This information from Europol on a crackdown against cybercriminals had been widely relayed. In June 2018, the European police agency announced the arrest of several people in France and a developer in Thailand.
They were suspected of having participated in a major extortion attempt targeting an English financial services company in May 2017: on the phone, a French-speaking blackmailer had asked for 730,000 pounds sterling, a sum intended to buy his silence on a fault. of security.
Copycats
This French speaker then claimed Rex Mundi. This group of hackers, very active since 2014, had specialized in extortion, threatening its victims with disclosing stolen data.
But five years later, there is no indication that the Rex Mundi hackers were really involved in this extortion attempt. This file, studied by the 13e chamber of the Paris court since Friday, June 10, has indeed concluded with proceedings against three young men who are clearly not members of this group.
Moush, now 26, unemployed at the time, wanted to get into cybercrime after trying his hand at trading. Jonathan, the developer, specializes in creating websites. He moved to Thailand after opening a bar in Carcassonne and successfully launching a variant of an online multiplayer game. As for Gaëtan, the last accused, he lived in Saône-et-Loire between a shop on the black market, Alphabay, and a computer repair company.
How to become a cybercriminal?
On the first day of the trial, Moush, suspected of being the blackmailer, explained to the judges how he had tried to take advantage of Rex Mundi’s notoriety. In 2017, it has been several months since the former apprentice baker, a time driver of VTC, tries to break into cybercrime. But despite reading Wikipedia files and diligent surfing on shady sites, his new career is stalling. For example, he offers his services to a ransomware group, but his proposal is refused. “I did not have the level, the real hackers are not on Alphabay but on sites which recruit by co-optation”, he agrees at the bar.
According to him, he ended up getting a good tip by talking with one of the members of the Rex Mundi group, a cybercriminal group known for several hacks around 2014. According to the exchanges, the latter boasts of an operation of successful blackmail carried out against a finance company, the parent company of the British victim. Boastingly, to prove his criminal resume, Moush’s contact gives instructions for the attack. The login portal has a vulnerability. A brute force script can be used to attempt to guess the passwords. It would thus be possible to get their hands on bank cards, the activity of this company. In the end, the victim company deplores 1,400 compromised customer accounts.
Information that Moush cannot exploit alone, however. He does not have the skills to write this PHP script of 20 to 30 lines. After having let several months pass by keeping the information under his elbow, the young man asks Gaëtan. The two know each other, with Moush having bought ransomware from Gaëtan before. The latter then put him in touch with Jonathan, his partner on Alphabay, whom he had hired several years earlier to redo the website of his computer company.
Identified by their SIM card
If the investigation highlighted the attraction of these two men for cybercrime, this illegal activity brings them relatively modest income, considering their investment.. Gaëtan would thus have earned around 10,000 dollars by selling phishing sites, ransomware or even a remote administration tool on Alphabay. A site that Jonathan first visited to buy cannabis. Before expanding its palette of website creator to phishing pages, for modest earnings, around 5,000 euros over two years.
Anyway, the blackmail against the British company will come to an end. After sending a long bombastic email of threats, Moush telephones the victim several times. But during a call, he gets the wrong SIM card. Blessed bread for the police officers of the central office for the fight against crime linked to information and communication technologies, who thus identify it easily.
During this time, the negotiator sent by the English Police dragged out the exchanges. While Moush believes he has succeeded in obtaining an agreement, he is finally arrested at his home, at his parents’, in Bagnolet. The rest of the investigation will allow the police to identify his two accomplices. The trial, which is due to end on Friday June 17, must now establish the exact responsibilities of the three men, who face a seven-year prison sentence for the attempted extortion.