Cyber-crimes - Analytical data compiled
1.Russian Federation
1.1. On July 4, many users of Runet (Russian Internet) received an e-mail that their Yandex-money account was blocked allegedly sent by Yandex officials. Webplanet workers received the message too. It was proposed to enter the website www.money.yandex.ru and enter personal data used to access the payment system to unblock accounts.
The fraudulent message and fake website were designed in Yandex corporate style. Though some symbols were distorted in the e-mail. Thus the message looked like unkempt and doubtful. Dp.ru informs that only one user took the bait. He entered login and password at the fake website. After turning to security service of Yandex-money the account was blocked, scam artists did not managed to get the money. Most of 24 fraudulent websites were closed. Now Yandex works on shutting down the rest and collects the evidence on scams to bring it to law enforcement.
Two months ago users of Yandex-money encountered the same phishing scam. Then is was more qualitative, messages were more neat, the address of the website looked like the original - yanclex.ru. Kaspersky Labs warned that there would be a boom of phishing in Russia. It happened in Europe and the US four years ago. Besides, Russian phishers are considered to be the most dangerous.
1.2. The Ministry of Internal Affairs of Russia prepared new drafts of laws concerning fight against cybercrime. Special Technical Measures Bureau, the most restricted department of the Ministry was the major developers of the proposed laws.
Deputy chief of the Special Technical Measures Bureau, major-general of police Konstantin Machabeli told about counteraction to using the Internet for terrorist, extremist purposes and other actual problems.
What are the most topical problems in the sphere of computer crime?
I will underline that almost all crimes, even general crimes are revealed with our help. It is possible to say that we are in the front row of fight against crime, we carry out innovative work for criminal police. At this, all special technical measures are conducted in strict accordance with law, without infringing rights and liberties of citizen. In regard to crimes in the sphere of information technologies, 15 thousand of computer crimes were filed in the last year, 8400 crimes were registered in the first half of 2006.
Late in 1990s were revealed 10-12 crimes annually, those crimes were mostly rowdy. Now two thirds of them are related to stealing information and unauthorized access to this information. Objects of infringements, sizes of damage incurred and possible consequences changed. Lets imagine consequences of hacker attack on objects of so-called critical infrastructure. Depiction of a criminal changed as well. Today crimes are committed by organized criminal groups or separate advanced persons. It is necessary to admit that late in 1990s the analysis of criminal situation in Russia let law enforcement to adequately respond the new threat.
A new 28th chapter appeared in the criminal law foreseeing responsibility for crimes in the sphere of high technologies, later punishment for child porn was introduced as well. At the same time a department “K” was created at the Special Technical Measures Bureau of the Ministry of Internal Affairs of Russian Federation.
Regional departments of the Bureau are working on fight against computer crime, illegal distribution of radio electronic and special technical means, scams in the sphere of electronic payment systems.
What cybercrimes are committed most often?
- Extremely variable computer scams: fake proposals of goods and services, hacker attack services, scams related to payment cards and accounts of electronic payment systems. 450 crimes were countered last year. 43% of victims are users of online auctions who prepay very low price goods. The other crimes are related to so-called black brides. Such crime was revealed by our officers this spring. Group of fraudsters on behalf of a girl-inhabitant of Yoshkar-Ola engaged a messaging with a German engineer who searched for a bride on the Internet. Scam artists sent a picture of a famous ballet dancer Anastasiya Volochkova. They using different pretexts fished 26 thousand EUR out of the future groom. Then the bride vanished. After the engineer informed the local department “K”, the group of nine scam artists was revealed.
The number of fake deals through the Internet shops is growing, where the payment is processed by the systems of WebMoney. New methods of electronic blackmail appeared. For example one airlines company received an e-mail threatening that terrorists would blow their airplane if the stated in the e-mail sum wasn’t transferred to the stated account. Our officers managed to find and arrest criminals quickly, besides they were in the other region. They were punished. Not all frauds are committed with the help of the Internet.
Last time, blackmail over cell phones acquired large scales. One scam artist called the victim chosen before and told that his relative became the participant of car accident with lethal consequence, but the investigator could burke the case for some sum. Accomplice is an intermediary, the money should be brought through him. There are some other ways: money transfer, payment cards. People plunged in grief often give thousands and tens of thousands USD. Mostly con artists are former or present convicts, acting through free accomplices. These people often manage to insinuate theirselves into victim’s confidence. Recently we disclosed such group counting five recidivists.
These criminal incomes form a collective criminal cash fund. We have already developed an algorithm to reveal malefactors. As the percentage of revealed cases grows, these crimes will less profitable and in some time disappear. Such trend was with backstreet units of phone telecommunications.
What does the term cyberterrorism mean?
First of all we mean use of Internet to recruit new members, placing information targeted on stirring up national hatred and racial intolerance.
Mostly support of terrorist and extremist websites is carried out from abroad. 85% of such resources are not within Russia. It is very easy to create a website in any country. It takes about 50 minutes and some money. It is possible to register the website at any name and to place on it any information. For example it is possible to find websites offering hitman services, saying nothing of ways to produce drugs and bombs.
How to fight it?
Unfortunately, there are some problems with law in this sphere. Today there are no rules on placing information on the Internet. If we find terrorist and extremist websites in Russia we turn to ISPs warn them and ask to take measures to restrict access to such data.
Usually ISPs do it, therefore our bureau obtains necessary means to block such websites, but there is no law prescribing such procedure. In this relation the agency’s hands are tied. However we introduced a row of legal initiatives concerning similar problems to the State Duma, with which we tightly cooperate.
I won’t dwell on them, let me bring only few offers. For example we would like to exclude anonymity when signing agreements on telecommunication services with ISPs. Besides according to the Communication Law of the Russian Federation, the agreement should contain an obligatory clause prescribing that the ISP may unilaterally terminate an agreement basing on the motivated written ruling of law enforcement.
Fight with cybercrime means tight international cooperation, doesn’t it?
Undoubtedly, the pledge of successful disclosure of such crimes in relation to their international character, speed of evidence existence is a timely exchange of information. In 1998 a special communication unit to exchange information with other countries was created at the Bureau. It works 24 hours a day, 7 days a week.
Officer of the special unit from the one country may at any time of the day communicate with the same unit in other country and obtain or give data necessary for investigation. These units work in 45 countries and their number will grow. Their efficiency is proved by numerous successful joint disclosures.
A case in Irkutsk is the latest example. A criminal group placed child porn on the web. They had hardware totaling more than 200 thousand USD. They chose children for shooting in unfortunate families and orphan asylums and then places movies in the Internet. Let me underline these crimes are not typical for the Russian Federation, almost 90% of such websites are hosted abroad.
A first international conference on cybercrime and cyberterrorism with 200 specialists from tens of countries in the history of Russia was organized and held. The participants were law enforcement, scientists, representatives of the UN, European Council and other bodies. The Russians proposed three projects: Clean web, Clean code and Clean connection. Clean web is to fight illegal use of the Internet for the terrorism purposes, joint revealing of extremists’ websites and counteraction to their activities. Clean code is designed for international cooperation to fight computer fraud that causes tremendous damage to citizens and businesses. The purpose of the Clean connection is to maintain new level of networks of law enforcement.
Is your election as a member of Interpol council a recognition of importance of fight with cybercrime?
I will note that representative of the Ministry of Internal Affairs of the Russian Federation is elected to the council of this international organization for the first time. This mandate lasts three years. There were several candidates, though I was elected. I will advance propositions of Russian law enforcement in all directions of fighting cybercrime. Therefore this will also address high-tech sphere, there is a special group on cybercrime.
1.3. Anton Pakhomov, public prosecutor from Saratov region, became one of the most interesting contributor at the international forum in London. His report devoted to the first joint Russian-British investigation of the computer blackmail was more than successful.
The case became famous. In October, last year, three young men were sentenced for the creation of malware and blackmail in Balakovo, Saratov region, Russian Federation. A court in the Saratov region, 530 miles southeast of Moscow, has sentenced three Russian hackers accused of extorting $4 million from world Internet companies to eight years in prison each, as well as a $3,700 fine. “Three Russian nationals - Balakovo resident Ivan Maksakov, Astrakhan resident Alexander Petrov and St. Petersburg resident Denis Stepanov - are charged with committing a number of computer crimes via the Internet, and of extorting money from several U.K. companies,” public prosecutor Anton Pakhomov said.
Each of the three faced charges on 19 articles of the Russian Criminal Code, punishable by up to 15 years in prison. Pakhomov said the hackers collected information about British web casinos and bookmakers’ offices using spy software designed by 20-year-old Maksakov, and then demanded ransoms from the owners, threatening to disrupt their web servers if they did not comply.
“The web server of Canbet Sports Bookmakers Ltd, which refused to pay a $10,000 ransom demand, was blocked during the Breeders’ Cup races, and the company lost more than $200,000 for each day of downtime,” he said. Investigators said the criminal group received more than $4 million from U.K. companies. The prosecutor said the group made 54 similar attacks in 30 countries for the six months they were active. Maksakov and Stepanov were detained in September 2004 through the joint efforts of Britain’s National High Tech Crime Unit, Interpol, the FBI and Russia’s Interior Ministry and the Prosecutor General’s Office. Petrov was arrested in mid-2005.
2. Republic of Belarus
According to Igor Chernenko, the chief of the hi-tech crimes department of Belarusian Ministry of Internal Affairs (Department K), the number of crimes in the sphere is constantly growing: 180 criminal cases in 2006 as compared to 28 in 2005.
In 2006, 272 “information security”, 12 “unauthorized access”, 45 “modification of computer information”, and 19 computer virus programmes developing cases were brought to court. 1300 of cybercriminals, hackers, carders and Internet scammers were filed according to Igor Chernenko. He said 97% of high tech crimes were committed by grown up people, more than one third was committed by women.
“The criminal business should be given the status of a publicly dangerous act entailing criminal responsibility,” he said. “As a rule the spread of pornography is not an aim in itself. It is a very profitable business which in its turn is used to fund organized crime,” he said.
“The huge sums generated by child porno are spent on bribing officials, on corruption. That`s why all criminal groups want to control child porno,” Chernenko said.
However, under acting legislation “we cannot bring anyone to criminal responsibility for these operations,” he said. “There is an article in the Criminal Code implying punishment for spreading pornography. But it can be applied only to a person who has been brought to civil responsibility for a similar offense during a year,” he said. “Nobody is a fool to run the risk after getting a warning,” he said.
“Besides, the article says nothing of spreading pornography in the Internet, neither does it single out child porno,” Chernenko said.
“This is one of the reasons why criminals from Belarus spreading child porno are arrested only abroad, even though with our assistance,” he said.
Chernenko said Russia introduced criminal responsibility for child porno last year. “We have been making such suggestions many times. So far there has been no reply,” he said.
3. Ukraine
Recently, law enforcement of Dnipropetrovs’k, Ukraine detained a hacker who broke into electronic payment system. The hacker turned to be 17 years old resident of Kiev, Ukraine. It took 5 days to find and arrest the criminal.
Security service of UkrMoney.com, payment system co-owned by Privatbank rendered significant assistance in revealing this case. This case is now under investigation. According to the officers of Dnipropetrovs’k regional unit fighting economic crimes, malefactor faked digital signatures from API-interfaces of different payment systems.
As stated in the informational release of UkrMoney.com, illegal actions of the arrested hacker caused damage of more than 50 thousand USD. The criminal was arrested while getting cash at the Webmoney dealer’s office. The other information is not disclosed in the interests of investigation.