The vessel is owned by GNV, which initiated the investigation with Italian intelligence. Latvian sailor accused of criminal conspiracy for 'interests of a foreign power'
The 650 or so travellers who waited for hours on Friday 12 December to board the Fantastic - a ferry docked at the port of Sète in the south of France - could hardly have imagined that an international intrigue played out between Rome, Paris, Latvia and Russia lay behind the constant delays.
According to an exclusive published by Le Parisien, agents of the DGSI - the French internal intelligence service - boarded the ship and, after a discreet search, detained two people found to be in possession of a device equipped with a RAT-type malware ('Remote Access Tool'), capable of taking control of the Fantastic's navigation and piloting it remotely.
The affair actually begins in Italy. The Fantastic is owned by the Genoese shipping company GNV; Italian intelligence agents, on the initiative of GNV itself, send their French colleagues an urgent briefing on two sailors, a 20-year-old Latvian recently hired and a Bulgarian citizen, both suspected of being two undercover spies for an unnamed foreign power.
The investigation by the DGSI led to the Bulgarian's release, while after two days of detention the Latvian was taken to Paris, where the public prosecutor's office formalised the charges today: 'Criminal conspiracy to pursue the interests of a foreign power', 'attempted intrusion into computer systems' and 'unreasonable possession of devices designed to interfere with automatic navigation systems', the documents state.
Although the DGSI has not yet made its suspicions public, and may well never do so, according to Le Parisien the investigation is once again turning towards Russia, which for months has been held responsible for a campaign of hybrid warfare spread throughout Europe and which in recent weeks has intensified in French waters and skies: in early December, the French navy had opened fire on drones of unknown origin detected near the Île Longue base in Brittany, the backbone of Paris's nuclear deterrence, while on 13 October - also in Brittany - they had spotted a broken-down Russian submarine, the Novorossiysk, which was then escorted out of French waters in cooperation with the Danish navy.
In September, French navy special forces had also intervened on board the Boracay - a Russian ghost fleet tanker, which we reported on in our specials - suspected of being behind the mysterious drone flights over Northern European airports.
But what can the action on board the Fantastic mean, and how does it fit into the logic of hybrid warfare?
Intelligence and control devices
According to Stefano Mele, a partner at the law firm Gianni & Origoni and an expert in cybersecurity, the reasons that may have prompted someone to insert RAT-type malware into Fantastic's systems could be several.
'It could be an intelligence operation,' Mele explained to Il Sole 24Ore, 'and in this case we would be faced with an attempt to access the specific data of one or more 'sensitive' targets that could have been on board the ship.
Or, and this is the most disturbing hypothesis, 'the malware could have been designed to take control of the Fantastic's navigation', and in this case - according to Le Parisien - the ship could have been remotely guided against a target, or taken hostage. 'This is not just theory,' concludes Mele, 'we already know of similar cases'.
This would be a further escalation in the hybrid war that Russia has been intensifying for months, with drones and military jets repeatedly violating the airspace of Latvia, Poland and Romania, submarine cable cuts in the Baltic, and the recent explosives attack on the Warsaw-Lublin railway line, carried out - according to the Warsaw prosecutor's office - by casual agents recruited via Telegram.
And a casual agent recruited on Telegram could also be the Latvian citizen apprehended by France, although military sources in Riga consulted by Il Sole 24 Ore neither confirm nor deny the apprehension for the time being.
GNV statements
"The company has identified and neutralised an attempted intrusion with no consequences on effectively protected company systems," reads a statement that GNV sent to Il Sole 24Ore after requesting clarification on the news, "and has taken steps to report the incident to the competent authorities. The company has therefore cooperated and continues to cooperate in the course of the investigation. During the recent police operations, which took several hours, the ship assured the authorities of its full cooperation and confidentiality, at the same time guaranteeing constant updates and assistance to passengers".