Over a little over two years, Pascal Desgagnés would have been fishing for passwords by multiplying Google searches on his potential victims in order to manage to decode their secret questions and access their iCloud, Facebook or email accounts in order to navigate in the corners of their private life.
• Read also: ‘Star spy’ trial: It’s ‘horrible’ to see your privacy violated, says music personality
• Read also: Trial of the “star spy”: Even American technicians from Apple did not understand according to a plaintiff
The report by Crown police expert Alain Rioux describes the modus operandi allegedly used by the computer specialist accused of having stolen the personal data of 28 complainants, including public figures. After getting hold of their e-mail address, Pascal Desgagnés, who has done sub-contracts for Revenu Québec and Université Laval in the past, allegedly tried to connect to the accounts of the alleged victims, mainly by using the ” Forgot your password “.
“He needed a certain amount of information about the victim that would allow him either to guess his password or to answer his secret questions which are asked by most providers during a new connection or during a forgotten password, ”wrote police officer Alain Rioux in his report.
This is where Google searches came in handy.
In the history found in his computer, searches that multiply and often have the same form. Each time, a target’s name and useful information like “date of birth”, “birthday”, “grew up in”, “car”, “nickname”, “street”, “dog”, etc.
Hundreds of queries
Once the information was collected, Desgagnés was able to send a password reset request, the Crown said. And these requests, he would have made them in large numbers.
“iCloud: Browsing history contains more than 500 queries associated with Apple password recovery requests between May 31, 2018 and June 26, 2018,” investigator Rioux explains in the report, adding that the procedure was similar for Facebook and email. In total, the iforgot.apple password recovery page was requested 949 times according to the evidence.
The barrier of access to the account having fallen, Desgagnés would have had access to the data of the alleged victims. “Regularly”, he would have accessed the Messenger conversations of the stolen accounts. And in these conversations, several searches of a sexual nature are found in the evidence found.
“Boobs”, “sex”, “nude”, “fuck”, “stuffing”, “porn”, “lingerie”, the requests in the private conversations of the plaintiffs are rather clear.
“The police tool used by perverts”
Then, Desgagnés would have used specialized software from the Elcomsoft suite to download and view all the data recorded in the iCloud cloud storage.
As early as September 2016, Pascal Desgagnés would have, according to the investigator Rioux, researched the software in question. A Google query for “cop tool to download iPhone backup” would have led him to an article in US magazine Wired titled “Police tool used by perverts to steal nude photos from iCloud from Apple » [traduction libre].
Emails, text messages, notes, contacts and also intimate photos or videos, from the moment the suspect downloaded the complainants’ iCloud, he had access to a wealth of sensitive information, the Crown explains in the evidence presented.
“My whole life is in my iCloud account,” noted a TV star who testified at trial.
Betrayed by his own accounts
To go back to Desgagnés, the investigators specializing in technological crimes crossed the connection data, in particular those of the IP addresses registered in the connection log of the complainants’ accounts. Even if the suspect was using a VPN [Virtual private network]a tool to hide a login address by replacing it with an address leading elsewhere in the world, the cross-checking of the data would have linked the computer scientist to the crime.
In some cases, the IP addresses present in the victims’ Facebook or Apple records were the same as those used by the accused to log into his own Facebook account, sometimes within minutes of each other.
For other alleged victims, the suspect’s Videotron IP address appeared in the connection registers of the impersonated accounts, linking him directly to the fraudulent maneuver, the Crown believes.
Continued next week
Pascal Desgagnés, who is defending himself, will cross-examine police officer Rioux next Monday.
He will then present a defense in which he plans to call three witnesses. This defense must continue until next Wednesday according to the game plan established by judge Rachel Gagnon and the two parties.
The proof in numbers
- 28 plaintiffs
- Period of intrusive connections (October 17, 2016 to January 21, 2019)
- Facebook activities (period from January 13, 2017 to January 21, 2019)
22 victims, 849 activities associated with IP addresses linked to the accused, including 368 for one of the victims
- Apple activities (period from January 10, 2018 to January 9, 2019)
2341 activities related to the accused, including 232 for one victim only
- Email activities (period from May 14 to June 18, 2018)
7 victims
Source: Police officer Alain Rioux’s analysis report presented at the trial
The charges against Pascal Desgagnés
7 counts in total
- Unauthorized use of a computer
- Unauthorized use of a password
- 2 x Identity Theft
- Identity Fraud
- 2 x Computer Data Mischief