After hacking a server and discovering secret defense documents from the defense manufacturer Thales, he infiltrated jihadist forums for the General Directorate of Internal Security (DGSI) before learning that his officer handling the scam on his retribution.
Here is summarized in one sentence the incredible story of a French computer security expert, an instructive testimony on how this domestic intelligence service works with computer hackers to amass more information on its targets.
Last week, Sh0ck, his nickname on social networks, had in fact told on X (formerly Twitter) how he had been hired by a certain Xavier J., a former DGSI official. Although these messages have since been deleted, two press titles, Mediapart and BFM TV, have just revealed this story this Tuesday.
“Wild Pentest”
In the thread published on After fraudulently entering the server of an American translation company, he came across documents “stamped defense secrets” relating to French frigates. “We were two young people crawling the internet for fun looking for the first sql, the wild pentest in reality,” he remembered.
This case resulted in a six-month suspended prison sentence and a fine of 500 euros in 2013. But at the time, after the police heard Sh0ck, the DGSI – then the DCRI, the central directorate of internal intelligence – offers the 18-year-old young man to work for them.
Out of patriotism, he says, Sh0ck accepts. “I saw a real interest in helping the police,” he explained in his thread. “At the time, we were at the beginnings of French jihadism, before the attacks we experienced,” he added. The hacker is responsible for doing open source research on “potentially corrupt law enforcement” or “threatened diplomats”, he continued.
Vulnerability on vBulletin
As Mediapart details, the DGSI then asks Sh0ck to look for vulnerabilities on jihadist sites. He thus succeeded in hacking that of Ansar Al-Haqq, “a reference in the French jihadosphere”, notes the online investigation site, and installed a backdoor allowing him to siphon the email addresses and passwords of 4000 sympathizers. Data which helped in the arrest of Romain Letellier, subsequently convicted of advocating acts of terrorism on the Internet.
In his deleted thread, Sh0ck detailed the method of hacking this jihadist site, followed by others. “With friends, we managed to install webshells [une interface web permettant à un tiers d’exécuter à distance du code malveillant sur une machine] on most forums, we were therefore able to monitor for months the activities of French jihadists, in particular the Kouachi brothers [les assassins de Charlie Hebdo] who were registered on this type of forum,” he explained.
More precisely, the hackers had exploited a vulnerability present in the faq.php component of these forums based on vBulletin, a discussion forum management software.
As a former DGSI employee, who confirmed the veracity of this story in broad terms, explains to ZDNET.fr, this type of use of external hackers makes it possible to avoid leaving compromising traces for the service. “Dog punks with the IQ of Einstein,” another veteran of the service vividly sums up Mediapart. This work in the shadows will last around 5 years, until 2016-2017.
Diversion of remuneration
The story could end there. As he explains to Mediapart, Sh0ck failed for an unknown reason in the DGSI recruitment tests before becoming a consultant for an IT security company. He now works for the IT security of a large banking group. But the young man was recalled a few years later by police officers from the general inspection of internal security…
The latter then announced to Sh0ck that they suspected his treating officer of having embezzled part of the remuneration which should have accrued to him. Paid as a source outside the department, the computer security specialist was paid in cash.
In total, a little less than 10,000 euros, when he should have received double. A story which will end with Xavier J. pleading guilty in November 2022 and a three-year prison sentence, including six months, according to Mediapart and BFM TV.
“Even if institutions like the DGSI, the DGSE [les espions du renseignement extérieur français] or whatever are for the most part very honest with protocols that are normally very supervised, you are not safe from coming across malicious people”, concluded Sh0ck on X. “In any case, be very careful if you are in the same situation as me at the time”, he added for the benefit of young hackers who might have become, like him in the past, one of the DGSI’s unofficial service providers.