The National Gendarmerie is giving more and more importance to new technologies to help it meet its three challenges of anticipating, intervening and repressing threats. Those emanating from cyberspace, both on the Internet and the dark web, are increasing significantly and are affecting increasingly vast areas ranging from banking, to terrorism, through the trafficking of weapons, drugs or child pornography. .
To respond to the growth of Internet-related threats, the National Gendarmerie has implemented several systems. First of all the creation of the Cybergend network, led and coordinated by the center for the fight against digital crime (C3N) located in the premises of the judicial center of the National Gendarmerie in Cergy-Pontoise which we had the opportunity to visit on Tuesday January 17 during a press briefing. Linked by a network of 260 military investigators distributed throughout the territory – but trained in Troyes – Cybergend is supplemented by a network of 2,600 correspondents in new technologies distributed in the brigades.
Awareness-raising actions on cybersecurity are also carried out with a large majority of gendarmes, including in particular a training day on cyber risks. The National Gendarmerie is also involved in the Nomoreransom project to combat the proliferation of ransomware in France. Work is also underway in the field of monitoring and assessing the risks associated with virtual currencies and connected systems, including in particular connected cars, which we had already been able to report on in a previous report. At FIC 2017, the Gendarmerie – with the Ministry of the Interior and ANSSI – will also present a strategy on cybercriminals affecting SMEs and SMIs. Another project on which the National Gendarmerie is moving forward: an online reporting portal for credit card fraud. In a context where 950,000 fraudulent uses were recorded in France last year, this project is timely. Its specification phase has been completed and it is planned to go online for the end of the first half of 2017, knowing that this portal will be integrated into the service-public.fr site.
The headquarters of the center for the fight against digital crime in Cergy-Pontoise. (credit: Dominique Filippone)
Years pass and cyber threats evolve. If the National Gendarmerie is far from standing idly by in the face of the proliferation of channels and forms of computer threats, it has noted a surge in the number of complaints related to the Internet compared to recent years. “5,000 complainants came to file complaints involving digital or the Internet,” explained Colonel Nicolas Duvinage. If the Gendarmerie takes care to distribute to all of its men – from the road policeman to the one who pilots a helicopter or on a caving mission – a set of good practices and warnings relating to cyber risk, it does of course have qualified personnel to respond specifically to this type of threat, grouped together at C3N.
The C3N gendarmes authorized to intervene throughout the territory
“The C3N is the only national gendarmerie unit specializing in cybercrime,” explained Colonel Nicolas Duvinage. Composed of 38 people, the C3N shares its premises in Cergy-Pontoise with the laboratory of judicial expert gendarmes working with digital seals (damaged hard drives, exploded smartphones, etc.). However, the latter do not carry out investigations, they are specialized in recovering data from damaged devices. The role of investigators is therefore devolved to C3N staff who also have national expertise, which distinguishes them from their cyber colleagues in Rennes or Lille, for example, who need a point of attachment. With the agreement of a magistrate, the C3N gendarmes therefore have the possibility of carrying out searches, placing them in custody and raising identities.
Colonel Nicolas Duvinage during a press briefing on Tuesday January 17, 2017 at the C3N headquarters in Cergy-Pontoise. (credit: Dominique Filippone)
The Internet is an ideal hunting ground for cybercriminals of all kinds. To thwart them, the C3N has an Internet, social network and dark web patrol that will track down objectionable ads, in French and operating on .fr domain names. If the C3N does not need a complaint to start an investigation, this cell is however careful not to go in all directions. “The C3N does not go hunting for anything, we are not here to pursue the petty criminal of the net. And then we also face the principle of reality, human resources and prioritization of files,” explains Nicolas Duvinage. Among the targets targeted by the C3N are all actions on the web or on social networks relating to the apology of terrorism, the trafficking of arms, narcotics, false documents or even health products. But also computer hacking – known in the jargon as attacks on automated data processing systems (STAD) – on computers, servers, smartphones… but also everything concerning the dramatic offenses related to child pornography.
A role that does not encroach on anti-terrorism and the DGSI
Regarding the actions taken to counter crimes related to the apology of terrorism, the C3N warns however that its unit is specialized in cyber but is not intended to replace other actions carried out by the DGSI and anti-terrorism. . This does not prevent the C3N from working at full speed, although it would like to be able to benefit from more human resources. Since the Bataclan attack in November 2015, more than 4 million tweets have been analyzed and 70 legal investigations have been opened. “On Twitter, the account must not be suspended, otherwise we cannot see any violation,” warns Colonel Nicolas Duvinage. Of the 70 suspects identified, it turned out that 25 were S files. The work of the C3N gendarmes is increasingly difficult. Faced with increasingly seasoned individuals, we must take more precautions in terms of anonymity. Against arms trafficking, the C3N works with the Pixaf (explosive investigation center and firearms) to hunt down the sale of weapons on the Internet. French buyers take advantage of foreign regulations to do their shopping.
On the French dark web it is easy to find false documents sold without any scruple by cyber-crooks of all kinds. (credit: DR)
“French stakeholders buy legally from online gun shops in the United States,” warns Colonel Duvinage. Many pharmacies filter in order to avoid delivering French nationals under arms to the territory, but several circumvention techniques exist, including changing your IP address, configuring your browser in the US language, clearing your browser of cookies from French sites to go under the radar of American online arms sales sites, using a foreign bank card… “Other sites do not even do this filtering and allow customers to buy weapons in the United States as they wish” , continues the colonel. To circumvent one of the last ramparts against the sale of weapons from a US online sales site, some resort to repackaging service companies which receive a package from a US site before redelivering it to its French buyer in the country.
The other vector of arms sales on the Internet goes through specialized classifieds sites between individuals on hunting and fishing, but also other more surprising ones. “We find weapons for sale in the middle of sites of collectors of old weapons whose weapons have been remilitarized but they can also be found on sites on the Epiphany, snow globes…”, says the Colonel Duvinage. However, it is not on French-speaking websites that we find the most weapons, but on English-speaking sites. “In France we have not yet come across big thugs but rather toads, small sellers. Maybe we are not going to the right places? »
A small head but many legs
In addition to the sites of arms sales having in a way “gear on the web”, the C3N also has as a priority to hunt on a terrain even more difficult to access, the dark web. An area where there is a considerable number of false documents, but not only. “False papers, modified scans of documents of all kinds and pay slips or even Assedic certificates but also identity cards and proof of residence allow crooks to set up false consumer loan application files”, indicates Colonel Duvinage . Then, the imagination of the tricksters does the rest to buy objects and resell them or even have them delivered to an unused mailbox on which the crooks apply a false name and have a found PTT password to open it. on the dark web or even call on people who “resell” mailboxes.
In France, we mainly find fake scans of documents on the dark web, less “real fake papers”, ie documents made using real strains. On the dark web, payment is mainly made in cryptocurrency. Bitcoin of course, but also others like Dash, Ethereum… PCS Mastercard coupons are also commonplace in the dark side of the Internet. Counterfeiters and scammers buy – easily – without means of identification from a merchant, a voucher with a number associated with a barcode allowing them to pay but also when a debtor receives a photo capture of this voucher – no need to the original – to withdraw money from merchants accepting PCS Mastercard. An effective way to pay discreetly and launder money.
38 people but 2,600 legs
“The C3N has a small head of 38 people but a lot of legs thanks to the 2,600 correspondents in new technologies of the Cybergend network distributed throughout France”, summarizes Colonel Duvinage. “We are required to intervene throughout France. In March 2016, the Western Gendarmerie unit called us for a case of canabiculture with a person who had a server bay at home to industrialize the sale of his production in bitcoins. We seized them, ”says Colonel Duvinage. The web policeman is indeed a policeman like the others.