Fabrice, an acupuncturist from the Auvergne region of central France, could not understand why former colleagues from the DGSI came to find him and then question him in custody in January 2021, some seven years after he had left the domestic intelligence agency. During his fifth round of questioning Fabrice – who was later cleared of any personal involvement in the case - told his questioners just why he was so bemused. “I don't know why [officers] made the journey because I've already given evidence twice in a case involving the misuse of public funds, forgery and the use of false instruments … after a colleague misappropriated at least 1.5 million euros.”
This simple comment lifts the lid on the so-called 'Bitcoin affair', revealed jointly by Mediapart and BFMTV news channel. This is a case so embarrassing that the domestic intelligence agency the DGSI – the Direction Générale de la Sécurité Intérieure – sought for years to suppress it. The case was eventually discreetly dealt with by the courts through a guilty plea at the end of 2022. The essence of the affair is this: in 2015 a DGSI agent in charge of hackers targeting mostly jihadist networks stole money that had been earmarked to pay those unofficial sources, and then used the intelligence agency's own resources to increase the value of that stolen money.
Enlargement : Illustration 1
The Bitcoin affair began on the tenth floor of the DGSI's headquarters at Levallois-Perret in Paris's north-west suburbs, where the offices of the agency's technical department (DT) are based. This is the home of the section in charge of 'backstopping' – the supply of unmarked equipment to carry out spying activities without it being traced back to the agency – and also in charge of handling human sources in the world of technology. In this case those human sources were hackers who were capable of infiltrating any IT system without the DGSI being implicated in what they were doing.
For years DT agents had had to make do with very meagre financial resources. That was until the various terror attacks in 2015 led successive French government to increase funding of the country's intelligence services. Suddenly it was very different. “There was so much cash that we no longer knew what to do with it,” admits one former DT agent. For example, just two anonymous purchases made by the DGSI at this time cost 95,000 dollars in one case and 104,852 euros in the other.
This was also a period in which the intelligence agency became interested in the cryptocurrency bitcoin. “We told ourselves, we'll get into bitcoin to buy what the agency needs and make sure that our purchases remain untraceable,” continues the same source. DGSI agents Fabrice - the acupuncturist - and Xavier Julie, who was a sergeant, studied the best way to go about it and gradually became specialists in this area.
Xavier Julie was also managing the “technical sources”, in other words high-level hackers. “Crusties with the IQ of Einstein,” as another former service agent describes them. “Hackers who are able to crack jihadist sites, for example.” When it came to tackling jihadist sites these hackers were not very well paid, receiving a few thousand euros. But according to a source with knowledge of the intelligence service's special funds, these payments could rise to as much as 100,000 euros to find vulnerabilities in sites belonging to large corporations or other states.
Among the sources that he handled Xavier Jules had a “diamond”, according to the first former DT agent cited above. This was a much sought-after French hacker who worked for several intelligence services. He was so talented that the DGSI had asked him to test NATO's IT security. And in around just thirty minutes this “diamond” had managed to hack all of the passwords. Xavier Julie used to pay this team of hackers from special funds and alongside that used cryptocurrency to buy the equipment requested by his management. Up to this point all was largely going well.
A DGSI captain recalled that he did have several clashes with Sergeant Julie who, he said, found it hard to complete his administrative tasks with the required rigor. One senior officer described Xavier Julie as an “unusual and talented work colleague”, an excellent technician who was “always pleasant but not very diligent in his administrative duties”. A third colleague highlighted his “solitary behaviour” but also emphasised the fact that Xavier Julie was “very talented at bringing in information”.
Meanwhile, Xavier Julie mined bitcoin in his spare time. He even wanted to give one to two colleagues, who each declined. But there was nothing serious to worry about. Nothing, at any rate, that set off alarm bells internally.
A hoard of cryptocurrencies
Mediapart has not been able to determine with certainty what sparked the investigation that resulted in Xavier Julie's downfall. Inside the technical department or DT one agent reportedly criticised certain behaviour. An audit of the special funds used by all of the DT is said to have revealed inconsistencies in the 'backstopping' section, a unit which contained fewer than five agents.
A trip abroad also apparently attracted the attention of the IGSI, the intelligence agency's own police or internal affairs unit. Xavier Julie had gone to Switzerland with a colleague from the section to hand over money to an informer. During this brief stay he saw a watch that he really liked. But the only means of payment he had on him that day was a DGSI bank card. The temptation was too great for Julie who, on his return, then reimbursed the agency for the cost of the watch. This behaviour, which went against all protocols, raised questions at the IGSI.
The IGSI's agents went on to discover that Sergeant Xavier Julie used a set of false papers that were at his section's disposal and which were usually employed to buy spying equipment which could not then be linked back to the DGSI. But Julie had used it to buy bitcoins with the money that he stole from the hackers paid by the DGSI, in effect embezzling his agency's own assets.
In his statement Fabrice the acupuncturist said that “at least 1.5 million euros” of public money was misappropriated in all. One of Mediapart's sources mentions the same figure. Questioned in 2023 the DGSI confirmed that the misappropriation had taken place but denied it involved more than a million euros, while at the same time refusing to give a precise figure for the fraud of which it had been a victim.
According to Mediapart's information, the IGSI established that Xavier Julie had misappropriated, at the very least, close to 92,949 euros from public funds between 2009 and 2016. When it came to other suspect operations the IGSI could only point in a summary report to the “very elaborate anonymising operations” carried out by Xavier Julie which hindered investigation. But despite the absence of responses from cryptocurrency operators – Xavier Julie dealt with a least seven companies based in Hong Kong and Scotland – the IGSI were careful to note that “misappropriations seems likely given the absence of an initial investment in his bank accounts”.
The original sum involved, which could not be established legally, went on to become huge. In one file, written in English, Xavier Julie boasted of being able to convert 120 bitcoins with the aim of buying a property. The IGSI also found out that in 2020 Xavier Julie and his wife were looking to buy various properties estimated at between 700,000 euros and 1.4 million euros in value. Yet the service's internal affairs agents stated that up to now “the sums that would have permitted this investment have not been found”.
When contacted the DGSI pointed out that the judicial probe was started “at its initiative and at the completion of an internal check that it carries out regularly internally”. It also noted that the “agent concerned has since been stripped of his duties” and that the agency is “constantly carrying out checks of its own services and permanently adjusting its structures and practices to correct observed dysfunction”.
To maximise his profits, the DGSI sergeant used an automated system to compare bitcoin rates so he could buy and sell when it was most profitable. Later he even visited an East European country to convert his digital stash into hard currency - euros - losing half of his profits in the deal, according to one source.
At the end of June 2020 Xavier Julie was placed under investigation for “forgery and using false instruments and the misappropriation of public funds”. On July 1st that year he was held on remand for eight months in a special VIP section of the Santé prison in Paris, in the cell that had previously been occupied by former right-wing mayor Patrick Balkany.
Once the investigation was eventually concluded the justice system - for once - moved swiftly … very swiftly. On November 9th 2022 prosecutors at Nanterre west of Paris formally called for the suspect to be summonsed to lodge a guilty plea. Two weeks later the investigating judge agreed to send Xavier Julie to appear before the prosecutor to make that plea.
On November 30th 2022 another magistrate approved the negotiated punishment: a six-month jail term, which covered his detention period, with a further two-and-a-half years suspended sentence, a permanent ban on being a police officer and a fine of … 1,000 euros. It should be noted that he was accused of having misappropriated 92,000 euros, even if there were suspicions the real figure was more than a million.
Xavier Julie, a family man, is today working as an “individual entrepreneur” specialising in the “sector of design activities”, according to various online registers. On his X profile (formerly Twitter), which has been closed since last week, he defined himself as an “IT all-rounder and crypto-enthusiast since 2012”.
Contacted via various email addresses and through his lawyer, Xavier Julie replied to Mediapart on February 5th. “You are asking me about a case which has been judged and which as a result is closed. I don't want to go back over it. Also, I can neither confirm nor deny your information relating to my past duties because of their classified nature which forbids me from talking about them.”
One elected politician with knowledge of such issues told Mediapart that in recent years there have been several fraud causes such as the one involving Xavier Julie. “The intelligence services don't dare say so,” the politician said. “They find it hard to acknowledge it. Sometimes it's another service which reports the problem with its partner service.”
This case continued to have repercussions within the DGSI. Four of Xavier Julie's colleagues were for a time suspected of being the sergeant's accomplices. They were questioned in custody but were later all cleared of suspicion. Legal proceedings were started against a captain in the agency because he was using an iPhone as well as two MacBook laptops belonging to the DGSI for his own use, and because he had given a DGSI mobile phone to his daughter.
The DGSI has also been hit by other affairs in recent years, on top of the misappropriation of special funds. The radio station RTL revealed the case of 'Doumé', an agent implicated in a murder in the so-called 'Légendes' affair. During a search of his home IT equipment was found which, 'Doumé' explained, was to be used for “mining cryptocurrencies”.
Above all there was the 'Haurus' affair, named after the pseudonym used by a DGSI agent when selling confidential data on the dark web. A police officers and a customs officer who were locked up along with Haurus said during questioning that they had learned his secrets and in particular the way he had “protected his bitcoins in several [digital] safes that the police will never find”.
When questioned, the officer who was Xavier Julie's immediate superior insisted he was completely unaware of the latter's misuse of funds. The senior officer added that he was, moreover, incapable of knowing about them, arguing that his staff had technical knowledge that was far superior to his. He did, however, point out that the procedures in place today are a lot more rigorous than those in the past.
--------------------------------------------------------------------------
- The original French version of this article can be found here.
English version by Michael Streeter