Seclin (France) (AFP)
"Just today, I spotted 300 stolen databases, distributed on the darkweb", sighs Damien Bancal, scrutinizing his five screens.
For thirty years, this journalist and northerner communicator "searched the pockets of computer hackers", with the "citizen" objective of protecting our private lives.
"I am neither a technician nor a hacker. I do not repair the flaws. I unearth leaked data on the internet and alert whoever it is, then inform", explains this smiling and talkative father of 49 years, to the origin in mid-February of the revelations on the massive leak of medical data of 500,000 French patients.
On the first floor of his brick house, in Seclin (North), his office is full of "geek culture".
Posters and badges from the Marvel universe stand alongside video game figures, but also the EU's General Data Protection Regulation (GDPR).
During the day, Damien Bancal is director of communication for his city and journalist, notably through La Voix du Nord, France 3 or the press specializing in IT.
But at night, "when wife and daughters sleep", he surveys the depths of the web and writes his blog Zataz, dedicated for 25 years "to cybersecurity, for the general public".
- "Alert launcher" -
Hostage of servers, infiltrations, phishing: Damien Bancal voluntarily identifies news on cybercrime and does education because "it is by knowing the Ba-ba that we learn to protect ourselves".
He is also a "whistleblower", warning companies and administrations of attacks or identified flaws.
Aircraft manufacturers, opticians, polling institutes: since 1996 he has contacted more than 79,000 entities, also reporting to ANSSI (French Information Systems Security Agency).
"A secure protocol allows Internet users to report leaks to me. And I watch over the shoulder of pirates," he summarizes.
This autodidact monitors forums, darkweb sites frequented by cybercriminals and "their networks such as Telegram, Discord", or more than 30,000 sites.
"Here, it's a blackmarket shop, specializing in banking data. There, medical data sold for 1,000 dollars," he points out with his mouse.
He is "infiltrated" there, thanks to avatars sometimes created for two decades.
In his library, dozens of figurines serve as "mnemonic devices for passwords".
He "discusses, questions the pirates, passing for a client".
Stung from adolescence, by being particularly interested in illegal copies of video games, Damien learns about an "Amstrad" offered for his college diploma.
He will write about "the minitel pirates", from the beginnings of the Internet ... "But today, it explodes and it is 99% of the business".
- "Pioneer" -
The criminals "spread the stolen data when companies don't pay ransom", or sell it "in bundles, like a fish auction", whether it is "official documents to impersonate, phones for advertising, bank cards to buy online ... "
Health data, "it's shocking, because it's intimate. But it's just as serious when it's an adult site, a law firm or a corporate HRD."
This hyperactive enthusiast also directs the cyber intelligence of a Canadian company, teaches at the University, and raises awareness of cybersecurity in schools on behalf of the gendarmerie.
"He is a pioneer, one of the first to have spoken about cybersecurity to the general public (...) creator of a unique alert protocol, which guarantees the anonymity of contributors", comments Véronique Loquet, author of the podcast "No Log", on "the wings of the cybermonde".
Renowned hacker, also in the name of cybersecurity, Baptiste Robert salutes his "enormous popularization work".
Sometimes criticized for being in direct contact with criminals, Damien Bancal replies: "to be a journalist is to speak to the sources".
And despite some trouble with the law, when companies accused him of having penetrated their servers, he intends to "continue to inform".
“It's important, digital hygiene,” he insists.
"Data lying around is a wallet thrown in the street".
© 2021 AFP