Since last August, the gendarmerie has set up the ComCyberGend. A single command that manages all divisions related to digital. A veritable army of gendarmes ensuring the tranquility of cyberspace. Futura met these cyberlimiers at the International Cybersecurity Forum which was held in Lille from September 7 to 9.
You will also be interested
[EN VIDÉO] What is a cyberattack? With the development of the Internet and the cloud, cyber attacks are more and more frequent and sophisticated. Who is behind these attacks and for what purpose? What are the methods of hackers and what are the most massive cyber attacks?
Paul-Alexandre is a captain of the gendarmerie. This Saint-cyrien endowed with an engineering course made his weapons with Europol and more precisely at EC3, the European Center for the fight against cybercrime. This is what ultimately led him to head the investigation department of C3M. The C3M is the Center for the fight against digital crime. As great feats of arms, these cybergendarmes have, for example, dismantled Retadup, a malware contaminating more than 1.3 millioncomputers to turn them into botnet giant. During the last edition of the FIC, one of them explained to Futura the techniques used to successfully neutralize the malware and de facto, the network.
On the FIC 2021, the captain took the time to take stock for Futura, on a big ongoing affair, a case of which he cannot reveal all the details. This is’EncroChat, a company offering ultra-secure smartphones whose 60,000 customers were mainly criminals in search of discretion. As Futura had mentioned, the investigation was precisely initiated by the French cybergendarmes and it resulted in the dismantling of this network last year during a large international police operation. During the latter, the servers EncroChat, which happened to be in France, could have been seized. With those servers, the gendarmes were able to install malware during an update to consult the exchanges on mobile phones, without even having to decipher them.
But, for Captain Paul-Alexandre, just the mode of sale of these phones came to prove that they were intended only for criminals, while EncroChat swore that its clients were mainly journalists, lawyers or personalities. It was necessary, in fact, to be co-opted to be able to benefit from it and the network was precisely made up of people linked to organized crime. The soldier explains that this is typically the type of investigation that is now done with international police organizations. And given the nature of cyber, this collaboration will grow stronger in the future.
But the C3M’s field of action is much broader than these complex investigations. Investigators track down the apology for terrorism, digital scams and illicit sales, especially on the darknet, attacks on theintegrity computer systems (botnets, ransomwares), the cryptomonnaies and their laundering, and also the child pornography. For example, it is the C3M which carries out investigations into the sale of fake sanitary passes.
A single command for cybergendarmes
If the C3M is not new, a real revolution has taken place this summer. C3M coexisted and collaborated with three other divisions also specialized in cyber. They now benefit from a single command: the ComCyberGend. And, with its four divisions, this ComCyberGend includes 7,000 cyberlimiers supported by 200 reservists. This is just the start, as 10,000 more agents will be recruited in the coming years. A resizing and restructuring around a central command which makes it possible to respond to the explosion of acts of cybercrime.
There would have been 20% more than in previous years in 2020. As the captain reminds us, these are mainly scams since they represent 75% of cases. But the officer points out that, unfortunately, complaints are rarely filed. For example, in 2019 there was only one complaint for 267 attacks. It is not so much individuals who are the main victims (13%), but often companies who are afraid of damaging their reputation by filing a complaint. Yet the new ComCyberGend ensures that the confidentiality is one of the priorities of the gendarmes.
The plague of the moment is the ransomwares. These are the most affected SMEs since they represent 46% of the victims. The other most targeted companies are VSEs at 21%. Individuals are relatively little impacted (7%). Administrations are also bad students in matter cybersecurity, because they also represent 14% of cases. The ransoms are often large and there is also the threat of disclosure of company information in the event of non-payment of the ransoms. The head of the C3N investigation department advises never to pay the ransom and to be accompanied by the gendarmes in this ordeal. He admits that, unfortunately, some SMEs cannot afford to stand still or are afraid of the disclosure of their data. But, according to him, the lines are moving now and the number of complaints is starting to align with the number of attacks.
Connected objects, new witnesses to crime scenes
And then, cyber was also invited to any crime scene. The connected objects there are now dozens in homes. Cyberendarmes are therefore called upon to use the data collected by these numerous connected accessories and, first and foremost, home surveillance cameras. These investigations are once again entrusted to C3N. On the other hand, the gendarmes call on the skills of experts from the Digital Operations Support Division and, in particular the National Center of Expertise. Digital. In their laboratory, they are able to extract the data contained in these accessories, in smartphones or computers.
Interested in what you just read?
.
