Share this article on:
A 21-year-old Frenchman was extradited to the United States last week after being arrested in Morocco in 2022. Sebastien Raoult — who hails from the French commune of Epinal — is facing a range of charges, including wire fraud and aggravated identity theft.
Sebastien Raoult was a member of the ShinyHunters hacking group where he operated under the nom de guerre Seyzo Kaizen. Raoult was attempting to travel to Brussels when he was arrested at Rabat–Salé Airport in May.
ShinyHunters began operation in 2020 and has been responsible for a raft of data breaches. Its first major success was the theft of personal details belonging to 15 million customers of the Indonesian e-commerce company Tokopedia.
The group has also targeted Microsoft, Mashable, and Mammoth Media, among others, holding data for ransom and threatening to post it online if victims refuse to pay.
“Too many bad actors believe they can illegally access proprietary information and personal financial information by hiding behind a keyboard,” said US Attorney Nick Brown in a Department of Justice press release. “FBI Seattle Cyber Task Force and our experienced cyber unit is working diligently to identify, arrest, and prosecute those who seek to victimise people, businesses, and industries in the Western District of Washington and around the world.”
Two other ShinyHunters members were also indicted alongside Raoult. Twenty-three year-old Gabriel Kimiaie-Asadi Bildstein of Tarbes, France, and 22-year-old Abdel-Hakim El Ahmadi of Lyon, France remain at large, however.
“Bildstein, Raoult, and El Ahmadi, and others, used a variety of specially designed scripts and internet-based tools to search for, identify, and gather contact information for particular company employees and contractors,” the indictment reads, “often software developers, information technology (IT) personnel, and others to access source code and git repositories.”
If convicted of all charges, Raoult faces up to 116 years in prison. Raoult had been fighting against his extradition since his arrest, with his lawyer even contacting the UN Committee against Torture.
“The committee considers that Moroccan law does not allow sufficient control against the risk of inhuman and degrading treatment,” Raoult’s lawyer, Philippe Ohayon said in December 2022. Clearly, Moroccan authorities were not in agreement.
The hacking group uses the image of a Pokémon character as its logo, which is also likely where the group gets its name from.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.