This is a big blow for the French gendarmerie, which has neutralized a "botnet", a network of computers hacked hundreds of thousands of machines, mainly located in Latin America, in turn hacking the command server used in France by the hackers.

According to the gendarmerie, which described the operation as a "world first", more than 850,000 computers were issued from the "botnet" that connected them illegally, and the figure could still climb.

"This is a massive operation" by the number of computers involved, told AFP Gerome Billois, a French expert in cybersecurity law firm Wavestone. And according to him, it demonstrates "a high level of expertise" from cyber-hounds, who have deployed a very original mode of operation after being seized by the Czech antivirus publisher Avast.

"It demonstrates the ability of France to make big deals" against cybercriminals, while it is usually more the US FBI or Europol that are highlighted in this kind of case, he said.

Pirate hackers

According to the explanations provided by the national gendarmerie and Avast, the case began in early 2019 when the antivirus publisher reported to the police the presence in France of a server controlling a network of infected computers, mainly in Central America and in South America.

The experts of the C3N (Center for combating digital crimes of the gendarmerie) managed first to make a "quiet copy" (without alerting hackers) of the server, installed at a host in the Paris region.

In early July, they succeeded in substituting the hacker command server with a machine they controlled themselves, which then ordered all the computers enlisted in the network to disable the computer worm that was contaminating them.

"When the contaminated computers came to get their orders from the command server", the server of the gendarmerie who had taken his place "gave them the order to uninstall" the contaminant program, explained Gerome Billois.

The operation was made possible by a security breach in the computer program used by the pirates, thus taking them to their own game.

The gendarmerie, which collaborated with the FBI in this case, acted under the control of the F1 section of the Paris prosecutor's office, specialized in cybercrime.

No information is currently available on the hackers at the origin of the botnet. "Investigations continue to identify him," the gendarmerie simply said in a statement.

According to Avast, nearly 85% of the infected computers did not have antivirus. "Others were equipped with it but had disabled it, which made them completely vulnerable and likely to spread the infection without their knowledge," the publisher said.

Cryptocurrency mining

According to the gendarmerie and Avast, the network of infected computers made it possible for hackers to generate Monero cryptocurrency. The Retadup worm "also seems to be at the origin since 2016 of numerous attacks and data thefts and blockages of systems", indicated the gendarmerie.

The cybersecurity company TrendMicro had detected in 2017 this malicious software behind an attack on Israeli hospitals.

According to Gerome Billois, a user had even boasted on Twitter to have been the author of the program, without apparently being identified.

In this case, the gendarmerie has reiterated its caution to users, to avoid the enrollment of their computer in a "botnet".

"We do not click on the links if we are not sure of the person who sends you the mail," said Colonel Nollet, head of the C3N, in an interview on radio France Inter. "We do not click on the attachments either and we put an antivirus (even free) up to date, and we try not to do anything on the Internet."

With AFP