MISP-PJ: the police acquire a file to better combat malware

Faced with the resurgence of crimes related to hacking tools, law enforcement authorities want to acquire new tools to be able to centralize and cross-check the data collected during their investigations. In a decree published on December 26 in the Official Gazette, the Ministry of the Interior thus authorizes the creation of the MISP-PJ database, which will gather technical markers and indicators of commitment collected by gendarmerie and police who investigate files related to computer crimes . .

Centralize data

MISP-PJ (Malware Information Exchange Platform – Judicial Police) will take the form of a database that will bring together both the data collected by the agents and the open source data identified as likely to be linked to the investigation.

The database will thus allow agents to record various types of information related to their investigations: names, names and corporate names of the people and organizations involved, IP addresses of command servers used in a breach of a system. The platform will also allow to record all the data related to the author of the attack collected by the researchers: “email addresses, IP addresses, pseudonyms, profile name (s) in social networks or identifiers, name (s) domain name, number of port, ransom request email, ransom note, encrypted file data and file signature, virtual currency wallet address ”, as well as payment information.

The database will be accessible to specialized services in the fight against cybercrime: the C3N of the gendarmerie, the OCLCTIC of the judicial police and the BEFTI of the police headquarters, as well as the specialized magistrates of the Paris Public Prosecutor’s Office and others. magistrates who need access to data as part of their investigation. The database will also be open, under certain conditions, to judicial cooperation bodies (Europol, Eurojust or Interpol, for example) or to foreign police services.

Cross IoC

This information is essential in investigations to trace the origin of a cyber attack. The IT security industry generally refers to them as Indicators of Compromise (IOC) and many private companies specialize in identifying and sharing this data, used by security tools to trigger any alerts.

For the police, on the other hand, the question is not to benefit from better protection, but to centralize information and facilitate checks and balances in investigations: we learn more in the CNIL’s opinion on this new file, published in the same edition of the official diary. The Commission explains that “The cross-checks will be carried out automatically within the MISP-PJ application itself, which allows reporting when several files share an identical technical indicator. They will allow investigators to establish links between certain violations and thus facilitate their investigations. ”

The CNIL does not see any major problem in the configuration of that file. The commission regrets in its opinion that the ministry did not wish to carry out an impact analysis before the constitution of the file. It is also concerned about the level of security that will be provided to said file: access to it will be reserved to authorized officials and magistrates, provided with a username and password that allow tracking their actions in the file, but remember that the centralization of This data, in fact, presents a risk in case of loss of confidentiality. Likewise, the data recorded in this file will be kept for 6 years, when the CNIL considers for its part that a period of three years could be considered justified.

Woodmart Theme Nulled, WP Reset Pro, Newspaper 11.2, Newspaper – News & WooCommerce WordPress Theme, Premium Addons for Elementor, Rank Math Seo Pro Weadown, WeaPlay, WordPress Theme, Plugins, PHP Script, Jannah Nulled, Elementor Pro Weadown, Woocommerce Custom Product Ad, Business Consulting Nulled, Jnews 8.1.0 Nulled, Avada 7.4 Nulled, Nulledfire, Dokan Pro Nulled, Yoast Nulled, Flatsome Nulled, PW WooCommerce Gift Cards Pro Nulled, Astra Pro Nulled, Woodmart Theme Nulled, Slider Revolution Nulled, Wordfence Premium Nulled, Elementor Pro Weadown, Wpml Nulled, Consulting 6.1.4 Nulled, Fs Poster Plugin Nulled

Back to top button