Paris (AFP)

Taken to their own game: the French gendarmerie managed to neutralize a "botnet", a network of computers hacked hundreds of thousands of machines, mainly located in Latin America, in turn hacking the command server used in France by the hackers.

According to the gendarmerie, which described the operation as a "world first", more than 850,000 computers were delivered from the "botnet" that connected them illegally, and the figure could still climb.

"This is a massive operation" by the number of computers involved, told AFP Gerome Billois, a French expert in cybersecurity law firm Wavestone. And according to him, it demonstrates "a high level of expertise" from cyber-hounds, who have deployed a very original mode of operation after being seized by the Czech antivirus publisher Avast.

"It shows the ability of France to make big deals" against cyber criminals, while it is usually more the US FBI or Europol that are highlighted in this kind of case, he Explain.

According to the explanations provided by the gendarmerie and Avast, the case began when the antivirus publisher reported to the gendarmerie in early 2019 the presence in France of a server controlling a network of infected computers, mainly in America Central and South America.

The experts of the C3N (Center for combating digital crimes of the gendarmerie) managed first to make a "quiet copy" (without alerting hackers) of the server, installed at a host in the Paris region.

Then in early July, they replaced the hacker command server with a machine they controlled themselves, which then ordered all the computers enlisted in the network to disable the computer worm that contaminated them.

"When the contaminated computers came to get their orders from the command server", the server of the gendarmerie who had taken his place "gave them the order to uninstall" the contaminant program, explained Gerome Billois.

The operation was made possible by a security breach in the computer program used by the pirates, thus taking them to their own game.

The gendarmerie, which collaborated with the FBI in this case, acted under the control of the F1 section of the Paris prosecutor's office, specialized in cybercrime.

No information is currently available on the hackers at the origin of the botnet. "The investigations are continuing to identify him", simply specified the gendarmerie.

- Cryptocurrency mining -

According to the gendarmerie and Avast, the network of infected computers made it possible for hackers to generate Monero cryptocurrency.

The Retadup worm "also seems to be at the origin since 2016 of numerous attacks and data thefts and blockages of systems", indicated the gendarmerie.

The cybersecurity company TrendMicro had detected in 2017 this malicious software behind an attack on Israeli hospitals.

According to Gerome Billois, a user had even boasted on Twitter to have been the author of the program, without apparently being identified.

On the occasion of this case, the gendarmerie has reiterated its caution to users, to avoid the enrollment of their computer in a "botnet".

"We do not click on the links if we are not sure of the person who sends you the mail," said Colonel Nollet, head of the C3N, in an interview on radio France Inter. "We do not click on the attachments either and we put an antivirus (even free) up to date, and we try not to do anything on the Internet."

According to Avast, nearly 85% of the infected computers did not have antivirus. "Others were equipped with it but had disabled it, which made them completely vulnerable and likely to spread the infection without their knowledge," the publisher said.

© 2019 AFP