The content of the article
News about the detention of cybercriminals in Russia appears in the media with enviable regularity. The headlines are loud, but it’s not clear from them what exactly the detainees are accused of and what crimes they committed. This article will tell you how cyber villains are judged in our country and how strict our judicial system is for them.
As you know, in Russia, the main fighters against cybercrime are specialized units of the FSB and the Ministry of Internal Affairs. Based on their materials, they initiate criminal cases, which are subsequently referred to court, where a court decision is made. To assess the effectiveness of the fight against crimes in the field of computer technology, I analyzed court decisions for 2019 on hacker articles of the Criminal Code based on open data. This information is posted on the network in accordance with the Federal Law of December 22, 2008 No. 262-ФЗ “On Ensuring Access to Information on the Activities of Courts in the Russian Federation”. In some cases, the texts of judicial acts were absent (without explanation) – I did not consider them in the study.
Attacks on government facilities of the information infrastructure of the Russian Federation
You could see news about these crimes in the media under the heading “A hacker who tried to hack the website of the Government, Administration, Ministry …” was convicted. The loud headline, the words “hacker” and “hacked” give the average reader the impression that a seasoned criminal has been detained. But this does not always happen.
The scheme for committing a crime is as follows: an attacker installs hacker software on his computer and breaks remote servers using it, among which a resource belonging to a state body is discovered. In such cases, three types of computer attacks are noted: SQL injection, Bruteforce, and DDoS. According to court decisions, when committing computer attacks, cybercriminals use the following malicious programs: ScanSSH, Intercepter-NG, NLBrute 1.2, RDP Brute, Ultra RDP2, sqlmap, Netsparker, SQLi Dumper.
At the same time, many texts of court decisions indicate that computer attacks were carried out from real IP addresses. That is, law enforcement agencies easily calculate the villains and prove their involvement in illegal activities.
- Real term – imprisonment for a specific term.
- Other types of punishment – all that does not entail real imprisonment.
- The criminal case was terminated – in connection with the reconciliation of the parties, the imposition of a judicial fine or active repentance. The fundamental difference from other types of punishments is that a person is not considered to be convicted.
Such computer attacks rarely lead to real hacking of the system, and most often they are carried out by "novice hackers". This explains the relatively “soft” verdicts of the courts: out of 27 cases, only three have real terms – for repeat offenders previously convicted under various articles of the Criminal Code. In thirteen cases, the defendants were subjected to other types of punishment, not related to imprisonment. In ten cases, the criminal case was dismissed.
The case is very curious when a citizen who is already serving a sentence in a correctional colony appeared before the court. The employees of the correctional institution gave him access to a computer in the security department for registration of reference and documentary materials, as well as creating a 3D model of the colony. The defendant discovered a file of prisoners on the network and copied it for further study. Then, using the IPScan program received from an automation group engineer, he found a proxy server on the local network. Having connected to it, the villain downloaded from the Internet malware Intercepter-NG and NLBrute 1.2, with the help of which he tried to hack another computer. All this sounds funny, but this level of information security in the department safety the correctional colony is still surprising.
In the 21st century, money is stored not only in a savings bank, but also in the accounts of electronic payment systems. It is believed that cybercrime related to embezzlement of money carries a high degree of public danger, which is why the punishment is more severe.
In 2019, three court decisions were issued on this type of crime. You probably heard about the first of them thanks to the loud headlines of the media: “In Russia, a sentence has been passed on hackers from the international criminal group Cobalt.” Under this name, a well-known news site published an article on the conviction of two "mules" involved in the abduction in 2017 of 21.7 million rubles from the Yakut bank Almazergienbank.
Here is how it was. Representatives of the hacker group Cobalt hacked into a work computer of a bank employee by sending fake letters allegedly from Microsoft support. Having gained a foothold in the network, hackers increased their privileges to the level of a domain administrator, connected to ATMs via RDP, and with the help of malware sent commands to issue banknotes. Two brothers who appeared before the court were engaged in fundraising. For work, they received 10% of the stolen amount.
The court sentenced them to six and a half and five and a half years in prison. It is noteworthy that they already managed to transfer the stolen money to the organizers, leaving themselves two million rubles. They sent this money to pay off the material damage caused to the bank. The remainder of the claim was also paid off, including at the expense of the apartment of one of the brothers.
In the second case, a group of four appeared before the court. Criminals opened ATMs and connected to USB ports, and then using the malware Cutlet Maker launched the issuance of banknotes. At the same time, an unidentified member of the group remotely activated the program, who received 30% of the stolen amount for his “services”.
The criminals made several attempts to break into ATMs, but only one was successful. The amount from 250 thousand to 1 million rubles was stolen. The villains were detained during another attempt to open an ATM. The court sentenced them from one year and seven months to four years in prison.
The third case is similar to the second. The same Cutlet Maker, the same 30% for remote activation. The criminal acted alone. He unloaded about four million rubles from the ATM of PJSC MinBank and was caught during the second attempt to break into the ATM. The court did not accept the defense's arguments about the difficult financial situation of the defendant and sentenced him to four years in prison.
All these cases have one thing in common: low-skilled members of criminal groups appeared before the court, and the definition of “thieves” is more suitable for them than “hackers”. The "think tanks" and the real organizers were out of the reach of law enforcement.
Continuation is available only to participants
Materials from the latest issues become available separately only two months after publication. To continue reading, you must become a member of the Xakep.ru community.
Join the Xakep.ru Community!
Membership in the community during the specified period will open you access to ALL Hacker materials, increase your personal cumulative discount and allow you to accumulate a professional Xakep Score!
I am already a member of Xakep.ru