Eurobsit: What do you do here exactly, search the dark web in the hunt for cybercriminals?
Nicolas Duvinage: Yes, but that’s only part of it! We have three different missions. Of course we follow judicial inquiries, we are like the Anti-crime brigade of the internet. One of our ways we proceed is through cyber-patrolling. We “go out” looking for drugs, messages of indoctrination on forums and social networks. Exactly like we would do in the streets, but online. People think we only research and track down criminals from our desks but very often we go out to arrest a criminal and place them into custody! We very much have a physical presence in the field.
Our other two missions are territorial facilitation, which means training the Cybergends all over France. We also gather criminal resources: each time that a complaint is filed in a town, if it has a link to the web, it comes into our database. Then, we treat this information, gather data, and this gives us a centralised vision of these different crimes in France.
E.: Basically, you’re arresting a kind of criminal that didn’t exist 30 years ago, right? Those operating from their sofa
N.D.: These are indeed crimes committed “from the sofa” – but the guys are talented, the guys are harmful… Recently, in a narcotics case, we seized over 800,000 euros of criminal assets, including a Ferrari and a Porsche Cayenne!
E.: So can you tell us, what is a cybercrime and how is it evolving?
N.D.: Each month 5,000 web-related complaints are filed. The number of complaints increases by 10% every year. With 2017’s numbers, we are afraid that we’ll see the number reach 5,500 per month, with yearly damages estimated at €200 million.
Concerning the type of crimes, 70% of these are scams, 10% are people being insulted or defamed. There is also about 10% of hacking and in the remaining 10% we find weapons, narcotics and the trafficking of false documents, as well as counterfeiting, drug-trafficking, child-pornography… Our priority is set, by the French government, on those who advocate for terrorism.
E.: There are also 3,500 cyber-cops, called “cybergends” on the French territory, how do you divide the tasks?
N.D.: We are not their superiors, we act more like a functional chain. We nevertheless train them, we decide what equipment they need and we coordinate the network. If one locally-treated investigation becomes very technical, involving the use of bitcoins or the dark web, then we come to assist the investigation. If one of the crimes is too difficult and specific, it goes to the Department’s cybergend unit. If it’s still too difficult, the regional unit will take over the case. If it’s too complicated even for them, then we pick it up and treat it here, in our building.
E.: You said you also investigate cases of counterfeiting?
N.D.: We don’t usually go out patrolling for this purpose because this would normally be under the jurisdiction of the Cyber Customs division. But yes, we do this when we are called to investigate a complaint by the administration, a company or an association of rights holders. In this case, we will make inquiries on the sale of glasses, watches, jewelry… Which are more “general public”. This happens a handful of times a year.
E.: I guess counterfeiters are mainly present on the clear web, right?
N.D.: Exactly. Users of the dark web are more specialised and often technophile – not an interesting profile for counterfeiters. These people want to sell to the masses, they use classic “BtoC” websites that appear on Google. A new trend has appeared, selling products on social networks such as Facebook and Instagram. (Read our article related to this subject) I mean… Instagram is a platform designed for images, so it is perfectly suited for advertisements.
On Facebook, counterfeiters are either active on private groups such as “sale and purchase of watches” or they have public profiles that sell counterfeit products. The buyer contacts the salesperson by private message and discusses the product, price and shipping costs. This, of course, is without mentioning Facebook’s new “market place”. Perfumes, jackets, medications, watches… You really can find everything, look. – He scrolls down on his phone and stops on a picture showing dozens of perfumes sold at €20 each – I seriously doubt that this is real Chanel, or that the brand is aware that this product is sold there by this person…
E.: What about medicines? We know they are very present on the clear web but do they also exist on the dark web?
N.D.: There is also drug trafficking but it is not the same kind: they are clearly illegal products. You will find instead “raping-kits” containing drugs like GHB or GBL, its predecessor. There are also suicide-kits and drugs used for euthanasia… Nothing you can legally buy in pharmacies.
That being said, some drugs can be found both on the clear and the dark web. Cytotec, for example, is a drug used as an abortion pill. There, buyers will often be people who want to send these pills back to their home country, where abortion is forbidden. Viagra is also on the dark web – probably bought there because the conditions of anonymity are very important.
Be careful though: a drug pill sold on the dark web does make it illegal, but does not necessarily mean it’s fake. Only a pharmaceutical laboratory analysis would be able to confirm that.
E.: What kind of tools do you use for such investigations to track bitcoin, users of Tor which are supposedly untraceable?
N.D.: We have three different technical and procedural tools which, you’ll understand why, I will not detail here. I can say, however, that we use mainstream tools, which could be compared to… Tweetdeck for example. We also use industrial tools and develop our own software depending on our needs. For the bitcoins and the dark web for example, we have invested a lot in them, which enables us to surf on it easily and regarding those that are more complex, we have invested a lot and now enjoy a certain success. And then, just as a criminal would do IRL, we wait for him to make a mistake, leave a trace behind. It can take time, but sometimes the policeman gets the burglar, sometimes the burglar escapes. Exactly like in real life.
 France’s territory is divided into regions, which are themselves divided into departments and then into cities.