Translated by
2020/03/24 12:54:54

Cyber crime and cyber conflicts: Russia



The key organizations of Russia dealing with security issues in the field of information technologies are:

Cyber wars

Russia is forced to undertake measures of control of other countries in the field of a cyberspace and thus it is involved in cyber wars. As the key opponent in this sphere the USA traditionally acts:


Main article: Hackers

How exactly hackers and as their fate is look.


Passing to an udalenka, the companies open for hackers access to the servers

Because of urgent mass transition of the companies to remote work the number of the corporate servers available to malefactors from the Internet promptly grows – experts of the center of monitoring and response to Solar JSOC cyberthreats reported on March 27, 2020. One of the main reasons – application of the unprotected protocol of remote access by the companies of RDP (Remote Desktop Protocol). According to Solar JSOC, in only one week the number of the devices available from the Internet under the RDP protocol, grew by 15% in Russia (total number for today more than 76 thousand units) and for 20% in the world (more than 3 million units).

RDP is the protocol drafted Microsoft for remote control OS Windows, which is a popular method of connection to a working environment. However by default RDP uses port 3389 and if the IT service of the company does not pay due attention to safety of remote access, the corporate server becomes extremely vulnerable for malefactors. For example, situations when the remote server is available and visible from the Internet are frequent – anyone can try to be connected to it. At the same time the malefactor can deceive the system of identification and authentications, having picked up the password, having performed substitution of the certificate or having used vulnerabilities of RDP.

To understand, these threats are how relevant, experts of the center of monitoring and response to cyberthreats of Solar JSOC with the help of different tools carried out the analysis and monitoring of number of the devices available from the Internet under the RDP protocol. In total in a week from March 17 to March 24 when the companies began to pass in large quantities to remote work, the gain of such devices made 15% in Russia and 20% in the world.

The received statistics frightens, several large vulnerabilities concerning service of remote desktops – BlueKeep and DejaBlue died down not so long ago. Both of them allow to get access to a remote server without authentication – for this purpose to send the malefactor through RDP a special request enough. Thus, in the absence of the last updates of security of Windows any system available from the Internet is vulnerable, – Igor Zalevsky, the head of the center of investigation of cyberincidents of JSOC CERT of Rostelecom-Solar company comments.

As experts of Solar JSOC note, every month in security updates of Windows all new detected vulnerabilities concerning RDP improve. For this reason it is extremely undesirable to use the normal unprotected remote access to a desktop. It is recommended to apply at least VPN with two-factor authentication and to implement remote access on the basis of the protected protocols.

FSB delayed 30 dealers in data of credit cards and withdrew from them gold bars

On March 24, 2020 the Federal Security Service (FSS) of Russia announced detention of the hacker grouping which was engaged in trade of stolen bank cards.

Cybercriminals created over 90 online stores selling kidnapped persons of data which were used afterwards for plunder of money from bank accounts of citizens of the different states, including by acquisition of expensive goods on the Internet.

FSB liquidated gang of dealers in data of bank cards
FSB liquidated gang of dealers in data of bank cards

During special operation over 30 members of hacker grouping among whom there are citizens of Ukraine and Lithuania were delayed.  Charges according to  Part 2 of Article 187 of the Criminal Code of the Russian Federation (illegal turnover of means of payments) were brought to 25 detainees. They were taken into custody.

In total security officers carried out searches to 62 addresses. Members of the group were delayed in Moscow and the Moscow region, St. Petersburg and the Leningrad Region, the Crimea and Sevastopol, North Ossetia, the Kaluga, Pskov, Samara and Tambov regions. More than 30 hackers were in total arrested.

Law enforcement agencies withdrew from the suspected more than more than $1 million and 3 million rubles, forgery documents, certificates of law enforcement officers, the server hardware and also  fire (cut) weapon, drugs, gold bullions and precious coins. The equipment for a hosting of the websites was "liquidated", specified in the statement of FSB.

Also it was established that organizers of community from among citizens of Russia were brought to trial for similar crimes earlier.

Video on which FSB jointly with investigative department of the Ministry of Internal Affairs stopped activity of large network of dealers in stolen data of credit cards of the Russian and foreign banks was uploaded to the website of Federal Security Service.[1]

Cyberswindlers use epidemic and attack Russians on behalf of state structures

On March 19, 2020 it became known about increases in number of fraudulent schemes in Runet because of spread of a coronavirus. One of them consists in mailing of fake letters, including from the domains similar to the addresses of state structures.

According to Kommersant, among other things malefactors carry out mailing of letters in which they suggest to examine anti-recessionary directives from Ministry of Labor and the Ministry of Economics, having opened the enclosed PDF file. In these documents the virus is built-in.

Spread of a coronavirus led to gain of activity in Runet of different fraudulent schemes
Spread of a coronavirus led to gain of activity in Runet of different fraudulent schemes

In Positive Technologies announced distribution of letters allegedly from the Ministry of Foreign Affairs of Ukraine which as "a harmful bait" contains the document on statistics of spread of a coronavirus. Swindlers actively use this subject in the attacks, the leading specialist of group of a research of cyberthreats of Positive Technologies Denis Kuvshinov told the edition.

Kaspersky Lab counted more than 2.5 thousand suspicious websites in which name the words covid, coronavirus and similar appear. The Rostelecom-Solar company confirmed existence of such resources and noted that one of them, for example, under the pretext of purchase of "the best and fast test for determination of a coronavirus" steals money and data of the credit card.

According to experts of Group-IB, to the staff of the companies the phishing letters written in English or Russian come with links to information on the diseased or the list of measures of prevention of a coronavirus. In these messages references to phishing sites which are externally similar to the websites of Microsoft and which suggest users to enter data of access to the e-mail are contained. If the victim does it, then information goes to the server of malefactors.

Swindlers expect that the user, having got "under name magic", will open the letter, will follow the link or will load the application, the head of analytics and special projects of the InfoWatch group Andrey Arsentyev who also sees surge in cyber attacks using a coronavirus subject noted.[2]

In Russia the wave of thefts of bonuses began with cards of loyalty

At the beginning of March, 2020 it became known of the beginning in Russia of a wave of thefts of bonuses from cards of loyalty. The number of attempts to write off the saved-up points from personal accounts on the websites in 2019 increased several times and reached several thousand a month.

As the expert of Jet Infosystems company Alexey Sizov told Izvestia, swindlers can get access to a personal account of clients, and then pay with its bonuses for the purchases. One more option of theft — registration of a personal account for the card of other person.

The number of attempts is illegal to use discount bonuses of Russians in some companies in 2019 reached several thousand a month
The number of attempts is illegal to use discount bonuses of Russians in some companies in 2019 reached several thousand a month

The Chairman of the Committee on trade of Business Russia Alexey Fyodorov reported to the edition that in 2019 the number of thefts of bonuses and discounts "increased many times". The head Kaspersky Fraud Prevention Maxim Fedyushkin noted that in the second half of the year of the 2019th it grew by one and a half times in comparison with the first.

According to Fyodorov, often points are abducted by the staff of shops or call centers having data access of programs of loyalty. Fedorov considers the reason of aggravation of a problem mass transition of sellers from the systems of discounts to programs of accumulation of bonuses. Often swindlers are guided by gas stations which monthly receive less a profit of 2-3 million rubles because of illegally written off privileges, he added.

Alexey Sizov says that bonus points most often become the purpose of the so-called beginning swindlers, but not organized criminal groups. Among malefactors there can be students and the staff of shops having an information access about programs of loyalty.

In retail chain stores Magnet recognize a problem. In the retailer the edition was told that the damage from actions of swindlers mostly has image character as buyers lose trust and are disappointed in the loyalty program.[3]

Putin supported the idea to enshrine in the Constitution provision about cyber security

The president Russia Vladimir Putin at the end of February, 2020 supported the offer on fixing in Article 71 of the Constitution of the Russian Federation of regulation on providing cyber security the personality and the state.

The head of the State Duma Budget and Taxes Committee Andrey Makarov at a meeting of the working group on development of amendments in the fundamental law sounded an initiative to enter regulations on cyber security of the personality, society and state to the text of the Constitution, reported TASS news agency.

"It is supposed to refer security of the personality, society and state at application of information technologies to maintaining the Russian Federation, at turnover of digital data" — Makarov reported.

According to him, inclusion of this regulation will equate security of the personality to questions of defense and security and also "will emphasize the importance of those calls which face the country".

The Russian President Vladimir Putin supported the offered initiative, having told that "security of the personality, societies and the states — extremely important and, of course, is demanded".

"And the question costs: as as can use the state for the purposes of development of economy using these digital technologies as far as the state can open data on the person, it is how publicly possible to use these data as to spread them in information space that will follow it for the specific citizen" — the president noted.


Losses of the Russian economy from activity of hackers were about 2.5 trillion rubles

According to Sberbank, losses of the Russian economy from activity of hackers in 2019 were about 2.5 trillion rubles. In 2020 this indicator can increase to 3.5-3.6 trillion rubles in connection with the predicted growth of number of cyberfrauds by 40%. At the same time in 2018 the loss made 1.5 trillion rubles, reported in Sberbank on January 28, 2020.

DDoS attacks become one of the main cyberthreats, according to experts. In general the number of cybercrimes grows at prompt rates. Only for the first 8 months 2019 this indicator, according to the State Office of Public Prosecutor of Russia, increased almost by 67%. While illegal acts grew in offline much more modestly: thefts – for 3.5%, serious crimes – for 16.7%, and cases of robberies and robberies decreased by 7.9% and 8.9% respectively.

Leaving of crime in virtual reality, according to experts, can become serious blow to business irrespective of in what industry the company works. Specialists fix the interest of cyberswindlers not only to traditional for them bank, financial and to the IT organizations, but also, as it appears from the report of Positive Technologies, to the industrial sector.

The hackers who cracked IT systems of the Russian Railway and S7 were given 10-13 years of prison

At the end of December, 2019 Basmanny district court of Moscow pronounced sentences to three hackers accused of cracking of the booking systems of the Russian Railway and S7. In total 29 people were connected to the case. Read more here.

Hackers for years prepare attacks to energy industry

Hackers for years prepare attacks to the enterprises of the fuel and energy sector. Reported about it in Positive Technologies company.

According to experts, the professional cybergroupings which are carrying out the target attacks destructively attack not  right after penetration. They can control several years all systems of the enterprise,  without taking any destructive actions, and  only abducting important data and  expecting a right moment to start  attack.

Hackers for years prepare attacks to the enterprises of the fuel and energy sector, in parallel abducting at them data
Hackers for years prepare attacks to the enterprises of the fuel and energy sector, in parallel abducting at them data

During the investigation of one of  incidents specialists found out that the TaskMasters grouping which was engaged in plunder of confidential documents and  espionage was in  infrastructure of the company victim not less than 8 years.

Generally hackers attack energy industry to break its production process or for the sake of stealing of corporate information and causing damage of reputation. Only every third attack pursues the aim of stealing of financial resources, and most often the companies face information leaks or substitution and destruction of data.

30% of a total quantity of incidents are the share of cyber attacks of energy industry with information leak. In 26% of cases data destroy or change. 25% of the polled enterprises stated that after the attacks infrastructure of the company stands idle.

According to the director of expert center of security Positive Technologies Alexey Novikov to detect the purposeful attack at the time of penetration of malefactors into a system very difficult. To disclose activity of the hacker after penetration into  infrastructure, for example, at  its movement between servers already in  internal network more simply and more effectively.

Such movements without fail leave artifacts in  network traffic and  on nodes, it allows to detect the penetration which happened earlier retrospectively and  to eliminate threat  before  the malefactor passes to  active destructive actions or  will steal important information  — Novikov noted.[4]

The Russian school students arrange mass DDoS attacks

On November 11, 2019 Kaspersky Lab published results of a research which showed the 32 percent growth of number of DDoS attacks in the world according to the results of the third quarter of rather same period of the 2018th. Approximately the same surge in cyberattacks happened in comparison from the second quarter of 2019. Read more here.

The Ministry of Internal Affairs creates departments of fight against IT crimes

At the beginning of November, 2019 the Ministry of Internal Affairs of the Russian Federation announced creation of the divisions specializing in fight against the crimes connected with use of information technologies. New structures will be created by the industry principle within the available number of staff in central office of department and territorial authorities of internal affairs. Read more here.

The Embassy of the Russian Federation in London responded to publications about "the Russian hackers"

On October 24, 2019 it became known that in Embassy of Russia in London called publications in the British media about expected harmful activity of "the Russian hacker groupings" unscrupulous interpretation of the short report of the British and American intelligence agencies.

As noted in embassy, intelligence agencies did not bring any charges to Russia in the report and the Russian citizens, and only pointed to suspicions of the fact that so Turla is based on the territory of the Russian Federation.

The embassy noted that the report contains a set of technical details, however his authors do not specify to what the countries were directed the hacker attacks and what organizations at the same time suffered. That for similar cyber attacks the Iranian computer services were allegedly used diplomats consider statements by attempt "hammer a wedge between Russia and Iran".

The British center of cyber security of NCSC and U.S. NSA published the joint report in which claim that the hacker Turla group used the Iranian computer services, including Neuron and Nautilus, for stealing of confidential data of state institutions and also the military, technology, power and commercial organizations in 35 countries.

The Turla cybergroup famous also under the names Snake and Uroboros, gained fame in 2008 after cracking of the protected objects, including network of the Central command of the U.S. Armed Forces[5].

Data of the State Office of Public Prosecutor

For the first eight months 2019 in Russia 180153 cybercrimes were registered. It is 66.8% more than an indicator for the same period of previous year, the State Office of Public Prosecutor on the website reports. It is about the crimes committed using ICT or in the field of computer information.

The State Office of Public Prosecutor characterizes cyber crime growth as "very essential". If to compare to data which department provides for other types of crime growth rates in this segment are the highest.

For comparison: the number of serious crimes for the same period grew by only 16.7%, and especially heavy even decreased by 3.1%. The number of thefts grew by 3.5%. The quantity of cases of assignment or waste decreased by 1.4%, robberies — for 7.9%, robberies — for 8.9%. The crime amount in the field of drug trafficking decreased by 3.4%.

Only growth of quantity of cases of mediation in bribery for 46.4%, and bribery cases for 35.4% is comparable to the record growth of cyber crime. At the same time the general growth of number of crimes of corruption orientation was only 3.6%. Also one of the most fast-growing is the segment of petty theft — here the number of incidents grew by 38.9%.

From January to September, 2018 in Russia 121247 crimes committed using ICT or in the field of computer information were registered. As marked out then the Prosecutor General, in comparison with a similar indicator for 2017 the crime amount of this orientation grew almost twice.

For all 2017 in the country 90587 cybercrimes were recorded. If in 2017 a month on average was registered 7.5 thousand such incidents, then in 2018 — already more than 13 thousand. At the same time their share in the total number of crimes in a year increased from 4.4% up to 8.1%. Investigations in January-September, 2018 were made only on 31.8 thousand cybercrimes.

Besides, in 2018 the tenfold growth of cyber crime for the last six years was mentioned. In 2013 11 thousand cybercrimes, in 2014 — 44 thousand, in 2016 — 66 thousand were registered.

The State Office of Public Prosecutor provided statistics on growth rates of different types of cybercrimes from 2015 to 2016. For this period the quantity of cases of fraud using ICT grew from 2.2 thousand to 13.4 thousand, i.e. six times, and the number of thefts — from 2.3 thousand to 8.5 thousand, i.e. more than three times. By 5.5 times — from 995 the quantity of cases of plunder, removal or blocking of computer information for the purpose of fraud increased to 5.5 thousand —.

Russian-speaking hackers sell source codes of antiviruses of Symantec, McAfee and Trend Micro for $300 thousand.

In the middle of May, 2019 the American company Advanced Intelligence (AdvIntel) specializing in investigation of threats of information security announced cracking of servers of three producers of antiviruses: Trend Micro, Symantec and McAfee. Behind this cybercrime, according to experts, there is a Russian-language hacker Fxmsp grouping which began to sell source codes of anti-virus products on shadow websites, having asked for them $300 thousand.

To the materials Fxmsp which are laid out for sale provides a screenshot in the description (see below) on which it is possible to see folders and files with an amount more than 30 Tbyte. Judging by images, among kidnapped persons of data it is possible to detect information on models of artificial intelligence, documentation on development, source codes of anti-virus solutions and many other things.

Hackers claim that from October, 2018 to April, 2019 their activity was concentrated around cracking of the different anti-virus companies. According to specialists of AdvIntel, the Fxmsp group specializes long ago and successfully in sale of data which were got during loud leaks. Cybercriminals attack the government organizations and the companies, their income is estimated at millions of dollars.

Experts of AdvIntel it is known that one of members of grouping is the Muscovite by the name of Andrey. On the available data, he started a cybercriminal career in the middle of the 2000th years and specializes in social engineering.

The representative of Trend Micro in the comment confirmed to the Computer Business Review edition that the company suffered "from unauthorized access of the third parties to a single network testing laboratories". McAfee said that the company "did not detect any signs that the described campaign affected products, services or McAfee networks". Symantec denies cracking.[6]

The Russian state structures were attacked for years by hackers from China

On May 13, 2019 it became known of existence of cybergrouping which attacked several years the Russian state structures and the companies, using for cracking a task scheduler of the operating system.

Positive Technologies called this hacker TaskMasters grouping for what she used a task scheduler for penetration into local networks. Hackers after cracking investigated networks regarding vulnerabilities, loaded malware there and were engaged in espionage. As malefactors used the acquired information, it is unknown.

Positive Technologies and Kaspersky Lab detected the Chinese cybergrouping which stole several years data from more than 20 Russian companies and state structures
Positive Technologies and Kaspersky Lab detected the Chinese cybergrouping which stole several years data from more than 20 Russian companies and state structures

As told Kommersant in Positive Technologies, cybergrouping with presumably Chinese roots attacked at least nine years state structures and the companies, some of them were in Russia. Experts know of a compromise more than 30 significant organizations from industries, constructions, power engineering specialists, to the real estate, etc. from which 24 are in Russia. Company names do not reveal.

According to Positive Technologies, references of the Chinese developers occur in the code of the used TaskMasters of tools, during some attacks connections from the IP addresses from China were recorded, and keys for some versions of programs can be detected at forums where residents of this country communicate.

Kaspersky Lab says that since 2016 keep track of activity of the same group which is called by BlueTraveler. Targets of its attacks call state structures, mainly from Russia and the CIS there, confirming that malefactors, most likely, speak Chinese.

Add to Kaspersky Labs that the fixing method in infrastructure and further distribution using a task scheduler and is often used long ago by malefactors. As a rule, such attacks help political investigation or are occupied with industrial espionage, noted in the company.[7]


Doubling of number of cyber attacks, the income of hackers exceeded 2 billion rubles

In 2018 the number of cyber attacks in Russia doubled, and the income of hackers exceeded 2 billion rubles. Such data in the middle of April, 2019 were provided by the vice president of Rostelecom for information security Igor Lyapunov.

According to him, in 2018 the Center of monitoring and response to cyber attacks of Rostelecom of Solar JSOC recorded 765,259 attacks that is 89% more, than the previous year. Similar dynamics is characteristic and for all Russia as Rostelecom provides services to the largest and the most attacked companies in the country, Lyapunov explained.

The number of cyber attacks in Russia grew twice
The number of cyber attacks in Russia grew twice

According to its data, about 75% of cyber attacks are the share of the credit and financial organizations, e-commerce, game business. Besides, even more often infrastructure facilities become the victims of hackers.

There was a term of politically motivated attacks... The purpose attacking is a receiving control and a point of presence at this critical information infrastructure — Igor Lyapunov told during the performance on "RIF+KIB 2019".

Positive Technologies recorded the 27 percent growth of number of successful cyber attacks in Russia in 2018, the representative of the company Alexey Novikov told Vedomosti. Most often malefactors attacked infrastructure (49% of incidents were the share of such attacks) and web resources of the companies (26% of the attacks), he specifies. In 2018 even more often cybercriminals tried to steal information: in 30% of the attacks they stole personal data, in 24% — credentials, in 14% — payment data, Novikov reported.

According to Kaspersky Lab, the total number of the attacks of malware in 2018 increased by 29%. But here DDoS attacks are not considered, the head of department of anti-virus researches of Kaspersky Lab Vyacheslav Zakorzhevsky explained to the edition.[8]

German Gref suggested to create the Ministry of Emergency Situations in the digital sphere

On October 4, 2018 the Head Sberbank German Gref said that in Russia it is necessary to create the separate Ministry of Emergency Situations in the digital sphere, by analogy with normal MINISTRY OF EMERGENCY SITUATIONS.

I think, it is necessary to create serious infrastructure. The ministry of emergencies at us exists. It is necessary to create the ministry which would control emergencies in the didzhitalny sphere which will concern all infrastructure without exception.
German Gref, head of Sberbank

The head of Sberbank also noted that the digital component gets into different spheres, and called it one of key trends and calls of the future. Also he focused attention that in the modern world of cyberthreat purchase the increasing value and do headings of news in this connection attempts to create from them political news, like intervention in elections or interventions in management are made.

Earlier Sberbank assessed global damages from cyber attacks in 2018 at $1 trillion and predicted growth of this amount to $8 trillion in 2022[9].

Putin announced creation of the IT system of information exchange about cyberthreats

On July 6, 2018 it became known of creation in Russia of an automated system exchanges of information on cyberthreats. It was said by the Russian President Vladimir Putin during the International congress on cyber security in Moscow.

The business initiative of formation of a system of the automated information exchange about threats in digital space will be implemented. At cyber attacks this system will allow to coordinate better actions of telecom operators, credit institutions, Internet companies with law enforcement agencies and by that quickly to liquidate the arising threats — he reported.[10]

] Putin urged to develop uniform international rules of the game in the digital sphere
] Putin urged to develop uniform international rules of the game in the digital sphere

Also Russian authorities intend to develop the system of the international information exchange about cyberthreats.

In the nearest future the government should decide on structure which will be responsible for this work — Putin told.

According to the head of state, for fight against cyberthreats it is necessary to develop new complete solutions on warning and control of offenses against citizens in a digital medium. It is for this purpose important to create the corresponding legal conditions, to provide convenient forms of interaction of citizens and government institutions, he emphasized.

Let's aim that the software existing in Russia and infrastructure were based on domestic technologies and solutions which underwent the corresponding testing and certification. Of course, not to the detriment of the competition  — the Russian leader noted.

Speaking about other priorities in the information sphere, Putin called among them carrying out researches in this sphere in cooperation with business and scientists. According to the president, it will allow to advance domestic technologies and to create demanded and competitive products on their base.

During the performance Vladimir Putin also paid attention that the number of cyber attacks to the Russian resources in the first quarter in comparison with the same period of the 2017th grew 2018 by a third.


Report of TsSR on the Russian cybersecurity market

In December, 2017 the Centre for Strategic Research (CSR) which chairman of the board is the former Minister of Finance Alexey Kudrin published the report  on the future of information security in Russia.

According to experts, the main strategy of ensuring cyber security in the international sphere assume the choice between strategy, one of which consists in orientation on cooperation with external partners and strengthening of a legal framework for global regulation of this sphere while another consists in gain of internal regulation and orientation to own resources and solutions.

TsSR simulated risks in the communications industries and IT
TsSR simulated risks in the communications industries and IT

According to authors of the report, Russia needs to concentrate attention to three the main areas of work:

  • Reduction of risk of military-political use of ICT and formation of bases of the international legal mode of responsible behavior of the states in a cyberspace

  • Security, stability and fault tolerances of the Internet and infrastructure of digital transmission of data for the Russian users, business and the state

  • Ensuring the Russian interests in the field of a safe digital medium, fight against computer crime and also development of technologies and information security market

TsSR suggests to develop and fix on the international clipping level of military-political use of information technologies in respect of objects of critical infrastructure and also to interpret key concepts of the existing system of international law in terms of their application in the field of information technologies.

Besides, TsSR suggests to adapt key regulations of international humanitarian law, including the Geneva Conventions, to actions using information and communication technologies. All report is available according to this link. [3]

The Supreme Court of the Russian Federation explained subtleties of qualification of cyberfraud

The Supreme Court of the Russian Federation explained to judges, to properly qualify cyberfraud and fraud with bank cards. The plenum of Russian Armed Forces issued the resolution "About Judicial Practice on Cases of Fraud, Assignment and Waste" in which for the first time speaks in what cases and how the new articles about fraud added to the Criminal Code of the Russian Federation in 2012 should be applied TASS reports in November, 2017 [11].

Use of software or software and hardware tools for impact on servers, computers (including portable) or on information and telecommunications networks for the purpose of illegal taking by someone else's property or obtaining the right to it is provided in article "Fraud in the field of Computer Information" (159.6 Criminal Code of the Russian Federation). Similar actions should be qualified in addition under articles of the Criminal Code on illegal access to computer information or on creation, use and distribution of the malware.

Use of someone else's credentials is subject to qualification under the article "Theft". Under use of someone else's credentials secret or fraudulent use of phone of the victim connected to service Mobile bank, authorization in the system of Internet payments under the stolen credentials, etc. means.

As the normal fraud provided by Article 159 of the Criminal Code of the Russian Federation it is necessary to consider plunder of property a propagation path in Network of obviously false data (creation of the counterfeit websites, online-shops, use of e-mail).

It is necessary to resort to article "Fraud using Payment Cards" (159.3 Criminal Code of the Russian Federation) in cases if the swindler issued himself for the true bank card owner at payment of purchases or banking operations. Cashing in of means via ATMs is qualified as theft.

As plunder of a non-cash using personal data of the owner, the password, data of the card received by the criminal from its owner by deception or confidence abuse is explained in the resolution of Russian Armed Forces, also should be considered by court as theft.

Production, storage, transportation of counterfeit payment cards, engineering devices and software for illegal acceptance, issue, money transfer, it is necessary to consider preparation for crime (if a crime was not committed for the reasons, independent of the malefactor).

Sale of counterfeit payment cards, engineering devices and software, unsuitable to use, allegedly for plunder of money is regarded as fraud or petty theft.

Production or purchase of counterfeit bank cards for the purpose of plunder in a large or especially large size without finishing intention up to the end (for the reasons, independent of the malefactor) is at the same time and preparation for plunder, and the completed crime provided by Article 187 of the Criminal Code of the Russian Federation ("Illegal turnover of means of payments").

PwC: Most the Russian companies cannot resist to cyber attacks

Most the Russian companies cannot successfully resist to cyber attacks, said in the research of the international consulting company PwC which is released in November, 2017.[12].

PwC considers that the companies should invest time and means in technologies of ensuring cyber security
PwC considers that the companies should invest time and means in technologies of ensuring cyber security

A half of the Russian respondents notes that in their companies there is no general strategy of information security, and in 48% of the companies there is no training program directed to increase in level of awareness of employees in security issues.

Besides, 56% of the companies were recognized that they do not fulfill process of response to cyber attacks. To find hackers in capability only 19% of participants of a research of PwC are completely sure of Russia and 39% of respondents around the world.

Among the main measures for detection of cyberrisks the Russian survey participants called assessment of cyberthreats (50%), permanent monitoring of an information security system (48%), sensitivity level assessment (44%) and penetration test for check of a system of protection (40%).

Nearly a quarter of the Russian companies claim that use of mobile devices led to problems with information security. This factor took the second place after phishing attacks which are in the lead among the called threats.

Cyberincidents take place every day, at the same time serious damage is caused to a brand and reputation of the company which became subject to the hacker attack. The companies need to protect trust from clients by investment of time and means into work on implementation of the proper systems and technologies aimed at providing cyber security — the head of practice on rendering services in information security field of PwC in Russia Roman Chaplygin noted.

According to him, regular information exchange between the companies can become one more effective tool in fight against cyber crime.

Compulsory insurance of cyberrisks can appear in Russia in 2022

In the field of data protection public sector of Russia can earn about 50 billion rubles from risks insurance. The initiative of introduction of insurance of cyberrisks and introduction of a cyberinsurance is sounded within the Digital Economy state program.

It is planned that cyberrisks will be obliged to insure all companies irrespective of pattern of ownership which are engaged in processing and data storage. Under this category also the Internet operators, a hosting providers and the large IT companies get mobile that, certainly, guarantees high yield against similar type of insurance. Under what conditions and in what volume will be it is made payments for insured events – yet it is not known[13].

You watch also Trends of development of IT in insurance (cyberinsurance and telematic data)

Putin designated priorities of information security of Russia

On October 26, 2017 the enlarged meeting of the Security council at which the president Vladimir Putin listed the main directions of development of information security in Russia took place. Read more here.

Data of Prosecutor's office of the Russian Federation

The number of cybercrimes in Russia  since 2013 increased six times.  The Prosecutor General of the Russian Federation Yury Chaika at a meeting of Attorney-Generals of the countries of BRICS in Brazil reported about it in August, 2017.

In 2016 66 thousand IT-crimes were recorded. In 2013 this indicator was 11 thousand.

"In Russia the number of the crimes committed using modern information and communication technologies from 2013 to 2016 increased six times. Their significant growth is observed and in the current year (+26%, 40 thousand)" — the press service of department quotes Chaika.

Also Chaika told that the damage from  IT crimes for the first half of 2017 exceeded 18 million US dollars.  Last year in Russia two thirds of crimes of extremist orientation and every ninth crime of terrorist character are committed using network.

The Ministry of Internal Affairs and Group-IB liquidated the grouping which stole 50 million rubles using a trojan

In May, 2017 in several cities of Russia two tens cybercriminals who using the malware for mobile devices stole more than 50 million rubles are delayed.

Participants of criminal grouping infected more than 1 million smartphones with the malware Cron — the Trojan for Android OS using whom malefactors abducted money from bank accounts. Using the hidden SMS commands money was transferred to in advance prepared invoices.

Group-IB helped to delay the Ministry of Internal Affairs of the stolen 50 million rubles of hackers
Group-IB helped to delay the Ministry of Internal Affairs of the stolen 50 million rubles of hackers
During behavior of investigation and search operations it was established that 20 people living in the territory of the Ivanovo, Moscow, Rostov, Chelyabinsk, Yaroslavl regions and the Republic of Mari El are a part of group, and the organizer of illegal business is the 30-year-old resident of Ivanovo — it is specified in the message of the press service of the Ministry of Internal Affairs of the Russian Federation [14].

The Group-IB company which experts the first detected the Trojan of Cron actively participated in development of criminal group.

The first information on it appeared in March, 2015: the Group-IB company recorded activity of the new criminal group distributing at hacker forums the malware "viber.apk", "Google-Play.apk", "Google_Play.apk" for Android OS. Cron attacked users of large Russian banks from TOP-50", reported in Group-IB.[15]

Infection occurred by two methods — using phishing SMS mailings and using the applications disguised under legitimate. Troyan extended under the guise of the following applications: Navitel, Framaroot, Pornhub and others. In case of phishing mailings, the potential victims received links to the websites under control of malefactors where using social engineering they were induced to install manually to themselves the malware.

Getting on phone of the victim, the trojan was established in automatic loading of the device and further independently sent Sms to the phone numbers specified by criminals, sent the text of the Sms received by the victim on remote servers and also hid arriving on SMS notifications from bank.

According to Group-IB, hackers opened more than 6000 bank accounts to which money of the victims was transferred. Every day the malware infected about 3500 users and tried to steal money at 50-60 clients of different banks. The average volume of plunders — about 8000 rubles. The general damages from actions of Cron are assessed at 50 million rubles.

In plans of malefactors, apparently, there was an expansion of the area of activity out of borders of the Russian Federation. The same grouping in June, 2016 leased the bank mobile trojan of Tiny.z aimed already not only at the Russian credit institutions, but also at banks of Great Britain, Germany, France, the USA, Turkey, Singapore, Australia and other countries.

As a result of transaction of the Russian police officers and experts in security all active participants of gang of Cron were delayed. As it became clear, many of them already have a rich criminal experience.

According to the press service of the Ministry of Internal Affairs, concerning four detainees the court elects a measure of restraint in the form of detention, concerning the others – recognizance not to leave. In the territory of six regions of Russia 20 searches during which the computer equipment, hundreds of bank cards and sim cards issued on figureheads is withdrawn are carried out.

Criminal case on signs of the corpora delicti provided by Part 4 of Article 159.6 of the Criminal Code of the Russian Federation is brought (fraud in the field of computer information).

In the western press charges of Russian authorities that they do not interfere with activity of cybercriminals often sound and nearly directly indulge them, - Dmitry Gvozdev, the CEO of Security reference monitor company says. - This history – one of the examples proving insolvency of such assessment. Just some facts get to focus of attention of foreign press, and others are often ignored.

Ministry of Defence of Denmark: the Russian hackers cracked two years mail of our employees

The hackers from Russia connected with the country leaders got two years access to electronic mailboxes of the Ministry of Defence of Denmark. The Minister of Defence of the country Claus Yort Fredriksen told about it in April, 2017.

In the report which gives Berlingske, it is reported that during 2015 and 2016 hackers from the Fancy Bear grouping had access to unclassified contents of mail of some staff of the Defense Ministry.

According to the edition, "for a long time hackers sent a large number of e-mails to specific employees in the Ministry of Defence". Employees received messages that "a system requires updating, and "they should enter the passwords". To mislead the staff of the ministry, hackers used fake pages for an input which represented the exact copy of pages of the ministry. Besides, the purpose of expected hackers, the newspaper informs, there could be not only an obtaining necessary information, but also possible recruitment of agents from among the staff of the ministry.

It is noted that cracking became possible because not all mailboxes were rather protected. Now this problem was fixed[16].

Cybercriminals mask under the "Russian" hackers

The malware applied in recent cyber attacks to the Polish banks contains false proofs, pointing that the attacks were performed by allegedly Russian-speaking hackers. Experts of BAE Systems company Shevchenko Sergey and Adrian Nish according to the results of the analysis came to such conclusion [17].

The sample of the malware investigated by specialists contained a large number of the deformed Russian words which are never used by native native speakers of Russian. As showed the analysis, virus writers used services of online-transfer, such as Google Translate, for the translation of words from English into Russian. According to Shevchenko, the one who translated the text never dealt with Russian therefore he did not pay attention to a difference in phonetic writing.

In particular, when translating the English word "client" the virus writer used his phonetic writing ("kliyent"), instead of "client" or "klient". Besides, commands were also translated using online-translators. For example, the set command was written as "ustanavlivat", the leave command as "vykhodit" and so on.

Similar errors were found not only in the malware, but also in custom an exploit whale, used for delivery of a malware to computers of the victims.

The aerospace industry of Russia attracts the growing interest of cyberspies

In February, 2017 it became known that the Chinese hackers began to attack intensively the aerospace companies in Russia and Belarus. Such conclusion was drawn by the experts of Proofpoint company monitoring activity of the grouping which is earlier noticed in attacks to government structures and business companies worldwide.[18]

The hackers who are presumably acting for the benefit of the governments of the People's Republic of China used the Trojan of NetTraveler and the instrument of remote administration PlugX. With their help criminals performed espionage activity worldwide.

Preparation for start of the spacecraft
Preparation for start of the spacecraft

Since summer of 2016 this grouping began to use the new malware which received the name ZeroT which after hit in a system downloads and sets PlugX.

ZeroT extends using the spier-phishing (narrowly targeted) letters containing investments in the HTML format of Help (.chm). Hackers used.chm-documents with the executable files integrated into them. The control system of accounts (UAC) regularly reacted to attempts of opening of these.chm-files (and in fact - attempts of start of the performed components), however at least in several cases users "obediently" promoted infection.

In no small measure it is connected with efficiency of headings in phishing letters, such as "Federal target program of 2017-2020", "Changes in the list of affiliates as of 6/21/2016" and so on.

Hackers also actively operated vulnerability of CVE-2012-0158, sending files for Microsoft Word with exploits, and the self-extracting.rar-files containing components for a bypass of a system of accounting of reference records.

China is regularly accused of active cyber espionage against other countries. The authorities of the People's Republic of China categorically disprove all charges, however experts in cyber security around the world gained enough certificates to the fact that as a part of armed forces of the People's Republic of China there are divisions which are engaged in cyber espionage and cyber attacks.

Cyber espionage, as well as espionage traditional, became for a long time a factor of international policy which should be meant constantly, - Dmitry Gvozdev, the CEO of Security reference monitor company says. - We live during an era of "a Cold cyber war" of global scales. Any industry of a strategic importance becomes an object of unfriendly interest, and attempts of the attacks are only a matter of time. As for their success, here everything depends on as far as the personnel of the attacked organizations are ready to attack, is able to reveal attempts of cyber attacks, is able to distinguish phishing letters from legitimate and how the IT personnel watch closely timely software updating.


The information security doctrine of Russia is approved

The President of Russia Vladimir Putin approved the Information security doctrine of the country on December 6, 2016 [4] (more detailed)

Germany: the Russian hackers have long hands

The head of Federal agency of protection of the constitution Hans George Maasen said in the end of the year that the analysis which is carried out by the organization showed that in an attack on an information system of OSCE in November, 2016 there is a similarity indicating participation of grouping of hackers of APT 28 in it which is also known as[19].

The reason of the attack to OSCE as consider in Germany, the attempt to interfere with organization mission in Ukraine is. It is noted that in 2016 Germany was the chairman of the organization just.

Also, according to Maasen's statements, cyber attack to OSCE was similar to cracking of a batch of the Christian and Democratic Union (CDU) of the German chancellor Angela Merkel and the website of the Bundestag in 2015, Frankfurter Allgemeine Zeitung Russland soll auch für Cyber-Angriff auf OSZE verantwortlich sein writes[20].

Despite the old term of that event, on December 1 the WikiLeaks portal published about 90 gigabytes of data with contents of classified documents on investigation of communications of the National Security Agency (NSA) of the USA with the German counterintelligence.

At the same time by the leak reason in Julian Assange's organization nevertheless consider not hackers, but a certain informant in the Bundestag. The German law enforcement agencies at the end of December came to a conclusion that one of deputies or employees of the office of parliament could transfer data. According to them, in hands of hackers after the attack of 2015 there were only 16 gigabytes of the classified information.

Perhaps, after the publication of the "unclassified" version of the report of intelligence of the USA in which WikiLeaks actually is called the helper of the pro-Kremlin hackers the German authorities will also change the opinion and will find communication between the incident of 2015 and leaks which were at disposal of the organization.

According to the head of Federal intelligence service of Germany Bruno Kal, cyber attacks pursue the only aim — to cause political uncertainty. The left digital marks how he believes, make an impression as if someone tried to show the capabilities[21] writes Deutsche Welle[22].

The Russian companies realize IT risks and threats

On December 23, 2016 the Ernst and Young company published results of a research "A way to cyberstability: forecast, protection, reaction" (Path to cyber resilience: Sense, resist, react) according to which the Russian companies realize risks and threats of information technology development and are ready to invest in the organization of effective information security systems [23].

For the last year in the companies of Russia and the CIS at all levels of the management we note significant increase in attention to questions of information security support. The organizations realize risks and threat which are posed by today's information technology development, and are ready to invest in creation of effective information security systems.

Nikolay Samodayev, the partner of EY, the head on provision of services in the field of business risks, management of IT and IT risks in the CIS

42% of respondents noted growth of investments during 2016, at the same time a considerable part of participants of a research (37%) plans their increase in the future.

More than a half of respondents noted action of operational Information Security Centers (SOC) in the companies. In comparison with global trends, the Russian companies insufficiently actively interact regarding data exchange with other SOC (7% in Russia in comparison with 32% in the world). 25% of the Russian SOC use paid subscriptions for the purpose of pro-active informing on cyberthreats (in the world – 41%), have 18% in staff of the selected cyberthreats experts-analysts (in the world – 32%).

The Russian participants of a research noted the increased risks with growth of distribution of mobile devices. Respondents noted the importance of risks and threats of loss, thefts of mobile devices (61%), their cracking (45%), non-compliance with rules of their use (71%). In 2015 the weak level of awareness of users in questions of response to phishing attacks was the most widespread lack of internal control systems that caused growth of cyber attacks of this type.

Creation of an effective information security system means continuous process of the analysis and improvement of processes of management of cyber security, including revaluation of relevant threats and review of mechanisms of protection. It not only providing effective technical and organizational measures of protection. Creation of the full program of counteraction to cyberthreats of means is possible only at close interaction between technical specialists and the business management of the organization which provides complete vision of business and a business environment, understanding of interrelations of business processes and the used information systems, the correct assessment of cyberthreats and possible effects, and, as a result, the optimal choice of adequate preventive and reactive measures of protection.

Nikolay Samodayev

In Russia for cyber attacks will put on 10 years

Legislative protection against cyberthreats

Government of the Russian Federation submitted in December for consideration State Dumas several bills directed to information system protection of the Russian Federation from kibreugroz. Packet critical information infrastructure CUES of the bills "About Security () Russian Federation"[24], it was introduced to the State Duma on December 6, 2016, reports "Interfax". In particular, for hackers in it imprisonment up to 10 years is prescribed.

Protection of critical information infrastructure

Authors of bills carry IT systems of state bodies, power, defense, fuel enterprises and other important state objects to objects of critical information infrastructure, noting that "at succession of events according to the worst scenario the computer attack is capable to paralyze critical information infrastructure of the state and to cause social, financial and/or environmental disaster".

"By data in recent years, proceeding from different techniques of assessment of damage from malware, it was from $300 billion to $1 trillion, i.e. from 0.4% to 1.4% of universal annual GDP, and these indicators tend to steady growth. Can serve as characteristic examples of effects of negative impact of the computer attacks on critical infrastructure of the state a stop of centrifuges of the Iranian nuclear power plant using a computer virus of StuxNet in September, 2010 and paralysis of work of several large financial institutions of South Korea in March, 2013", said in accompanying documents to bills.

Bills should "set the basic principles of security of critical information infrastructure, power of state bodies of the Russian Federation in the field of security of a critical information structure and also the right, a duty and responsibility of the persons owning objects of KII, telecom operators and information systems providing interaction of these objects".

Register of objects of KII

As one of security measures of KII it is offered to create the special register which will include all infrastructure facilities which are of importance distributed on the political, economic, ecological and social importance. It is supposed that the objects entered in the register will have one of three categories of the importance: high, average or low.

Representatives of objects of KII entering the register will be obliged to inform on incidents of cyber attacks and to render assistance in liquidation of their effects. In particular, owners of critical infrastructure will oblige to create and ensure functioning the systems of cybernetic safety of their objects and also to monitor creation and storage of backup copies of information necessary for normal functioning of IT systems.

Hackers will be given up to ten years

Also it is offered to supplement the criminal code of the Russian Federation with Article 274.1 "Illegal Impact on CUES of the Russian Federation". Article will provide criminal liability for creation and distribution of the harmful computer programs intended for attacks to KII, for illegal data access, contained in KII, and abuse of regulations of storage systems and processing of such data.

Article provides penalties for malefactors to 2 million and prison terms up to 10 years — depending on weight of the committed crime, existence of previous concert and number of participants. Authors of bills emphasize that "the attacks made in the criminal, terrorist and prospecting objectives from individuals, communities, foreign special services and the organizations can constitute danger".

It is planned that the amendments submitted for consideration will become effective since January 1, 2017, except for several articles among which there are regulations on introduction of criminal liability for violations in the field of security of critical infrastructure. They will become effective since the beginning of 2018.

"Russians try to crack everything". To the British ministers prohibited to carry Apple Watch

To the British ministers prohibited to put on hours of Apple Watch during the meetings of the Government for a concern that the Russian hackers can crack them to use them as the listening devices. The The Daily Telegraph newspaper with reference to unnamed sources[25] reports about it].

"Russians try to crack everything" — told one of sources.

A ban was imposed after the post of the prime minister of Great Britain in the summer of 2016 was held by Theresa May. In the government of her predecessor David Cameron several members of the government carried the smartwatch.

The court in the USA found the son of the deputy Seleznyov guilty of cyberfraud

The Russian citizen Roman Seleznyov is found by jury trial in Seattle guilty of cyberfraud. RIA Novosti with reference to the correspondent reports about it [26].

Against the Russian charge in total on 40 criminal episodes was brought, imputed it four articles, including cyberfraud, computer hacking and theft of personal data. According to the investigators, Seleznyov is involved in theft and sale of 1.7 million credit card numbers. Charge said that Seleznyov caused damage for $170 million.

Roman Seleznyov who is the son of the deputy of the State Duma Valery Seleznyov was delayed on Maldives in 2014, and then exported on the territory of the USA.

Seleznyov's protection and his father called detention of the Russian stealing. The MFA of Russia called the incident "the next unfriendly step of Washington" and violation of rules of international law.

Information security experts: "The Russian hackers" it is the myth

Experts in the field of information security from Informzashita, Kaspersky Lab, ESET and Aladdin R.D. commented on a phenomenon of "the Russian hackers" whom the USA accuses of large computer hacking of the politicians[27].

Intellectual potential as premises of charges

The base for creation of the myth about "the Russian hackers" was put by progress of the Russian programmers which since the end of the 1990th years is demanded in the USA, Klimov Evgeny, the technical director of Informzashita says. Having convinced of professionalism of the Russian programmers, the foreign companies easily could assume that the Russian hackers are not less talented.

In Russia there is a younger generation of IT specialists, and some of his representatives really are engaged in hacking, however are not criminals, Klimov considers. These are so-called "ethical hackers" (ethical hackers) who work for the benefit of the commercial and state organizations, helping them to protect the information and IT infrastructure. The Russian ethical hackers are engaged in cracking generally within bounty-programs of different brands and tenders on search of vulnerabilities for money.

Whether really to trace "the Russian trace" in cybercrimes?

One of the main reasons for which it is impossible to prove participation of citizens of any specific country in a certain cybercrime is an ability of hackers "cover up tracks".

"In the modern world it is impracticable to set an attack source if the level of knowledge of attacking allows it to crack the secure information systems in the world, – Evgeny Klimov considers. – Hackers have the whole pool of tools to destroy the slightest catches about the location not only in a certain city, but also on the whole planet. Moreover, these ingenious guys have an opportunity to create any idea of the geoposition that suspicion fell on someone another, for example, on the specific country".
"The Russian hackers" is a classical stereotype of the ninetieth and the beginnings zero. Today it is widely used for the purpose of promotion, – Baranov Artem, the virus analyst of ESET company considers. – Yes, in its basis there is an element of truth – Russian-speaking programmers have high qualification and can theoretically turn knowledge "on a dark side" – to be engaged in development of malware. On the other hand, in a century of globalization it is strange to place emphasis on national identity of hackers. Quality education in the field of programming can be got not only in Russia, cybercrimes are committed worldwide, cyber-groups integrate natives of the different countries. The great number of the hackers who were coming into the view of virus laboratory ESET acted from China or, for example, the countries of Latin America".

Political roots of a concept of "Russian hackers"

The loudest attacks attributed to "the Russian hackers" are the diversions directed against the governments of the countries bordering on Russia, but adhering to westernized orientation: Ukraine, Georgia, countries of the Baltics. Therefore probability is high that behind charges there are not only the real facts elicited by the investigation but also political motives.

"Certainly, the Russian cybercriminals exist, moreover, they are quite famous around the world, – the expert of Kaspersky Lab [Gostev Alexander] considers]. – But here it is more correct to speak rather about Russian-speaking cybercriminals". Under Russian-speaking in this case the cybercriminals who are not only are meant by citizens of the Russian Federation, but also some countries of the former Soviet Union bordering on it. In most cases Ukraine and the countries of the Baltics treat such countries, Kaspersky Lab considers. It leads to a paradoxical situation when natives of Ukraine and the Baltics participate in attacks to the governments of own countries, but the public confers responsibility for it on "the Russian hackers".

Who is who in the world of cyber crime

"Russian-speaking hackers long time were leaders, but now conceded superiority Chinese (generally exclusively because of number)". The third place in the world is taken by the Latin American hacker community where also Brazilians enter. In recent years promptly the so-called "Muslim" cyber crime grouped generally around turkoyazychny community develops.

Investments into crime

On June 24, 2016 active investment by cyber crime of the means stolen at fellow citizens in researches for the purpose of improvement became known from Ilya Medvedovsky, the CEO of Digital Security company (the Digital Security guard)[28].

According to opinion of the expert, up to 30–40% of the money stolen from cards of citizens, hackers direct to researches which purpose — improvement of criminal schemes. Hackers began to spend the considerable amounts for researches, in connection with change of a priority — corresponding accounts of banks became the purpose of swindlers. Criminals order researches on legal channels.

According to the Central Bank, in 2015 the volume of losses from cyberfraud was 1.14 billion rubles. A third of this amount is invested. By Ilya Medvedovsky's estimates, hackers can direct up to 300–400 million rubles to researches. Earlier hackers spent no more than 10-20 million rubles for these purposes.

Cyberswindlers study new technologies which will allow them to simplify schemes of the attacks. Under a sight banks and payment systems with their innovations according to cards, Internet and mobile bank. Hackers order researches under the guise of legal startups, fintekh. These are the huge amounts on researches in the field of cyber security. The legal companies in the market spend for researches many times less. Investments help hackers to carry out further such schemes, difficult from the technical point of view, as an attack to Kuznetsky bank from which damage was 500 million rubles. It is relevant and because cyberswindlers began to switch to corresponding accounts of banks.

Forecast of the expert: hackers will put to a half of "profit" in further development.

Priority inversion of cyberswindlers on corresponding accounts of banks was announced also by Artem Sychev, the deputy chief of head department of security and data protection of the Central Bank. By estimates of the Central Bank, in 2016 losses from cyberfraud, first of all from cracking of corresponding accounts of banks, will be about 4 billion rubles.

Sergey Nikitin, the deputy manager of laboratory of computer criminalistics Group-IB considers, hackers invest the stolen amounts of writing of a high-quality malicious code; regular enciphering of executable files to hide them from antivirus software; purchase and search of exploits — programs for operation of vulnerabilities in the most different platforms; payment of traffic — infection of computers for the purpose of expansion of own botnets (networks of the infected computers); channels on legalization of money.

According to Artem Sychev, the coordinator of the attack gets about 40% of the stolen amount, to "pourer" - he sends trojans and other malicious software for cracking of a customer account, an information system of bank — 10%. 8% are received by the people withdrawing the stolen money (receive cards in bank departments or independently manufacture cards clones for the subsequent cash withdrawal in ATMs). 30–40% get to those who remove cash via ATMs and transfer them to the customer. The malicious software (software) costs considerable money, to $50 thousand for the program too.

The representative of the Central Bank described the technical organization of the scheme of the attack on corresponding accounts of banks:

  • swindlers start the malware for cracking of an information system of credit institution.
  • there is a capture of information infrastructure of bank — actually malefactors begin to manage network, information on all transactions of bank, frequency and volume of transaction, a remaining balance on the corresponding account becomes available to them.
  • hackers "sit" in network of bank week, at most two.
  • the crew for an output (cashing in) of the stolen means prepares,
  • the false documents on write-off of funds from the corresponding account certified by legal signatures of responsible persons of bank form.
  • payment orders are sent to a payment system for which it is the legal payment document therefore it is obliged to perform it according to the agreement and the legislation.

To be one step away ahead of criminals, banks should concentrate on a number of the aspects interesting hackers: make the careful analysis of own payment processes and IT technologies in terms of real risks of cracking, not to place means of protecting on perimeter, and to integrate protective technologies into the automated banking system, to be engaged in training of the users in rules of Internet bank, to pass from chaotic to process information security support.

Andrey Yankin, head of department of consulting of Information Security Center of Jet Infosystems company


FSB will take security in Runet under control

In Russia it is announced creation "The system of fight" against cyberthreats. The national coordination center for computer incidents at FSB will become in one of key components. A system is created on the basis of FSB and one more authorized federal authority which name does not reveal[29].

Safety of the websites of domestic public authorities will be ensured by special unit of FSB - the National coordination center for computer incidents.

Office FSB, Moscow, 2013

Information on its creation contains in "The concept of the state Detection system, warning and mitigation of consequences of the computer attacks on information resources of Russia" from which statement is published on the website of FSB. According to the publication on the website of FSB, the President of Russia approved on December 12, 2014 the regulating document under the name "Concept of the State Detection System, Warning and Mitigation of Consequences of the Computer Attacks on Information Resources of the Russian Federation", but its fragment in a public access for the first time.

The published statement from Concept is devoted to an organization structure of the Detection system, warning and mitigation of consequences of the computer attacks on information resources of the Russian Federation which is created on the basis of presidential Decree No. 31s of January 15, 2013.

In Concept a System is described as "the uniform centralized, geographically distributed complex" as a part of which force (authorized power divisions) and means (technological solutions) of detection, warning and mitigation of consequences of the computer attacks.

Will be a part of the system two federal executive authorities: one of them is authorized to ensure safety of critical information infrastructure of the Russian Federation (it in the document is not named), the second - to create and provide functioning of a System. The obligation for creation of a System is assigned by Decree No. 31s to FSB.

In Concept 12 functions on information security support of the Internet resources assigned to a System are listed. Among them:

  • identification of signs of carrying out computer attacks,
  • development of methods and sensors, warnings and mitigations of consequences of the computer attacks;
  • formation of the detailed information on the information resources of the Russian Federation which are in the System area of responsibility (i.e. resources of authorities);
  • forecasts in the field of providing Information Security of the Russian Federation;
  • the organization and interaction with law enforcement agencies and other state agencies, owners of information resources of the Russian Federation, telecom operators, Internet service providers and other interested organizations at the national and international levels in the field of detection of the computer attacks and establishment of their sources;
  • the organization and carrying out scientific research in the field of detection, warning and mitigation of consequences of the computer attacks, etc.

Though the specified main objective of a System in Concept - protection of the websites of state agencies (information resources of the Russian Federation), studying of its documentary functions allows the assumption, about the boundless width of powers of FSB on information security support in Runet.

In Russia the system of cyber security is created

In Russia own security system and counteractions to cyberthreats is created, quoted the Interfax agency of the Deputy Prime Minister Dmitry Rogozin who made a speech on March 10, 2015 at a conference on cyber security in MSU[30].

The Russian system of cyber security, according to the Deputy Prime Minister, will be based "on use of smart weapon". This weapon "is created using the most difficult production lines, technology chains which are the smart equipment too", - Rogozin Dmitry told.

In the performance the Deputy Prime Minister classified the main threats in the field of cyber security which Russia can face. According to Interfax, according to him, "threats can be in three cases: the first - the country, stronger (than Russia - a comment of CNews) or even the coalition of the countries; the second - the opponent, equal on force; the third - the opponent technically weaker".

The Ministry of Defence will create division of cybertroops in the Crimea

The Ministry of Defence of the Russian Federation creates separate division of troops of information operations in the Crimea, TASS a source in the Defense Ministry[31] reported[32].

According to him, "violation of work of information networks of the probable opponent and as a result violation of functioning of its management system for troops" and also "ensuring cyber security of the information networks" will become tasks of division.

In May, 2014 it was announced creation in Russia of troops of the information transactions intended for protection of the Russian military management systems and communication. Parts and divisions in military districts and on the fleet, staffed with highly qualified specialists in the field of mathematics, programming, cryptography, communication, radio-electronic fight will be their part.

Cyberthreats in online retail

Research agency 42Future by request of Qrator Labs conducted survey of twenty large online retailers on DDoS attacks. The managers of the companies of an average and the top management knowledgeable on the matter participated in poll.


Ministry of Internal Affairs of the Russian Federation: The number of financial cybercrimes in Russia in 2014 doubled

According to the Ministry of Internal Affairs of the Russian Federation in Russia in 2014 11 thousand crimes in the field of telecommunications and computer information were registered.

"The main motive of commission (crimes) is desire of extraction of material benefit. In 2013 thefts and frauds made 30% of all registered crimes in the information sphere, acting as the undisputed leader in this category. In 2014 their share made already 41% and if the number of the registered frauds changed not strongly, then the number of thefts increased twice", - the chief of Bureau of special technical events of the Ministry of Internal Affairs of the Russian Federation Alexey Moshkov noted.

According to him, modern services act as tools for advertizing and involvement of the potential victims, communication, money transfer on condition of preserving of anonymity of malefactors. "The developing situation represents serious threat, discredits network business and undermines confidence of users to electronic payments", - Moshkov considers.

One of important trends in the field of crimes in the field of IT he called wide use of mobile platforms as means for obtaining confidential information. First of all the malware focused on embezzlement from bank accounts using the system of mobile bank are for this purpose used. However also cases on remote receiving control over devices were recorded.

"Besides, malefactors successfully use in the purposes new services and technologies for mobile devices, wrapping their functionality against the owners. The majority of modern smartphones and tablets use a binding to an account, and often store data in cloud services", - Moshkov explained. Having got access to the user account malefactors can load contact lists of the subscriber, the photo and video, the information on its correspondence supplied about movements, to block the device as lost or stolen. Sometimes kibeprestupnik get data access of bank cards and to passwords with accounts in different services. These data are used for plunder of money and blackmail, Moshkov concluded.

Data of Kaspersky Lab and B2B International

As a result of actions of cybercriminals in 2014 a third of financial companies (36%) in Russia faced leak of the important data connected with implementation of cash transactions. At the same time 81% of financial institutions consider that they "take all necessary measures for maintenance of relevance of protective technologies". Such data were obtained during the research conducted by Kaspersky Lab together with B2B International company.

Financial institutions accept, process and store big arrays of confidential information of the clients. For this reason in business where the trust from client side is highly appreciated, cyber attacks can be especially sensitive and result in the increased risks, both material, and reputation. According to the research, financial institutions about it are knowledgeable — 52% from them announced that they are ready to implement new technologies for additional protection of financial transactions.

After the serious incidents of the company, as a rule, pay more attention to information security. Ensuring safe connection of client transactions became the most popular measure this year among the Russian financial institutions — it was followed by 86% of respondents. The companies are also more interested in providing customized applications to the clients for work with online banking for mobile devices (61%). It demonstrates that safety of mobile payments becomes one of priority tasks.

Providing the protective solution to the clients — free of charge or at the reduced cost was the least widespread measure. Only 53% of respondents were disturbed by implementation of specialized means of protecting on computers and mobile devices of clients after date leak. It indicates higher interest of the companies in security of own infrastructure, than user.

  • These researches "Information Security of Business", carried out by Kaspersky Lab and B2B International to the period from April, 2013 to April, 2014. More than 3900 IT specialists from 27 countries of the world, including Russia participated in a research.

Data of BSTM of the Ministry of Internal Affairs

According to Bureau of special technical events of the Ministry of Internal Affairs of the Russian Federation (BSTM Ministry of Internal Affairs), the number of computer crimes in Russia in 2013 increased by 8.6%. Extraction of material benefit became the main motive of cybercriminals, note in law enforcement agencies. Practically all cases of an illegal information access (19% of all computer crimes) are directed to plunder of money. A crime amount, organized for the purpose of hooliganism, extremely slightly.

In 2013-2014 the largest share of computer crimes, according to BSTM Ministry of Internal Affairs, is the share of fraud (37%) which illegal access to computer information (19%) and distribution of a child pornography (16%) follows. On 8% of all computer crimes committed for this period it is the share of computer piracy and distribution of malware.

Among top trends of computer crime in BSTM Ministry of Internal Affairs note that the increasing number of traditional types of crime moves to network, the increasing number a crime is committed from the mercenary purposes, and mobile devices become the purpose of criminals even more often.

For the first half of 2014 of year in Russia more than 7 thousand cybercrimes were registered. At the end of 2013 their quantity exceeded 11 thousand.

Data of Proofpoint

Wayne Huang from busy information security of Proofpoint company published in the fall of 2014 a detailed report about grouping of hackers of Qbot, is reserved getting access to others accounts in banks. At peak the Qbot grouping controlled about 500 thousand PCs, collecting data on keyboard input of the user passwords to bank services[33].

Half a million infected PCs are not too big it is interesting to botset the research published by the researcher the expert of Proofpoint according to present standards, however, what describes difficult tactics of authors of this botnet, and, besides, it points to their Russian origin.

The hypothesis of the Russian (Russian-speaking) roots of creators of a botnet is based on the Qbot control panel to which researchers of Proofpoint got access. On the screenshots presented in reports of Proofpoint menu items and comments in the correct Russian on managing pages of a botnet are well visible.

According to a research, Qbot which in Proofpoint is also called by Qakbot was aimed at the attack of the systems of remote banking of the American banks. 75% of the IP addresses which managing servers of a botnet contacted are the share of the USA, and 59% from them belong to clients of five largest American banks. Only a quarter of under control PCs is the share of other countries of the world.

It is interesting that 52% of the PC which Qbot was succeeded to infect work running Windows XP, though as authors of the report emphasize, this OS occupies a share only in 20-30% of the PC both in households, and in the corporate sector now. Support of Windows XP was stopped by Microsoft in April, 2014.

According to the analysis of Proofpoint, 82% of successful infections of Qbot were made by means of the Internet Explorer browser.

Attacks on computers of the potential victims were carried out from the websites constructed on the WordPress engine. Creators of a botnet got initial access to them, having purchased base of administrator's names and passwords then implemented the malicious code in the websites in the black market.

At visit by the potential victim of the infected website the special management system for traffic analyzed the PC of the potential victim on signs of its IP address, type of the browser, the operating system, the set protective software and other criteria. Thus creators of a botnet minimized danger of detection of their malicious software implemented in the websites.

The majority of the infected websites executed regular anti-virus scannings, however the implemented malicious code remained unnoticed as attacking tried to use the exploits which are not causing reaction in an anti-virus software. According to Wayne Huanya, before loading of the vredonsony code he was checked according to the Scan4U database aggregating data from tens of the anti-virus companies. If the base learned a malicious code, it was changed for such in which scanning did not cause problems.

Founders of Qbot took measures for protection against the antivrusny companies: if the visitor of their website resembled an automatic virus scanner, then the management system for traffic redirected it to not infected version of the website. At the disposal of hackers there was a list of the IP addresses used by the cybersecurity companies, and any traffic from them was also readdressed to "blank" copies of the websites. Owing to these measures as Wayne Huan writes, many owners of the websites whom he contacted, did not believe that they are attacked.

For the purposes of a sniffing (scanning of keyboard clicking when entering the bank login and the password) authors of Qbot used the whole array of vulnerabilities in plug-ins of PDF, Java, Flash and Internet Explorer which were selected from each case depending on unique features of a direct system. Exploits for operation of these vulnerabilities were usually purchased in the black market, and hackers refused them when they became too widespread.

Huan writes in the research that authors of Qbot, having scanned 500 thousand computers, could obtain data approximately about 800 thousand bank accounts.

According to it, organized criminal groups are ready to buy data on bank accounts, proceeding from the price of $25 thousand apiece, and, thus, even if founders of Qbot "will sell a share of percent of accounts in the black market, they will get multimillion profit on the transaction".

Though internal security aids of founders of Qbot were good, it is impossible to call them perfect, Huan says and gives an amusing detail: when it found the control panel web address a botnet, it was found out that access to it does not require the password.

National online teams

The public chamber suggested to organize national online teams which on the Internet will trace and reveal the websites and accounts of cybercriminals, the undersecretary of OP Vladislav Grib reported RIA Novosti[34].

"Specialists from among law enforcement agencies which struggle with Internet criminals not so much. Forces at law enforcement authorities in monitoring of Internet criminals are very insignificant, and on the Internet we have less criminals now, than in real life. Many active Internet users from among members of OP are ready to organize so-called onlay-monitoring of a cyberspace" — Grib told.

He reported that the Public chamber would like to create certain national teams on the Internet and to attract there several thousands of people that they revealed offenses in network and reported about it in competent authorities and the Roskomsvyaznadzor.

The State Office of Public Prosecutor of the Russian Federation suggests to sign the agreement on fight against cyber crime within the UN

The State Office of Public Prosecutor of the Russian Federation suggested foreign colleagues to sign within the UN the agreement on fight against crime in the field of information technologies. The offer was read during the Baikal international conference of prosecutors which opened in Irkutsk in August, 2014 (according to ITAR-TASS).

The Prosecutor General Yury Chaika noted that Russia achieved certain success in cooperation with the foreign states in questions of fight against cross-border flows of "dirty" investments.

He explained that lately with the participation of the international public prosecutor's community it was succeeded to liquidate a number of cross-border criminal groups. In particular, in the case of Boris Berezovsky the Russian prosecutors cooperated with colleagues from France and Brazil, in Yukos case - with Holland and Armenia, Switzerland and Great Britain assisted in return of means of Sovcomflot of Russia. This practical experience, according to Chaika, needs to be strengthened the corresponding regulatory framework now.

As the Deputy Prosecutor General of the Russian Federation Alexander Zvyagintsev who made a speech at a conference noted, in 2001 under the auspices of the Council of Europe the convention against cyber crime was signed. According to him, it has a number of shortcomings, in particular in issues of cooperation in criminal cases and therefore "cannot apply for a role of world-wide recognized agreement in this sphere".

In this regard the State Office of Public Prosecutor suggests foreign colleagues to sign the agreement on fight against cyber crime within the UN. "It is sure, not to do the international community without (such) agreement", - Zvyagintsev told.

Besides, department suggests foreign partners to sign bilateral and multi-lateral international agreements about return of the property received in the criminal way that will promote return of revenues of the states. "Without such agreement to any state it is simply unprofitable to send abroad inquiries for confiscation of the property received in the criminal way as the confiscated assets can remain at the disposal of the required state", - explained to the Deputy Prosecutor General.

Bases of state policy of the Russian Federation in the field of the international information security until 2020

The President of Russia Vladimir Putin signed the document defining policy of the country in the field of ensuring the international information security in July, 2013. Follows from this document that for itself Moscow sees the main threats in use of Internet technologies as "information weapon in military-political, terrorist and criminal objectives" and also for "intervention in internal affairs of the states".

It is reported that V. Putin signed "Bases of state policy of the Russian Federation in the field of the international information security until 2020" at the end of the last week. It was developed in Security Council of the Russian Federation with the assistance of the profile ministries, including the MFA, the Ministry of Defence, the Ministry of Telecom and Mass Communications and Ministry of Justice. According to media, the document partly thought as the response to the "International strategy for actions in a cyberspace" accepted in 2011 by the USA. In it Washington for the first time equated acts of computer diversions to traditional military operations, having reserved the right to react to them all means, up to use of nuclear weapon.

The Russian answer looks is more peaceful: as it appears from the text, Moscow intends to fight against threats in Network not of methods of intimidation, and strengthening international cooperation. In the document four main threats for the Russian Federation in this sphere are selected.

  • The first - use of information and communication technologies as information weapon in the military-political purposes, for implementation of hostile actions and acts of aggression.
  • The second - use of ICT in the terrorist purposes.
  • The third - cybercrimes, including illegal access to computer information, creation and distribution of malware.
  • The fourth threat designated in the document reflects purely Russian approach - it is about use of Internet technologies for "intervention in internal affairs of the states", "disorderly conduct", "kindling of hostility" and "promotion of the ideas inciting to violence". According to interlocutors of the edition, the events of "the Arab spring" which showed the capacity of the Internet for the organization and coordination of anti-government protests forced to pay attention to this threat of the power of the Russian Federation.

Russian authorities intend to resist to these threats together with the allies, first of all members of SCO, the CSTO and BRICS. With their help Moscow expects to achieve implementation of a number of key initiatives: acceptances in the UN of the Convention on ensuring the international information security, development of internationally recognized rules of conduct in a cyberspace, internationalization of a management system for the Internet and establishments of the international legal regime of non-proliferation of information weapon. Still the countries of the West opposed initiatives of the Russian Federation, believing that they are directed to gain of state control over the Internet.

The Federation Council suggests to encourage "white" hackers

The concept of Strategy of cyber security of the Russian Federation provides development of mechanisms of encouragement of the citizens helping regarding search of vulnerabilities of the protected information resources and formation of offers on their elimination, follows from the draft of the concept[35].

The draft of the concept contains several sections devoted: to general-system measures for ensuring cyber security; to improvement of a regulatory framework, scientific research; to creation of conditions for development, production and use of means of ensuring of cyber security; to improvement of staffing and organizational measures; organizations of internal and international interaction for ensuring cyber security; to formation and cultural development of safe behavior in a cyberspace.

Among proposed measures there is, in particular, a development of the state detection system, warning and mitigation of consequences of the computer attacks on information resources of the Russian Federation. Besides, toughening of administrative and criminal liability for the crimes committed in a cyberspace is offered.

As one of measures development of system measures for implementation and application domestic program and hardware, including means of ensuring of cyber security, instead of analogs of foreign production in the state information systems, information and telecommunications networks, information systems of crucial objects is supposed.

Recorded Future analyzed the Russian pro-government hackers

The international information and analytical Recorded Future project which is based in the USA and Sweden published [5] an activities overview of the Russian "pro-government" hacker groupings in November, 2014. It is about the malware of the Uroburous, Energetic Bear and APT28 groups appearing under different names in the history of cybercrimes of the last years[36].

Having compared information on activity, the used tools and conducts, researchers came to a conclusion that three groupings were created with the different purposes — political and economic espionage (Uroburous), preliminary positioning of Russia for conducting future cyber war (Energetic Bear) and also monitoring and regulation of a geopolitical situation (APT28). These purposes, according to authors of material, can lead to the main characters standing behind the organization of the attacks.

Activity of the described groups is well planned at the strategic, tactical and operational levels what constantly changing, but not crossed purposes testify to, researchers of Recorded Future believe. Organized and accurate work of the Russian cybergroups, they note, does difficult their identification and the analysis in comparison, for example, with negligence of the Chinese hackers. All this brings Russia to the level of serious cyberthreat on a global scale.


Data of Symantec

Based on the report of Norton Report 2013:

  • 85% of Russians in 2013 faced cybercrimes
  • 59% of users of smartphones faced mobile cybercrimes in the last year
  • 56% of users of mobile devices in Russia do not know about existence of solutions for security for them
  • 56% of the working users are more senior than 18 years use the personal mobile device both for entertainment, and for work
  • 60% of users are more senior than 18 years use the public or unprotected networks Wi-fi

Damage assessment from cyber attacks

Each cyber attack to networks of the large Russian companies causes financial damage to the organization on average for the amount of $695 thousand. The companies of medium and small business lose about $14 thousand for one cyberincident. Such conclusions are drawn in joint survey of B2B International and Kaspersky Labs company[37].

Damage caused to the companies was established by researchers of B2B International by poll of IT specialists from 24 countries of the world, including Russia. In total by preparation of the report 2895 respondents were polled.

According to originators of a research, to financial losses carry on three main investigations of cyber attacks: forced idle time of the company, the missed opportunities for its business (including losses of contracts) and additional expenses on services of specialists. Proceeding from costs of these factors the average amount of damage was calculated.

According to the report forced idle time of the companies is recognized the most expensive factor. For large enterprises it cost in the amounts to $791 thousand, to the companies of the SMB-segment - on average in $13 thousand.

The damage from the missed opportunities (in particular, the contracts which are not signed by the companies) reached $375 thousand for the large companies and $16 thousand for the small and medium enterprises.

At last, involvement of third-party specialists for mitigation of consequences of cyber attacks costed respectively in $6.6 thousand for a segment of SMB and in $26 thousand for large enterprises. These data collected in the Russian companies differ from global data from the same report: on average in the world additional expenses of the SMB-companies after cyber attacks averaged $13 thousand, and large enterprises - $109 thousand.

FSB of Russia will conduct investigations for hackers

The Federal Security Service (FSS) of Russia intends to adopt obligations of the Ministry of Internal Affairs on investigation of computer crimes (information for August, 2013). Experts of FSB already submitted the document setting criminal liability for the illegal access to the computer information protected by the law which entailed damage of security of critical information infrastructure of the country or created threat of its approach. The maximum punishment - imprisonment for a period of ten years.

Besides, department prepared the bill providing criminal liability for "the abuse of regulations of operation of means of storage, processing or transfer of the protected computer information or information and telecommunications networks and the final equipment and also rules of access to such networks which entailed damage of security of critical information infrastructure of the Russian Federation or created threat of its approach". This document prescribes the maximum punishment in the form of seven years of imprisonment.

It is planned that drafts of the federal laws directed to protection of information resources of the Russian Federation against the computer attacks will become effective since January 1, 2015.

The State Duma Committee on Security and Anti-Corruption Activity made in November, 2013 the decision to recommend for acceptance in the first reading the government bill allocating the staff of the Federal Security Service (FSS) with powers to hold investigation and search operations "on getting of information on the events or actions (failure to act) creating threats of information security of the Russian Federation". This innovation will allow to counteract more effectively such threats in the conditions of large-scale informatization of all spheres of public life, authors of the bill consider.

According to RBC, in explanatory materials to the document is specified that now activation of interstate information confrontation is noted, cases of distribution of the malicious software used as information weapon are fixed. A wide scale is assumed by activity of hacker groupings. The possibility of use of information telecommunication technologies for preparation and commission of crimes, including terrorist orientation is not excluded. At the same time objects of illegal aspirations, as a rule, are the information systems used by public authorities, credit and financial, educational and other organizations, mass media including on crucial infrastructure facilities.

In December, 2013 the State Duma unanimously adopted the bill which will allow FSB to be engaged in operational search activity in the field of information security in the second and third reading. At the same time deputies note that the security service was engaged in it earlier, and the project is only designed to legalize similar methods of work.

"Adoption of the specified federal law will create conditions for conducting the investigation and search operations directed to getting of information on the events, actions or failure to act creating threats of information security of the Russian Federation that will allow to counteract more effectively these threats in the conditions of large-scale informatization of all spheres of public life" — noted during the report at the second reading Nikolay Kovalyov, the member of the committee of the State Duma on security and anti-corruption[38].

Deutsche Telekom: Russia is the main source of cyber attacks in the world

The German IT company Deutsche Telekom started in the spring of 2013 the website displaying cyber attacks worldwide in real time. According to the card of the portal, Russia wins first place in the world by the number of outgoing Internet threats.

The portal shows the cyber attacks registered by "traps for hackers" ("honeypot"). From Russia in February, 2013 nearly 2.5 million attacks that is 2.5 times more, than from Tayvani, taken the second place were registered. Further Germany with more than 900 thousand threats follows. Used more than 90 sensors for monitoring of Deutsche Telekom worldwide. The website shows that daily there are about 200,000 new versions of viruses, trojans and worms menacing to security of computers and their owners.
"Of course, not all 2.5 million attacks – work of the Russian hackers, a part of Internet criminals just use the Russian servers. The Deutsche Telekom group developed this instrument of monitoring as the company works with personal data of customers and pays special attention to data protection. Statistics provided on the website can be used by any company for assessment of the situation, including in dynamics, and creations of an end-to-end system of protection against cyber-threats. Any user with public IP can install the free application and place with himself on the computer a trap (honeyspot), all are necessary links is on the portal. In exchange for it access to the IP addresses of the attacking and attacked machines is guaranteed to it", – the CEO of T-Systems CIS Toskin Alexey comments.

On the website Sicherheitstacho the schematic world map showing sources of cyber attacks is submitted. Here it is specified to what purposes the attacks are directed, statistics of the attacks on their forms and the countries is displayed. However, malefactors not necessarily physically are in the same countries, as their servers. According to developers, the new Sicherheitstacho platform will allow to stop cyber crime in a germ.


Data of the Ministry of Internal Affairs

The Ministry of Internal Affairs published in October, 2012 statistics on crimes in the field of high technologies for the first half of the year 2012. According to the ministry in Russia 5696 cybercrimes were recorded that is nearly 11% more, than in the same period of 2011. Among them the crimes connected with creation, distribution and use of malware and also with fraud on the Internet prevail.

Internet fraud, according to law enforcement agencies, are the most widespread crimes in IT, and their number continues to grow. In 6 months 2012 1443 such crimes (growth by 44%) are recorded. At the same time, according to the experts, the real number of Internet frauds are several times higher as these crimes are characterized by the high level of latency. Especially in the Ministry of Internal Affairs noted increase in number of crimes using the systems of remote banking.

The Ministry of Internal Affairs also reported on results of the transaction "Weed" which problem is control of offenses, connected with distribution of a child pornography in P2P networks of the Internet. Today 1179 users extending illegal content from the territory of 61 countries of the world are set. As of September, 2012 the Russian investigation authorities bring 131 criminal cases on the basis of the materials received during the transaction "Weed". On channels of an international telecommunication the staff of Administration "K" of the MIA of Russia to law enforcement agencies of the foreign states sends 204 messages containing data on electronic resources which are used for distribution of a child pornography. 23 countries among which the USA, Great Britain, Canada, Australia, Germany, France, Belgium and the Netherlands, says department already got into collaboration in prevention of crimes in this sphere.

Data of Symantec

The NortonLifeLock company (before Symantec) provided results of the annual research on the cybercrimes committed concerning users, Norton Cybercrime Report 2012 in September, 2012. Specialists of Norton assessed the general damages of users from cybercrimes in the world at 110 billion US dollars. In Russia the total damage was about 2 bln. dollars, and 31.4 million people became the victims of cybercriminals.

In spite of the fact that most of users take basic actions for personal data protection and information, nearly 40% from them neglect simple methods of precaution, in particular, create simple passwords or change them irregularly. One more problem is that many users do not know about how some forms of cyber crime changed over the years. For example, 40% of users do not know that malware can work imperceptibly and difficult define that the computer is struck, and more than a half (55%) are not sure whether their computer is infected with a virus.

Data of NCC Group

The research published at the beginning of 2012 by the British company NCC Group showed what the USA is in the lead among other countries on number of the outgoing hacker attacks. Results of this research are based on given monitoring of the logs of attempts of cyber attacks worldwide provided by DShield - the community in information security field which is based in the States. The country source of attempt of the attack was determined by the IP address.

According to a research, the USA is generated by 22.3% of all attempts to attack computers. It is followed by China – 16%. By NCC Group estimates, in total these countries the hacker actions annually cause damage to world economy of more than $43 billion.

With very big separation from them Russia takes the third place on number of attempts to attack computers – 3.6%, said in the report of the British analysts. Annual damages from actions of her cyber-malefactors are assessed approximately at $4 billion. Not much more Russia is lagged behind by Brazil from 3.5%. On the Western European countries – the Netherlands, France, Italy, Denmark, Germany on average it is necessary from 2.5% to 3.2% of all cyber attacks in the world.

The USA regularly indicates Russia and China as on the main sources of threats of cyber security for the country. So, recently, head of the national intelligence of the USA James R. Klepper (James R. Clapper), speaking at listenings of committee on investigation of the House of Representatives of the U. S. Congress, expressed serious concern in growth of number of cyber attacks from the Russian hackers to the American computer networks.

File:Сша рассадник.jpg
"We are especially concerned by the fact that some organizations in China and Russia perform invasions into the American computer networks and steal information. And the amplifying role of these players in a cyberspace is a fine example of easy access of similar persons to potentially destructive technologies and production secrets", - quoted its western media. The "Russian-Chinese" cyber-threat he earlier repeatedly mentioned in the official reports.

Recently Russia is often accused of different illegal cyber-actions, at the same time cases when different cracking writes off for the Russian hackers without the bases, sufficient on that, are frequent. So, at the end of 2011 Russia was accused of an attack on infrastructure of the USA: local media distributed the message that the Russian hackers got access to the computer and broke work of the water-pressure station in the State of Illinois.

As afterwards showed formal investigation about it, in the IT system of the station the input from the Russian IP address was really registered, however it was performed by the employee of the station during stay in Russia who and was recognized later in it, and work of the station was not broken at all.

In January, 2012 the American media distributed the message that the computer virus in the IT system of one of colleges in San Francisco for several years sent data of its users to Russia, China and some other countries in spite of the fact that this fact was not confirmed yet by local investigators.

Cyber-police of the Russian Federation

In February, 2012 the President Russia Dmitry Medvedev suggested to create new structure in the system of the Ministry of Internal Affairs on fight against crimes on the Internet. On board in MINISTRY OF INTERNAL AFFAIRS Medvedev said that "it is necessary to think of creation of such divisions which essentially new and are focused on identification and disclosure of very difficult crimes in the technology roadmap". According to Medvedev, the police should pay more attention to crime in information space, and police chiefs — to be able to use the Internet. He emphasized that in Network it is possible to meet not only financial speculators, but also drug dealers, extremists, other types of crime, Interfax tells.

In the Russian Armed forces the new type of military forces for fight against cyberthreats is created. This information was confirmed in August, 2013 on air of radio "Echo of Moscow" by the head of the Russian Fund of perspective researches Andrey Grigoriev. According to him, there is now a work on the concept of the program which will be developed by the Defense Ministry. The Russian Fund of perspective researches was created as an analog of the Agency of perspective researches of the USA. He is engaged in developments for the benefit of defense of the country, is specified in the message of radio station.


Report of Symantec on Internet threats

According to the annual report of Symantec corporation on Internet threats (Internet Security Threat Report, Volume 17) Russia took the sixth place in the world on the level of harmful activity on the Internet for 2011. At the same time Russia is in the third place in the world by quantity spam zombie, and Moscow takes the 11th place in the world on number of bots (malware, automatically performing operations instead of people, often without their consent).

For 2011 Russia made two significant jumps in the world rankings of the countries with the greatest number of spam and network attacks. In 2010 the country held the 6th place in rating by quantity of spam, and in 2011 rose by the 3rd position and still takes 1 place among the countries of the region of EMEA including the countries of Europe, the Middle East and Africa.

In a year Russia also rose from 8 by the 5th line of rating by the number of network attacks. The tendency to the systematic growth of number of the attacks by a malicious code and also the phishing websites was outlined in 2011. Besides, growth is traced and by quantity of active bots in network – every 100-th bot in the world has the Moscow registration (the 11th place in the world). After Moscow by quantity of bots there are such cities as St. Petersburg, Tver, Voronezh and Nizhny Novgorod.

From the general tendency to increase in number of threats only the web attacks are beaten out. Here Russia showed good result and fell in rating from 7 for the 8th line. Nevertheless, against the background of others, the Russian user look an attractive target for cybercriminals - in the world ranking of the countries on harmful activity in 2011 Russia rose from 10 to the 6th place.

Besides, Russia takes the 9th place in the world on number to the web attacks (in comparison with the 10th place last year), saved the 7th place in the world on number of the web attacks.

Image:Лидеры рейтинга стран-источников вредоносной активности в Интернете.jpg

The leaders of the rating of the countries sources of harmful activity on the Internet

Image:Лидеры рейтинга стран-источников вредоносной активности в Интернете таблица ботов.jpg

Data of Economic Crime Department on Moscow

For 2011, according to Management on fight against economic crimes of Moscow, the Moscow cyberpolice officers more than 70 crimes connected with fraud on the Internet were revealed. From them 90% have economic focus.

Earlier first place was won by the crimes connected with fraud with bank cards, but in the last year in leaders crimes in the field of Internet banking were beaten out. At the same time the damage from the swindlers cracking programs of remote banking reaches tens of million rubles.

2010: In a year hackers in Russia earned 2-2.5 billion euros - ESET

The volume of the money earned by cybercriminals in 2010 amounts about 2-2.5 billion euros in Russia. Percentage of the incidents in information security field which took place at physical persons and legal entities was 50% for 50%. At the same time quantity of the financial resources received by malefactors as a result of malicious attacks to the different companies, much more than at distribution of the malware among home users.

It is possible to designate 2010 year of the purposeful attacks. Information on two similar large incidents was open for a public access. The first attack implemented at the beginning of a year and which received the code name "Aurora" was directed to the whole group of the world famous companies. Not only the specific organization, but also IT infrastructure of a certain type can be the purpose for the directed attack. Such methodology was applied at other attack, the Stuxnet worm getting on industrial enterprises.

The increased number of the Trojan programs aimed at the banking sector, including at specific banking systems allows to speak about the directed attacks to certain banks and systems remote banking (RBS). Besides, analysts of ESET predict that the interest of cybercriminals at distribution of bank trojans in 2011 still will more be displaced on the popular systems of Internet banking. It is connected with a huge number profited as one successful incident can bring to malefactors up to several million rubles.

Earlier not the known vulnerabilities in the software help to implement the purposeful attacks in many respects (0-days or vulnerabilities of "zero day"). Last year a large number of such "holes", both in the most popular browsers, and in not less widespread expansions to them was recorded. Products of Adobe company became permanent leaders among the detected and most often used vulnerabilities. However in an early autumn the championship in amount of the operated vulnerabilities of "zero" day was intercepted by a software platform of Java. On statistical data of technology of early detection of ThreatSense.Net, in Russia the following exploits and Trojan loaders were most often used: Java/Exploit.CVE-2009-3867, JS/Exploit.CVE-2010-0806, Java/TrojanDownloader.OpenStream, Java/TrojanDownloader.Agent.

As for the most widespread software in our region, the Russian ten in 2010 was headed by different modifications of the Conficker worm with the general indicator in 10.76%. On the second place family of the malware which are transferred on removable media - INF/Autorun (6.39%). Completes top three of Win32/Spy.Ursnif.A (5.73%) which steals personal information and accounts from the infected computer, and then sends them to a remote server. Besides, the Trojan can extend as a part of other malware.

Also relatively the Russian region the number of the incidents connected with infection of computers with family of the Win32/Hoax.ArchSMS programs racketeers (on classification of ESET) which practically did not leave the twenty of the most widespread threats in Russia in the second half of the year 2010 grew. This type of fraud means distribution of popular content, for example, a flash players or e-books, with the special program installer which requires to send the Sms in the course of installation for its continuation. In spite of the fact that the malicious Hoax.ArchSMS program did not get in TOP-10 the rating of the most widespread threats, it caused many problems to the Russian users and brought considerable income to swindlers in 2010. Data are provided by ESET company.

By estimates of analysts of Group-IB company for 2011 the "Russian" hackers earned about 4.5 billion dollars
link= Report 2011 RUS.pdf
. In 2011 the damage from the cybercrimes in Russia committed by residents of the Russian Federation was the amount about 2.3 billion dollars while the world damage from cybercrimes exceeded 12.3 billion dollars. In the Russian market accounts with the amount less than 500 thousand dollars practically ceased to interest cybercriminals. So, according to Group-IB company, the largest cyber theft made 26 million dollars: this amount was stolen in 3 months. At the same time average age of the cybercriminal – 25 years, the average price for 1000 infected computers is 20 dollars now, and one investigation in the field of cybercrime in Russia lasts at least 2-3 years.

Key trends of 2011:

  • Doubling of financial performance of the Russian market. Financial indicators of the world market of computer crime in 2011 were 12.5 billion dollars. From them falls to the share of the "Russian" hackers to a third of all income — about 4.5 billion dollars. This amount includes also income of the Russian segment — 2.3 billion dollars. Thus, it is possible to speak about almost double increase in last year's indicators of the market of cyber crime in Russia.

  • Cyber crime market centralization. Due to consolidation of participants and penetration of traditional criminal groupings the market of cyber crime of Russia endures the period of dynamic transition from a chaotic status to centralized.

  • Internet fraud and spam make more than a half of the market. In 2011 the Russian Internet swindlers managed to steal about $942 million; they are followed by spammers who earned $830 million; domestic market of Cybercrime to Cybercrime made $230 million; and DDoS — $130 million.

2000-2010: The loudest messages about the cyber conflicts with participation of Russia

The Russian Association for Electronic Communications (RAEC) together with the British research agency Powerscourt released in the middle of 2011 the rating of the loudest materials about Russia on a subject of cyber crime and a cyber war. The rating is on materials of a large-scale content research of the western press from January, 2000 till March, 2010.

"A problem of rating — to show the main points of tension in the relations of Russia with the West in the hi-tech sphere and to tell about the main anti-heroes who for the last 10 years caused damage to image of Russia and reduced investment attractiveness of our country in general — the Chairman of the board of NP RAEC Mark Tverdynin tells. — The rating, as well as a research, shows that in recent years the image of our country in the field of IT changed in a negative side. Russia is represented as the homeland of dangerous cybercriminals and one of the main enemies of the USA and Europe capable to conduct opposition on the virtual battlefield. In conditions when the Russian economy stakes on innovations in the technology sphere, this trend is threat for development of our country. Especially, when in our country such projects as RBN or Glavmed appear".

The rating was formed on the basis of a full-fledged research of the largest European and American newspapers and magazines on the principle of the analysis of references of Russia in connection with a key word: hackers (hacking), cybercrimes, the malicious software (viruses, net worms), botnets (network of the infected computers), a phishing (fraud for the purpose of obtaining personal data), cyber security and a cyber war.

The rating included articles about these cybercriminals and also the materials which became result of the active promotional campaigns launched in the western media. For example, the campaign connected with recent events in Georgia. Subjects in rating are distributed by the absolute number of original publications. Total number of reprints on several orders exceeds number of original materials.

The loudest messages about the cyber conflicts with participation of Russia 2000-2010

Place Description of an event Time Number of publications

  1. Cyber attacks to Georgia and the Georgian bloggers in LiveJournal, August, 2008, 65 publications
  2. Anniversary of war in Georgia, cyber attacks to the Georgian bloggers in Twitter and Facebook, August, 2009, 60 publications
  3. the World's largest pharmaceutical network of spammers of Glavmed advertizes and sells using spam counterfeit means for protection against swine flu, November, 2009, 40 publications
  4. the Russian hackers are accused of cracking of mailboxes of the scientists-climatologists discussing lack of a problem of global warming, December, 2007, 38 publications
  5. Messages about activity and subsequent closing of Russian Business Network, November, 2007, 35 publications
  6. Cyber attacks to eBay and Yahoo! which led to difficulties in activity of these Internet companies and to falling of a rate of their stocks, January, 2000, 27 publications
  7. Detention by the staff of FBI of hackers Vasily Gorshkov and Alexey Ivanov who hacked networks of security of the American companies and offered protection against own cracking, October, 2000, 21 publications
  8. Кампания in protection of the programmer of Elkomsoft company Dmitry Sklyarov who cracked protection of files of the popular PDF format and the arrested on charge of Adobe company at an exhibition in Las Vegas, the USA, July, 2000, 19 publications
  9. Virus epidemic of the net worm of MyDoom which became the most fast-extending malware in the world, February, 2004, 17 publications
  10. Messages about threat of global epidemic of the Conficker virus as which creators rank unknown Russian programmers, February, 2010, 15 publications

Изображение России в западной прессе в связи с киберконфликтами последнего десятилетия

"The image of Russia in the western press in connection with the cyber conflicts of the last decade", the Research Powerscourt, London especially for NP RAEC


In 2008 in Russia there were more than 14 thousand crimes in the field of IT that is 2 thousand more in comparison with indicators of 2007. All division "To" the Ministry of Internal Affairs of the Russian Federation during 2008 brought 5572 criminal cases - 21.4% more, than in 2007.

RIA Novosti with reference to the words of Boris Miroshnikov, the chief of Bureau of special technical events of the Ministry of Internal Affairs of the Russian Federation reports about it, during his performance at the 11th National forum of information security "Information security of Russia in the conditions of global information society" (Infoforum).

However, this statistics is rather conditional. First, it partly duplicates data of adjacent divisions. For example, fraud cases with cash cards can pass both on discharge of economic crimes, and on discharge of information crime.

And secondly, in this sphere the so-called latency is extremely high — the organizations are usually not inclined to advertize unreliability of the IT systems therefore up to 85% of crimes around the world disappears and is not included in official reports.

In 2008 law enforcement agencies submitted to courts 5638 criminal cases under Article 272 of the Criminal Code of the Russian Federation ("Illegal access to computer information"), 1359 cases on Article 273 of the Criminal Code of the Russian Federation ("Creation, use and distribution of malware for a computer"), eight criminal cases under Article 274 ("Abuse of regulations of operation of a computer, computer system or their network"). Also in 2008 1078 crimes under the Article 159 ("Fraud") were recorded and 620 criminal cases are opened that is 66% more, than in 2007.

"Information space just teems with illegal acts: a huge number of the swindlers abducting personal data, distributors of viruses, creators of underground call offices which cause extensive damage to telecom operators in the form of plunder of traffic, any huge list of the websites with a child pornography, the extremist websites, non-licensed products and so on", - Miroshnikov told.

The chief of Bureau of special technical events of the Ministry of Internal Affairs of the Russian Federation noted that positive dynamics in fight against distribution of a child pornography in Russia is observed - in 2008 under the Article 242 UK ("Illegal distribution of pornographic materials or objects") brought 160 criminal cases that is 74% more in comparison with 2007.

Among other positive changes in the field of cybercrimes, it was mentioned that providers "began to take the responsibility for self-cleaning, self-regulation" and also public institutes were connected to fight against criminals. It allowed to close for negative contents without court more than 1.2 thousand information resources in 2008.

In 2008 forces of police officers delayed criminals who were engaged in the organization of DDoS attacks on websites of the different companies and extorted money for their termination. For the organization of the attacks about 8 thousand PCs were infected, and more than 10 large Russian companies suffered from them.

The Ministry of Internal Affairs tries to gain trust of business, but so far the situation is far from an ideal. If above-mentioned statistics gives an adequate idea only of the general dynamics of development of crime (the number of offenses that is not surprising, grows), then indicators of effectiveness of work of BSTM are quite specific. In 2007 4.5 thousand criminal cases, in the 2008th — 5.5 thousand were opened. The main problem in fight against network crimes for bodies, obviously, is the transnationality of the Internet.

As Sergey Mikhaylov (FSB) notes, in Russia FSB rather well interacts with all registrars and providers. At the request of department they in the shortest possible time close unreliable resources and provide necessary data. And here outside the country a situation absolutely other.

See Also

  1. FSB of Russia jointly with Investigative Department of the Ministry of Internal Affairs of the Russian Federation is carried out large-scale special operation
  2. To a pandemic viruses were picked up
  3. Who governs point: bonuses from discount cards are stolen from thousands of Russians
  4. Hackers prepare for and technologies/20191114/830545130.html attacks to energy industry till some years
  5. the Embassy of the Russian Federation in London responded to publications about "the Russian hackers"
  6. Trend Micro Admits it Was Hacked, Symantec Denies Claims of 'Fxmsp' Breach
  7. Hackers were built in a system
  8. The number of cyber attacks in Russia doubled
  9. German Gref suggested to create the Ministry of Emergency Situations in the digital sphere
  10. In Russia the automated system of information exchange about cyberthreats will appear
  11. the Supreme Court of the Russian Federation explained subtleties of qualification of cyberfraud
  12. Most the Russian companies are not steady against cyber attacks, stated in PwC
  13. In Russia want to enter a cyberinsurance
  14. Administration "K" of the MIA of Russia stops activity of the organized group suspected of plunder of money from bank accounts by means of the Trojan program
  15. Falling Krone
  16. the Ministry of Defence of Denmark: the Russian hackers cracked two years mail of our employees
  17. Cybercriminals mask under the "Russian" hackers
  18. Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX
  19. Fancy Bear#page1 Germany: the Russian hackers have long hands
  20. [1]
  21. [ whether
  22. the Kremlin Can influence elections in Germany?]
  23. Cyber crime in the world
  24. of CNews: In Russia for cyber attacks will put on 10 years
  25. [ of Watches banned from Cabinet after ministers warned devices could be vulnerable to hacking Apple
  26. the Court in the USA found the son of the deputy Seleznyov guilty of cyberfraud
  27. of CNews: Information security experts: "The Russian hackers" it is the myth
  28. Cyberswindlers spend 40% of kidnapped persons of funds for researches
  29. FSB will direct security in Runet
  30. [2]
  31. [ of Lenta
  32.  : The Ministry of Defence will create division of cybertroops in the Crimea]
  33. the Russian hackers performed large-scale operation on cracking of bank accounts in the USA and Europe
  34. the Public chamber suggested to create cyberteams
  35. the Federation Council suggests to encourage "white" hackers
  36. of Recorded Future analyzed the Russian pro-government hackers
  37. For a year of 95% of the Russian companies underwent cyber attacks
  38. the State Duma permitted FSB to be engaged in information security of the country