On March 14, 2021, on the social network Discord, a certain Sezyo swaggered: "My greatest hacking success was 'Sawfish'." This code name stood for a "spectacular" scam campaign, he asserted. And the pseudonym Sezyo stood for one brazen hacker: Sébastien Raoult. Three years after these messages were posted, the fate of this young 22-year-old Frenchman from Epinal (eastern France) is now hanging on a verdict from the American courts. His sentencing hearing is due to take place at 11 am local time on Tuesday, January 9, in Seattle, where he was extradited in January 2023 after being arrested in Morocco eight months earlier.

Raoult has been accused of being part of the ShinyHunters, a gang of French hackers who have targeted a total of around 60 organizations between April 2020 and July 2021. After initially pleading not guilty, the Frenchman eventually admitted his responsibility for two of the nine charges.

At the heart of the case was "Operation Sawfish," a vast phishing campaign carried out against GitHub. This platform, which enables developers to store and share IT projects, reported in April 2020 that it had fallen victim to a malicious campaign. The users targeted, who had been warned of an alleged change to their account, were redirected to a fake login page, on which they had their credentials stolen. As Raoult would later confirm, the harvest was indeed particularly bountiful: Some 650 GitHub users were thus hacked between March and May 2020. Between April and June, this led to at least 17 hacks on companies, which were subsequently victims of data theft and extortion attempts.

The prosecution and defense memoranda which were prepared for the hearing provide unprecedented details of the role played by the young hacker. According to Gabriel Bildstein, a well-known French hacker who was also accused of being a member of the ShinyHunters – but who was not extradited as he has remained in France – this phishing campaign targeting GitHub had been programmed by Raoult. Even if he was later less involved in the data thefts as such, there was no doubt about the decisive nature of his role in these hacks, stated the American prosecutor's office.

Without these precious login details, the hackers' data raid would not have been possible, which explains the substantial sentence sought by the prosecution: 72 months, i.e. six years in prison. The defense, on the other hand, has pleaded for a 25-month sentence (just over two years), judging on the contrary that Raoult's involvement in the ShinyHunters' activities was "limited." He allegedly only reproduced open source code which was already available, without being involved in ransom demands or data sales.

You have 55% of this article left to read. The rest is for subscribers only.