How a young hacker was hired (and scammed) by a DGSI (French domestic intelligence) agent
Convicted of hack involving Thales, the individual was contracted by domestic intelligence for one-off missions, and robbed of part of his pay by DGSI handler.
At the end of January 2024, a security expert, going by “Sh0ck”, published a long thread on X recounting his years of confidential work for the DGSI, French domestic intelligence. He then erased the thread, but news agency Mediapart published an in-depth investigation of the matter.
In 2011, at age 18, Sh0ck illegally accessed the server of a US translation firm. He retrieved classified files belonging to Thales and relating to frigates. Law enforcement identified and apprehended him. A court sentenced him in 2013 to six months probation and a 500-euro fine.
However, in the meantime, a member of the DGSI, then the DCRI, offered him cyber missions as an “outside source” on French-speaking jihadist circles. After tasking him with OSINT research, the DGSI asked him to uncover vulnerabilities in jihadist websites. In particular, Sh0ck managed to access the website of Ansar Al-Haqq, a big name at the time, from which he stole 4,000 usernames.
Former DGSI employees confirmed the account: recruiting outside hackers is a common practice in French domestic intelligence. Sh0ck worked for the DGSI until 2016-2017, before finding employment as a consultant for an IT security firm.
In 2020, law enforcement informed the young hacker that his DGSI handler had swindled him. The brigadier had indeed embezzled around half of the cash intended for his outside “sources”, to the tune of 92,000 euros. He used counterfeit papers used by the DGSI in cover operations to open the checking account in which he deposited the sum.
Indicted in the summer of 2020, the 52-year-old brigadier was sentenced in November 2022 to six months in prison and two and a half years’ probation, for “embezzlement of public funds” and “forgery and fraud.”