Is a 16-year-old minor behind the theft of the data of nearly 20 million subscribers of the Free operator? A teenager suspected of having demanded 10 million euros in ransom from Xavier Niel was indicted on Wednesday January 15 in the evening in Paris. Arrested on Monday in Essonne, according to a source close to the case, this high school student already suspected in several hacking cases was brought before a Parisian investigating judge and then placed in an educational center by a judge of freedoms and detention.
On October 21, the Free database, covering 19.2 million French customers, the majority of the company's 22.8 million subscribers, “including 5.11 million including an IBAN number, was put up for auction by a hacker on a cybercriminal forum”recalled the public prosecutor, who had entrusted the investigation to the Brigade for the fight against cybercrime (BL2C) of the police headquarters. The file contained personal data, such as their address, telephone number or email.
The teenager is suspected of having entered Free's servers via security breaches of a company employee. The data file was resold for 20,000 euros and the minor pocketed half the sum, according to another source close to the matter.
The miner is also accused of an attempted extortion against Xavier Niel, founder of Free: he is suspected of having asked him for 10 million euros in cryptocurrencies in a message considered to be a ransom demand, in exchange for the return of the file, which the billionaire refused. In mid-November, justice ordered the Telegram messaging service to reveal the identity of the hacker who had used the platform to put pressure on the president of the Iliad group.
In detail, this high school student born in January 2008 was indicted for various offenses relating to an automated data processing system (fraudulent access and maintenance; fraudulent introduction of data; fraudulent possession of data; fraudulent extraction of data), but also for collection of personal data by fraudulent means or even concealment of an attack on an automated data processing system.
-Sport 2000 and hacking of the Altice group's Twitter accounts
The Paris prosecutor's office had declared earlier in the day that this minor “identified as the author of this leak was already under judicial control, having been arrested in June in a case involving leaks of customer data, notably from Sport 2000, and hacking of the Twitter accounts of the Altice group (RMC, BFMTV)”. According to the source close to the case, he was also placed in police custody in December but without being prosecuted, for other data leaks concerning other companies.
The defendant's lawyer, Me Camille Lucotte, said “very surprised that he is the only one concerned in this affair, when he is clearly a secondary actor and the main perpetrator is clearly identified by the investigators”. “My client is willing to cooperate with justice,” she added, criticizing the prosecution which “divides the procedures, increases the number of searches and successive detentions for related facts”.
“They trusted us by filing a complaint and they understood everything! Thank you Free»for her part greeted on LinkedIn, in a reference to the company's slogan, the vice-prosecutor Johanna Brousse, head of the section for the fight against cybercrime. “More than ever, we need to strengthen cyber prevention among young people.” she added.
Between September and the end of November, in addition to Free, Auchan, SFR, the streaming platform Molotov, Truffaut, Cultura, Boulanger and The Point have all confirmed the leak of personal data of their users. That is, several tens of millions of people concerned, customers or users, whose email addresses, postal addresses, and sometimes Ibans, are resold online by pirates.
Related News :