The ex-student, convicted in January by the American justice system for cybercrime, was arrested when he landed on French soil this Wednesday. He had been at the heart of a diplomatic affair between France, Morocco and the United States.
Sébastien Raoult's legal adventures continue. Arriving free on Wednesday evening in Paris, the French hacker was arrested and then indicted as soon as he landed in France. The former student, who was sentenced on January 9 in the United States to three years in prison for having hacked the confidential data of more than 60 companies and reselling them on the dark web, is this time being prosecuted for breaches of automated data processing system.
In this case, Sébastien Raoult is being prosecuted in a judicial investigation opened in October 2022 by the anti-cybercrime section of the Paris public prosecutor's office. “I understand my mistakes and I want to put this story behind medeclared the young 22-year-old Frenchman during his sentencing at the start of the year. No more piracy. I don't want to disappoint my family again.”.
Around sixty companies affected
Originally from Epinal, in eastern France, Sébastien Raoult admitted to having been one of the «ShinyHunters»a group of computer hackers in which he hid behind the pseudonym «Sezyo Kaizen». From 2020, these hackers stole the confidential data of around sixty companies in order to resell them on the «dark web» (the clandestine zone of the Internet), causing losses estimated at more than six million dollars by American justice.
The group also had two other young French people in its ranks: Abdel-Hakim El-Ahmadi and Gabriel Bildstein, a hacker well known to the French justice system. But France does not extradite its nationals and they have remained in France. Sébastien Raoult was therefore the only one convicted in this affair across the Atlantic.
His case has hit the diplomatic headlines since his arrest in Morocco in 2022. The 22-year-old former computer science student was arrested on May 31, 2022 in Tangier on the basis of a red notice issued by Interpol at the request of the judiciary. American, as he was preparing to take the plane to return to France. He spent months in prison in deplorable conditions after his arrest at Rabat airport. His family and his French defense tried to have him extradited to France to stand trial, going so far as to appeal to the UN Human Rights Committee to oppose his handover to the United States. United. Without success.
Email phishing
According to American justice, the «ShinyHunters» used a procedure well known to hackers. They had created websites that looked like the authentication pages of real companies. With phishing emails imitating those from the employer, they lured employees of these organizations to these pages and harvested their credentials.
This allowed them to penetrate the computer systems of these firms, in order to copy their customer files and financial information. Data that they then put for sale on cybercriminal forums, hidden on the «dark web» as “Raidforums and EmpireMarket, known to harbor cybercriminals and illegal activities”. According to the prosecution, Sébastien Raoult “developed a substantial portion of the phishing code and websites that he and his co-conspirators used” for their scams.
THE «ShinyHunters» also blackmailed around twenty victims, demanding a ransom in cryptocurrencies so as not to put the stolen data up for sale. One of them reached $425,000, according to court documents. In order to increase their notoriety and their profits, they communicated with the media and posted, on one occasion, a protest message on the site of one of their victims.
Five million dollars to repay
According to various experts, they targeted the Microsoft account on the computer code sharing platform Github, the Indonesian e-commerce site Tokopedia, the American clothing brand Bonobos and the American telephone operator AT&T. In the indictment, the American authorities assure that the three French people were hiding behind this group, and said they identified them on the basis of IP addresses, linked accounts and discussions on forums.
Before the American courts, the former computer science student initially pleaded not guilty. But, in November 2023, he finally made an about-face by reaching a deal with the prosecution. Sébastien Raoult admitted being guilty of criminal conspiracy to commit computer fraud and aggravated identity theft. In exchange, prosecutors dropped seven other charges against him.
Now convicted on American soil, he took advantage of the reduced sentences and months of detention already spent in Morocco to return to French territory at the end of his sentence, while he risked up to 116 years in prison during his trial. However, he must reimburse five million dollars for the losses caused to the victim firms. Before the arrest of his son this Wednesday, Paul Raoult already regretted a bias in this affair. “We will never have the final word because there was no confrontation (with the other hackers)”his father whispered at the start of the year.
