Disaster at the Le Bonnois law firm. At the end of May 2021, this company specializing in personal injury compensation is the victim of a ransomware attack. The gang of cybercriminals behind the action, called Everest, then put the nearly 14 million stolen documents up for sale for $30,000 (27,000 euros). The stakes are high: among the mass of stolen documents are procedural elements concerning the assassination of the teacher Samuel Paty and the attack against Charlie Hebdo.
Read the survey: Article reserved for our subscribers Florent Curtet, an “ethical hacker” with a nebulous background
Read later
But on the thugs' site, a mention surprises the police officers of the Central Office for the Fight against Crime Linked to Information and Communication Technologies (since renamed the Anti-Cybercrime Office): Everest sends away those who try to contact it towards NeoCyber, the self-enterprise of Florent Curtet, a very public repentant French hacker.
At the time, the young man had been making multiple approaches to companies that were victims of computer attacks for several months. This is evidenced by the episode recounted in Monde by Mathieu (his first name has been changed at his request), a French expert in IT security who, in August 2021, works as a service provider in Switzerland for a pharmaceutical laboratory: he thus sees Florent Curtet arrive, list of stolen data in hand, after an intrusion by hackers into company systems. “Between the lines, he tells us that we have to pay the ransom, I found that insane”remembers Mathieu.
Negotiator or accomplice?
A sort of infiltration, claims Florent Curtet today, who claims to have played a double game with the cybercriminals. Its objective: to inform the General Directorate of Internal Security of computer attacks of which it is aware. A role as an informant carried out free of charge, according to his declarations to Monde.
“It was I who allowed his recruitment, he gave us valuable information on hackings of French companies”assures Pierre Penalba, former head of the anti-cybercrime group of the Nice judicial police. The former civil servant is close to Florent Curtet and the two men communicated regularly during this period. At the time, the National Information Systems Security Agency (Anssi) was also put in the loop, says Florent Curtet.
You have 50.91% of this article left to read. The rest is reserved for subscribers.
