“A massive leak is to be expected if no contact is made.” This is how a user on Twitter threatened, screenshot of a file tree in support, the Pole Léonard de Vinci. At the end of September 2022, this private higher education establishment in Hauts-de-Seine had indeed been the victim of hacking coupled with extortion.
As Le Monde pointed out at the time, the profile of the attackers clashed. The latter had communicated widely on their action via two Twitter accounts, and there had been no deployment of ransomware, the number one malicious tool in extortion attempts.
Three computer science students arrested
The hypothesis of inexperienced computer hackers has just been reinforced after the unveiling, in the columns of Le Parisien, of a very recent judicial dragnet linked to this affair. Three computer science degree students have just been arrested in Île-de-France as part of this investigation by the police officers of the Central Office for the Fight against Crime linked to Information and Communication Technologies. (OCLCTIC).
According to the daily, the three suspects were taken into custody. They were then indicted for breaching an automated data processing system and extortion. The investigators had followed the trail of the ransom of 18,000 euros paid in ethereum to go back to the suspects.
Compromised server
The higher education institution acknowledged at the time that the hackers had gained access to a server used to host internal applications. They were thus able to get their hands on the personal data of the students, whether it was their civil status information or official and administrative documents. So much sensitive data that had prompted the school to checkout.
“We go to infrastructures that have digital credibility and we do our own cybersecurity checks and it works 95% of the time, then we contact the administrators to discuss the security breach and we take what ‘there is something to take, without necessarily being too greedy,’ assured a surfer at the time, claiming to be one of the computer hackers, to Parisian.