The three people arrested were presented Tuesday afternoon to an investigating judge for indictment and imprisoned. Open judicial information targets fraudulent access and maintenance in an automated data processing system, data extraction, as well as fraud and money laundering by organized gangs.
Telegram accounts, notably one spotted by StalkPhish, a phishing campaign detection and analysis service, offered for sale a database relating to France Travail. It is unclear whether this offer was serious or a scam.
This hack, which resulted in a leak of 43 million personal data, would be based on the compromise, according to an unspecified operating method, of accounts of agents of Cap Emploi, the organization which helps disabled people to to find a job.
This lead had already been reported by Le Monde. These Cap Emploi accounts were “authorized to access the resources present on the France Travail information system”, the prosecution clarified today.
Controversies
We do not know the exact status – administrators or ordinary users – of these Cap Emploi accounts, an important point which will undoubtedly clarify the questions raised by this large-scale leak.
The information that was stolen, relating to civil status, social security number, France Travail identifier, email and postal addresses and telephone numbers, was in fact relating to job seekers registered on the last twenty years.
An important volume which sparked controversy, moving France Travail from the status of the victim to the accused. Was the database indeed easily accessible internally? Likewise, why was retaining such old data necessary? And finally, why was this leak, which spread over a month, from February 6 to March 5, not spotted? So many questions still unanswered today.
(Updated with details of the incarceration as well as the existence of Telegram accounts claiming to be able to resell the stolen database).