Translated by
2019/05/15 09:40:45

Cyber crime and cyber conflicts: Russia

Content

Organizations

The key organizations of Russia dealing with security issues in the field of information technologies are:

Cyber wars

Russia is forced to undertake measures of control of other countries in the field of a cyberspace and thus it is involved in cyber wars. As the key opponent in this sphere the USA traditionally acts:

2019

Russian-speaking hackers sell source codes of antiviruses of Symantec, McAfee and Trend Micro for $300 thousand.

In the middle of May, 2019 the American company Advanced Intelligence (AdvIntel) specializing in investigation of threats of information security announced cracking of servers of three producers of antiviruses: Trend Micro, Symantec and McAfee. Behind this cybercrime, according to experts, there is a Russian-language hacker Fxmsp grouping which began to sell source codes of anti-virus products on shadow websites, having asked for them $300 thousand.

To the materials Fxmsp which are laid out for sale provides a screenshot in the description (see below) on which it is possible to see folders and files with an amount more than 30 Tbyte. Judging by images, among kidnapped persons of data it is possible to detect information on models of artificial intelligence, documentation on development, source codes of anti-virus solutions and many other things.

Hackers claim that from October, 2018 to April, 2019 their activity was concentrated around cracking of the different anti-virus companies. According to specialists of AdvIntel, the Fxmsp group specializes long ago and successfully in sale of data which were got during loud leaks. Cybercriminals attack the government organizations and the companies, their income is estimated at millions of dollars.

Experts of AdvIntel it is known that one of members of grouping is the Muscovite by the name of Andrey. On the available data, he started a cybercriminal career in the middle of the 2000th years and specializes in social engineering.

The representative of Trend Micro in the comment confirmed to the Computer Business Review edition that the company suffered "from unauthorized access of the third parties to a single network testing laboratories". McAfee said that the company "did not detect any signs that the described campaign affected products, services or McAfee networks". Symantec denies cracking.[1]

The Russian state structures were attacked for years by hackers from China

On May 13, 2019 it became known of existence of cybergrouping which attacked several years the Russian state structures and the companies, using for cracking a task scheduler of the operating system.

Positive Technologies called this hacker TaskMasters grouping for what she used a task scheduler for penetration into local networks. Hackers after cracking investigated networks regarding vulnerabilities, loaded malware there and were engaged in espionage. As malefactors used the acquired information, it is unknown.

Positive Technologies and Kaspersky Lab detected the Chinese cybergrouping which stole several years data from more than 20 Russian companies and state structures
Positive Technologies and Kaspersky Lab detected the Chinese cybergrouping which stole several years data from more than 20 Russian companies and state structures

As told Kommersant in Positive Technologies, cybergrouping with presumably Chinese roots attacked at least nine years state structures and the companies, some of them were in Russia. Experts know of a compromise more than 30 significant organizations from industries, constructions, power engineering specialists, to the real estate, etc. from which 24 are in Russia. Company names do not reveal.

According to Positive Technologies, references of the Chinese developers occur in the code of the used TaskMasters of tools, during some attacks connections from the IP addresses from China were recorded, and keys for some versions of programs can be detected at forums where residents of this country communicate.

Kaspersky Lab says that since 2016 keep track of activity of the same group which is called by BlueTraveler. Targets of its attacks call state structures, mainly from Russia and the CIS there, confirming that malefactors, most likely, speak Chinese.

Add to Kaspersky Labs that the fixing method in infrastructure and further distribution using a task scheduler and is often used long ago by malefactors. As a rule, such attacks help political investigation or are occupied with industrial espionage, noted in the company.[2]

2018

Doubling of number of cyber attacks, the income of hackers exceeded 2 billion rubles

In 2018 the number of cyber attacks in Russia doubled, and the income of hackers exceeded 2 billion rubles. Such data in the middle of April, 2019 were provided by the vice president of Rostelecom for information bezopasnostiigor Lyapunov.

According to him, in 2018 the Center of monitoring and response to cyber attacks of Rostelecom of Solar JSOC recorded 765,259 attacks that is 89% more, than the previous year. Similar dynamics is characteristic and for all Russia as Rostelecom provides services to the largest and the most attacked companies in the country, Lyapunov explained.

The number of cyber attacks in Russia grew twice
The number of cyber attacks in Russia grew twice

According to its data, about 75% of cyber attacks are the share of the credit and financial organizations, e-commerce, game business. Besides, even more often infrastructure facilities become the victims of hackers.

«
There was a term of politically motivated attacks... The purpose attacking is a receiving control and a point of presence at this critical information infrastructure — Igor Lyapunov told during the performance on "RIF+KIB 2019".
»

Positive Technologies recorded the 27 percent growth of number of successful cyber attacks in Russia in 2018, the representative of the company Alexey Novikov told Vedomosti. Most often malefactors attacked infrastructure (49% of incidents were the share of such attacks) and web resources of the companies (26% of the attacks), he specifies. In 2018 even more often cybercriminals tried to steal information: in 30% of the attacks they stole personal data, in 24% — credentials, in 14% — payment data, Novikov reported.

According to Kaspersky Lab, the total number of the attacks of malware in 2018 increased by 29%. But here DDoS attacks are not considered, the head of department of anti-virus researches of Kaspersky Lab Vyacheslav Zakorzhevsky explained to the edition.[3]

German Gref suggested to create the Ministry of Emergency Situations in the digital sphere

On October 4, 2018 the Head Sberbank German Gref said that in Russia it is necessary to create the separate Ministry of Emergency Situations in the digital sphere, by analogy with normal MINISTRY OF EMERGENCY SITUATIONS.

«
I think, it is necessary to create serious infrastructure. The ministry of emergencies at us exists. It is necessary to create the ministry which would control emergencies in the digitalny sphere which will concern all infrastructure without exception.
German Gref, head of Sberbank
»

The head of Sberbank also noted that the digital component gets into different spheres, and called it one of key trends and calls of the future. Also he focused attention that in the modern world of cyberthreat purchase the increasing value and do headings of news in this connection attempts to create from them political news, like intervention in elections or interventions in management are made.

Earlier Sberbank assessed global damages from cyber attacks in 2018 at $1 trillion and predicted growth of this amount to $8 trillion in 2022[4].

Putin announced creation of the IT system of information exchange about cyberthreats

On July 6, 2018 it became known of creation in Russia of an automated system exchanges of information on cyberthreats. It was said by the Russian President Vladimir Putin during the International congress on cyber security in Moscow.

«
The business initiative of formation of a system of the automated information exchange about threats in digital space will be implemented. At cyber attacks this system will allow to coordinate better actions of telecom operators, credit institutions, Internet companies with law enforcement agencies and by that quickly to liquidate the arising threats — he reported.[5]
»

] Putin urged to develop uniform international rules of the game in the digital sphere
] Putin urged to develop uniform international rules of the game in the digital sphere

Also Russian authorities intend to develop the system of the international information exchange about cyberthreats.

«
In the nearest future the government should decide on structure which will be responsible for this work — Putin told.
»

According to the head of state, for fight against cyberthreats it is necessary to develop new complete solutions on warning and control of offenses against citizens in a digital medium. It is for this purpose important to create the corresponding legal conditions, to provide convenient forms of interaction of citizens and government institutions, he emphasized.

«
Let's aim that the software existing in Russia and infrastructure were based on domestic technologies and solutions which underwent the corresponding testing and certification. Of course, not to the detriment of the competition  — the Russian leader noted.
»

Speaking about other priorities in the information sphere, Putin called among them carrying out researches in this sphere in cooperation with business and scientists. According to the president, it will allow to advance domestic technologies and to create demanded and competitive products on their base.

During the performance Vladimir Putin also paid attention that the number of cyber attacks to the Russian resources in the first quarter in comparison with the same period of the 2017th grew 2018 by a third.

Sberbank: Losses of the Russian economy because of cyber attacks can exceed 1 trillion rubles

From 30% to 40% of cybercrimes are made by teenagers aged from 14 up to 16 years — authors of a research "Threat Zone 17/18 came to such conclusions: new calls of the digital world", performed by Sberbank together with BI.ZONE subsidiary company. Results of a research were provided on the International congress on cyber security in Moscow[6].

Also the research showed that the companies of the financial sector become targets about a half of the attacks. At the same time the public learns only about 20% of incidents, in particular, because the companies do not wish to disclose this information. From all cyberthreats viruses -encoders type are most widespread in the world WannaCry.

Researchers counted that at the end of 2018 damage caused to economy of Russia by cybercriminals will exceed 1.1 trillion rub. The World Economic Forum (WEF) assesses damages from actions of hackers to world economy more than at $1 trillion. By 2022 this indicator can grow to $8 trillion the WEF placed cyber crime on the third line of the rating of global risks. On the first two there are climatic changes and natural disasters.

Besides, the research showed that more than 80% of the hacker attacks include application of social engineering. For attacks on clients of Sberbank this indicator is 90%. As the deputy chairman of board of Sberbank Stanislav Kuznetsov told journalists on the sidelines of the congress, often it leads to theft of funds from accounts of the victim.

2017

Report of TsSR on the Russian cybersecurity market

In December, 2017 the Centre for Strategic Research (CSR) which chairman of the board is the former Minister of Finance Alexey Kudrin published the report  on the future of information security in Russia.

According to experts, the main strategy of ensuring cyber security in the international sphere assume the choice between strategy, one of which consists in orientation on cooperation with external partners and strengthening of a legal framework for global regulation of this sphere while another consists in gain of internal regulation and orientation to own resources and solutions.

TsSR simulated risks in the communications industries and IT
TsSR simulated risks in the communications industries and IT

According to authors of the report, Russia needs to concentrate attention to three the main areas of work:

  • Reduction of risk of military-political use of ICT and formation of bases of the international legal mode of responsible behavior of the states in a cyberspace

  • Security, stability and fault tolerances of the Internet and infrastructure of digital transmission of data for the Russian users, business and the state

  • Ensuring the Russian interests in the field of a safe digital medium, fight against computer crime and also development of technologies and information security market

TsSR suggests to develop and fix on the international clipping level of military-political use of information technologies in respect of objects of critical infrastructure and also to interpret key concepts of the existing system of international law in terms of their application in the field of information technologies.

Besides, TsSR suggests to adapt key regulations of international humanitarian law, including the Geneva Conventions, to actions using information and communication technologies. All report is available according to this link. [3]

The Supreme Court of the Russian Federation explained subtleties of qualification of cyberfraud

The Supreme Court of the Russian Federation explained to judges, to properly qualify cyberfraud and fraud with bank cards. The plenum of Russian Armed Forces issued the resolution "About Judicial Practice on Cases of Fraud, Assignment and Waste" in which for the first time speaks in what cases and how the new articles about fraud added to the Criminal Code of the Russian Federation in 2012 should be applied TASS reports in November, 2017 [7].

Use of software or software and hardware tools for impact on servers, computers (including portable) or on information and telecommunications networks for the purpose of illegal taking by someone else's property or obtaining the right to it is provided in article "Fraud in the field of Computer Information" (159.6 Criminal Code of the Russian Federation). Similar actions should be qualified in addition under articles of the Criminal Code on illegal access to computer information or on creation, use and distribution of the malware.

Use of someone else's credentials is subject to qualification under the article "Theft". Under use of someone else's credentials secret or fraudulent use of phone of the victim connected to service Mobile bank, authorization in the system of Internet payments under the stolen credentials, etc. means.

As the normal fraud provided by Article 159 of the Criminal Code of the Russian Federation it is necessary to consider plunder of property a propagation path in Network of obviously false data (creation of the counterfeit websites, online-shops, use of e-mail).

It is necessary to resort to article "Fraud using Payment Cards" (159.3 Criminal Code of the Russian Federation) in cases if the swindler issued himself for the true bank card owner at payment of purchases or banking operations. Cashing in of means via ATMs is qualified as theft.

As plunder of a non-cash using personal data of the owner, the password, data of the card received by the criminal from its owner by deception or confidence abuse is explained in the resolution of Russian Armed Forces, also should be considered by court as theft.

Production, storage, transportation of counterfeit payment cards, engineering devices and software for illegal acceptance, issue, money transfer, it is necessary to consider preparation for crime (if a crime was not committed for the reasons, independent of the malefactor).

Sale of counterfeit payment cards, engineering devices and software, unsuitable to use, allegedly for plunder of money is regarded as fraud or petty theft.

Production or purchase of counterfeit bank cards for the purpose of plunder in a large or especially large size without finishing intention up to the end (for the reasons, independent of the malefactor) is at the same time and preparation for plunder, and the completed crime provided by Article 187 of the Criminal Code of the Russian Federation ("Illegal turnover of means of payments").

PwC: Most the Russian companies cannot resist to cyber attacks

Most the Russian companies cannot successfully resist to cyber attacks, said in the research of the international consulting company PwC which is released in November, 2017.[8].

PwC considers that the companies should invest time and means in technologies of ensuring cyber security
PwC considers that the companies should invest time and means in technologies of ensuring cyber security

A half of the Russian respondents notes that in their companies there is no general strategy of information security, and in 48% of the companies there is no training program directed to increase in level of awareness of employees in security issues.

Besides, 56% of the companies were recognized that they do not fulfill process of response to cyber attacks. To find hackers in capability only 19% of participants of a research of PwC are completely sure of Russia and 39% of respondents around the world.

Among the main measures for detection of cyberrisks the Russian survey participants called assessment of cyberthreats (50%), permanent monitoring of an information security system (48%), sensitivity level assessment (44%) and penetration test for check of a system of protection (40%).

Nearly a quarter of the Russian companies claim that use of mobile devices led to problems with information security. This factor took the second place after phishing attacks which are in the lead among the called threats.

«
Cyberincidents take place every day, at the same time serious damage is caused to a brand and reputation of the company which became subject to the hacker attack. The companies need to protect trust from clients by investment of time and means into work on implementation of the proper systems and technologies aimed at providing cyber security — the head of practice on rendering services in information security field of PwC in Russia Roman Chaplygin noted.
»

According to him, regular information exchange between the companies can become one more effective tool in fight against cyber crime.

Compulsory insurance of cyberrisks can appear in Russia in 2022

In the field of data protection public sector of Russia can earn about 50 billion rubles from risks insurance. The initiative of introduction of insurance of cyberrisks and introduction of a cyberinsurance is sounded within the Digital Economy state program.

It is planned that cyberrisks will be obliged to insure all companies irrespective of pattern of ownership which are engaged in processing and data storage. Under this category also the Internet operators, a hosting providers and the large IT companies get mobile that, certainly, guarantees high yield against similar type of insurance. Under what conditions and in what volume will be it is made payments for insured events – yet it is not known[9].

You watch also Trends of development of IT in insurance (cyberinsurance and telematic data)

Putin designated priorities of information security of Russia

On October 26, 2017 the enlarged meeting of the Security council at which the president Vladimir Putin listed the main directions of development of information security in Russia took place. Read more here.

Data of Prosecutor's office of the Russian Federation

The number of cybercrimes in Russia  since 2013 increased six times.  The Prosecutor General of the Russian Federation Yury Chaika at a meeting of Attorney-Generals of the countries of BRICS in Brazil reported about it in August, 2017.

In 2016 66 thousand IT-crimes were recorded. In 2013 this indicator was 11 thousand.

"In Russia the number of the crimes committed using modern information and communication technologies from 2013 to 2016 increased six times. Their significant growth is observed and in the current year (+26%, 40 thousand)" — the press service of department quotes Chaika.

Also Chaika told that the damage from  IT crimes for the first half of 2017 exceeded 18 million US dollars.  Last year in Russia two thirds of crimes of extremist orientation and every ninth crime of terrorist character are committed using network.

The Ministry of Internal Affairs and Group-IB liquidated the grouping which stole 50 million rubles using a trojan

In May, 2017 in several cities of Russia two tens cybercriminals who using the malware for mobile devices stole more than 50 million rubles are delayed.

Participants of criminal grouping infected more than 1 million smartphones with the malware Cron — the Trojan for Android OS using whom malefactors abducted money from bank accounts. Using the hidden SMS commands money was transferred to in advance prepared invoices.

Group-IB helped to delay the Ministry of Internal Affairs of the stolen 50 million rubles of hackers
Group-IB helped to delay the Ministry of Internal Affairs of the stolen 50 million rubles of hackers
«
During behavior of investigation and search operations it was established that 20 people living in the territory of the Ivanovo, Moscow, Rostov, Chelyabinsk, Yaroslavl regions and the Republic of Mari El are a part of group, and the organizer of illegal business is the 30-year-old resident of Ivanovo — it is specified in the message of the press service of MVD RF[[10].
»

The Group-IB company which experts the first detected the Trojan of Cron actively participated in development of criminal group.

The first information on it appeared in March, 2015: the Group-IB company recorded activity of the new criminal group distributing at hacker forums the malware "viber.apk", "Google-Play.apk", "Google_Play.apk" for Android OS. Cron attacked users of large Russian banks from TOP-50", reported in Group-IB.[11]

Infection occurred by two methods — using phishing SMS mailings and using the applications disguised under legitimate. The trojan extended under the guise of the following applications: Navitel, Framaroot, Pornhub and others. In case of phishing mailings, the potential victims received links to the websites under control of malefactors where using social engineering they were induced to install manually to themselves the malware.

Getting on phone of the victim, the trojan was established in automatic loading of the device and further independently sent Sms to the phone numbers specified by criminals, sent the text of the Sms received by the victim on remote servers and also hid arriving on SMS notifications from bank.

According to Group-IB, hackers opened more than 6000 bank accounts to which money of the victims was transferred. Every day the malware infected about 3500 users and tried to steal money at 50-60 clients of different banks. The average volume of plunders — about 8000 rubles. The general damages from actions of Cron are assessed at 50 million rubles.

In plans of malefactors, apparently, there was an expansion of the area of activity out of borders of the Russian Federation. The same grouping in June, 2016 leased the bank mobile trojan of Tiny.z aimed already not only at the Russian credit institutions, but also at banks of Great Britain, Germany, France, the USA, Turkey, Singapore, Australia and other countries.

As a result of transaction of the Russian police officers and experts in security all active participants of gang of Cron were delayed. As it became clear, many of them already have a rich criminal experience.

According to the press service of the Ministry of Internal Affairs, concerning four detainees the court elects a measure of restraint in the form of detention, concerning the others – recognizance not to leave. In the territory of six regions of Russia 20 searches during which the computer equipment, hundreds of bank cards and sim cards issued on figureheads is withdrawn are carried out.

Criminal case on signs of the corpora delicti provided by Part 4 of Article 159.6 of the Criminal Code of the Russian Federation is brought (fraud in the field of computer information).

«
In the western press charges of Russian authorities that they do not interfere with activity of cybercriminals often sound and nearly directly indulge them, - Dmitry Gvozdev, the CEO of Security reference monitor company says. - This history – one of the examples proving insolvency of such assessment. Just some facts get to focus of attention of foreign press, and others are often ignored.
»

Ministry of Defence of Denmark: the Russian hackers cracked two years mail of our employees

The hackers from Russia connected with the country leaders got two years access to electronic mailboxes of the Ministry of Defence of Denmark. The Minister of Defence of the country Claus Yort Fredriksen told about it in April, 2017.

In the report which gives Berlingske, it is reported that during 2015 and 2016 hackers from the Fancy Bear grouping had access to unclassified contents of mail of some staff of the Defense Ministry.

According to the edition, "for a long time hackers sent a large number of e-mails to specific employees in the Ministry of Defence". Employees received messages that "a system requires updating, and "they should enter the passwords". To mislead the staff of the ministry, hackers used fake pages for an input which represented the exact copy of pages of the ministry. Besides, the purpose of expected hackers, the newspaper informs, there could be not only an obtaining necessary information, but also possible recruitment of agents from among the staff of the ministry.

It is noted that cracking became possible because not all mailboxes were rather protected. Now this problem was fixed[12].

Creation of the center of cyber security of nuclear power plants

In April, 2017 VNIIAES reported that based on it the Competence Center on cyber security of an APCS of nuclear power plants was created. It is formed for the purpose of creation of a single system of identification and warning of cyber attacks to an APCS of the NPP and maintenance in permanent readiness of forces and means of mitigation of consequences from cyber attacks on nuclear power plants. Tasks of the center include formation of industrial and scientific and technical policy on cyber security of an APCS of the NPP, development and deployment on nuclear power plants of technologies and information security tools.

Cybercriminals mask under the "Russian" hackers

The malware applied in recent cyber attacks to the Polish banks contains false proofs, pointing that the attacks were performed by allegedly Russian-speaking hackers. Experts of BAE Systemsshevchenko company Sergey and Adrian Nish according to the results of the analysis came to such conclusion [13].

The sample of the malware investigated by specialists contained a large number of the deformed Russian words which are never used by native native speakers of Russian. As showed the analysis, virus writers used services of online-transfer, such as Google Translate, for the translation of words from English into Russian. According to Shevchenko, the one who translated the text never dealt with Russian therefore he did not pay attention to a difference in phonetic writing.

In particular, when translating the English word "client" the virus writer used his phonetic writing ("kliyent"), instead of "client" or "klient". Besides, commands were also translated using online-translators. For example, the set command was written as "ustanavlivat", the leave command as "vykhodit" and so on.

Similar errors were found not only in the malware, but also in custom an exploit whale, used for delivery of a malware to computers of the victims.

The aerospace industry of Russia attracts the growing interest of cyberspies

In February, 2017 it became known that the Chinese hackers began to attack intensively the aerospace companies in Russia and Belarus. Such conclusion was drawn by the experts of Proofpoint company monitoring activity of the grouping which is earlier noticed in attacks to government structures and business companies worldwide.[14]

The hackers who are presumably acting for the benefit of the governments of the People's Republic of China used the Trojan of NetTraveler and the instrument of remote administration PlugX. With their help criminals performed espionage activity worldwide.

Preparation for start of the spacecraft
Preparation for start of the spacecraft

Since summer of 2016 this grouping began to use the new malware which received the name ZeroT which after hit in a system downloads and sets PlugX.

ZeroT extends using the spier-phishing (narrowly targeted) letters containing investments in the HTML format of Help (.chm). Hackers used.chm-documents with the executable files integrated into them. The control system of accounts (UAC) regularly reacted to attempts of opening of these.chm-files (and in fact - attempts of start of the performed components), however at least in several cases users "obediently" promoted infection.

In no small measure it is connected with efficiency of headings in phishing letters, such as "Federal target program of 2017-2020", "Changes in the list of affiliates as of 6/21/2016" and so on.

Hackers also actively operated vulnerability of CVE-2012-0158, sending files for Microsoft Word with exploits, and the self-extracting.rar-files containing components for a bypass of a system of accounting of reference records.

China is regularly accused of active cyber espionage against other countries. The authorities of the People's Republic of China categorically disprove all charges, however experts in cyber security around the world gained enough certificates to the fact that as a part of armed forces of the People's Republic of China there are divisions which are engaged in cyber espionage and cyber attacks.

«
Cyber espionage, as well as espionage traditional, became for a long time a factor of international policy which should be meant constantly, - Dmitry Gvozdev, the CEO of Security reference monitor company says. - We live during an era of "a Cold cyber war" of global scales. Any industry of a strategic importance becomes an object of unfriendly interest, and attempts of the attacks are only a matter of time. As for their success, here everything depends on as far as the personnel of the attacked organizations are ready to attack, is able to reveal attempts of cyber attacks, is able to distinguish phishing letters from legitimate and how the IT personnel watch closely timely software updating.
»

The creator of "Shaltay-Boltaya" is delayed by FSB

The Russian FSB in October, 2016 arrested Vladimir Anikeev, the creator of the blog "Humpty Dumpty". Lewis (a network nickname of Anikeev) is accused of participation in a set of computer crackings.

The creator of the Humpty Dumpty resource was delayed by Federal Security Service of the Russian Federation in October, 2016. Vladimir Anikeev (a network nickname – Lewis) is incriminated by cybercracking after which on the blog, since 2014, electronic correspondence of many officials of a high rank was published, CNews reports.

So, on Humpty Dumpty e-mail, correspondence in Telegram, "cloud data" from smartphones the prime minister Dmitry Medvedev, the Deputy Prime Minister Dvorkovich's Arcadia, the press secretary of the prime minister Natalya Timakova, the head Roskomnadzor Aleksandra Zharova, the head Accounts Chamber Tatyana Golikova and other officials and heads of state structures were published. In 2014 Roskomnadzor closed access to a resource in the territory of Russia, but the blog continued work and in 2015 began to offer the stolen information through an auction. In the summer of 2016 on a resource correspondence of the assistant to the head of state was published Vladislava Surkova. And if all previous data were got by hackers from public servers (Mail.ru"Yandex" Gmail), then Surkov's correspondence was stolen both with Mail.ru, and from a business address in the domain gov.ru, and contained data on a gating system in the Kremlin which are the state secret.

Hackers in Russia will be imprisoned for 10 years

The State Duma protected critical infrastructure from hackers

The State Duma approved in January in the first reading a packet of bills which provides up to 10 years of imprisonment for hackers whose target is the critical information infrastructure (CII) of the Russian Federation. In case of the adoption of the bill, the relevant amendments will be made to the Criminal code of the Russian Federation, reports CNews TASS news agency[15].

KII are meant as information and telecommunication systems of state bodies. Here automated process control systems in the defense, fuel, space-rocket, nuclear, chemical, metallurgical and mining industry and also in spheres of health care, communication, transport, power and finance belong.

Punishments for hackers

For example, for creation or distribution of software intended for harming of KII, hackers for 5 years will go to forced labor or to be imprisoned for the same term. As option, payment of a penalty in the amount of one thousand p500 to one million p1 is possible. The penalty can be also calculated proceeding from the income of the criminal – in the amount of salary for the period from 1 year to 3 years.

If the hacker not just created/distributed the harmful program for KII, but also caused the actual damage to infrastructure, he can spend in prison from 5 to 10 years. Besides, the criminal for 5 years will lose an opportunity to be engaged in some types of activity and to work at the corresponding positions.

Also punishment for an illegal information access which contains in KII is prescribed if this access is provided using the malware and creates threat for infrastructure. The penalty for it makes from p1 one million to p2 of one million, or equals to the income of the criminal for the period from 3 to 5 years. As option, imprisonment for up to 6 years and a penalty for the amount from one thousand p500 to one million p1, or in the amount of salary for 1-3 years is possible.

Other punishments

The bill offers punishments not only for causing deliberate harm of KII, but also for abuse of regulations of treatment of information which contains there. Here improper handling with the equipment on which this information is stored, processed and transferred belongs. The same point includes abuse of regulations of data access and to the KII systems if it creates threat for infrastructure.

For such actions violators will be imprisoned for 6 years. Other option of punishment: 5 years of forced labor will also lock to be engaged in some types of activity for 3 years. If not one person, but a group of persons who agreed in advance acts or use official position, then they are threatened by imprisonment for a period of 3 up to 8 years or 5 years of forced labor.

Security

The bill considered today by the State Duma also describes the principles of security of KII, imposes appropriate authority on state agencies and sets duties and responsibility of owners and operators of infrastructure. The special representative federal body should be responsible for security of KII.

All objects of KII should be separated into categories, each category will receive the regulations of security. Separation will be carried out on the basis of the register of significant objects which creation stipulates the bill. Besides, for KII security systems which will cooperate with the detection system, warnings and mitigations of consequences of the computer attacks on information resources of the Russian Federation will be created. This system was created by the decree of the president of January 15, 2013.

Zecurion: Russia - among five countries with the best cybertroops

Russia can enter in top-5 the countries with the most developed cybertroops — specialized divisions on cyber security for the military or prospecting purposes. These researches Zecurion Analytics which are brought by Kommersant[16] demonstrate to it [17][18].

Exact digits in the company refused to open, however, according to the interlocutor of the edition on information security market, expenses of Russia on cybertroops make about $300 million a year, and the number of the Russian special forces is about 1 thousand human.

According to the company, specialized divisions on cyber security officially use several dozens of the countries, and unofficial — more than one hundred. As notes the edition, potential assessment in this sphere is based on military budgets of the states, the strategy of cyber security, statutory documents, the reference information of the international organizations, official comments and the insider information.

So, according to data of a research, the most developed cybertroops in the world the USA has now. According to analysts, public financing of this direction in the States can make about $7 billion a year, and the number of the hackers cooperating with the state — 9 thousand human.

On the second place in Zecurion delivered China where financing of this direction can make $1.5 billion a year, and the cyberarmy is estimated as the most numerous, up to 20 thousand human.

The three of the countries where special forces on cyber security are most developed, Great Britain selecting to the cybertroops consisting of 2 thousand people, $450 million a year closes. On the fourth place South Korea with the budget of $400 million a year and structure in 700 hackers.

2016

The information security doctrine of Russia is approved

The President of Russia Vladimir Putin approved the Information security doctrine of the country on December 6, 2016 [4] (more detailed)

Germany: the Russian hackers have long hands

The head of Federal agency of protection of the constitution Hans George Maasen said in the end of the year that the analysis which is carried out by the organization showed that in an attack on an information system of OSCE in November, 2016 there is a similarity indicating participation of grouping of hackers of APT 28 in it which is also known as[19].

The reason of the attack to OSCE as consider in Germany, the attempt to interfere with organization mission in Ukraine is. It is noted that in 2016 Germany was the chairman of the organization just.

Also, according to Maasen's statements, cyber attack to OSCE was similar to cracking of a batch of the Christian and Democratic Union (CDU) of the German chancellor Angela Merkel and the website of the Bundestag in 2015, Frankfurter Allgemeine Zeitung Russland soll auch für Cyber-Angriff auf OSZE verantwortlich sein writes[20].

Despite the old term of that event, on December 1 the WikiLeaks portal published about 90 gigabytes of data with contents of classified documents on investigation of communications of the National Security Agency (NSA) of the USA with the German counterintelligence.

At the same time by the leak reason in Julian Assange's organization nevertheless consider not hackers, but a certain informant in the Bundestag. The German law enforcement agencies at the end of December came to a conclusion that one of deputies or employees of the office of parliament could transfer data. According to them, in hands of hackers after the attack of 2015 there were only 16 gigabytes of the classified information.

Perhaps, after the publication of the "unclassified" version of the report of intelligence of the USA in which WikiLeaks actually is called the helper of the pro-Kremlin hackers the German authorities will also change the opinion and will find communication between the incident of 2015 and leaks which were at disposal of the organization.

According to the head of Federal intelligence service of Germany Bruno Kal, cyber attacks pursue the only aim — to cause political uncertainty. The left digital marks how he believes, make an impression as if someone tried to show the capabilities[21] writes Deutsche Welle[22].

The Russian companies realize IT risks and threats

On December 23, 2016 the Ernst and Young company published results of a research "A way to cyberstability: forecast, protection, reaction" (Path to cyber resilience: Sense, resist, react) according to which the Russian companies realize risks and threats of information technology development and are ready to invest in the organization of effective information security systems [23].

«
For the last year in the companies of Russia and the CIS at all levels of the management we note significant increase in attention to questions of information security support. The organizations realize risks and threat which are posed by today's information technology development, and are ready to invest in creation of effective information security systems.

Nikolay Samodayev, the partner of EY, the head on provision of services in the field of business risks, management of IT and IT risks in the CIS
»

42% of respondents noted growth of investments during 2016, at the same time a considerable part of participants of a research (37%) plans their increase in the future.

More than a half of respondents noted action of operational Information Security Centers (SOC) in the companies. In comparison with global trends, the Russian companies insufficiently actively interact regarding data exchange with other SOC (7% in Russia in comparison with 32% in the world). 25% of the Russian SOC use paid subscriptions for the purpose of pro-active informing on cyberthreats (in the world – 41%), have 18% in staff of the selected cyberthreats experts-analysts (in the world – 32%).

The Russian participants of a research noted the increased risks with growth of distribution of mobile devices. Respondents noted the importance of risks and threats of loss, thefts of mobile devices (61%), their cracking (45%), non-compliance with rules of their use (71%). In 2015 the weak level of awareness of users in questions of response to phishing attacks was the most widespread lack of internal control systems that caused growth of cyber attacks of this type.

«
Creation of an effective information security system means continuous process of the analysis and improvement of processes of management of cyber security, including revaluation of relevant threats and review of mechanisms of protection. It not only providing effective technical and organizational measures of protection. Creation of the full program of counteraction to cyberthreats of means is possible only at close interaction between technical specialists and the business management of the organization which provides complete vision of business and a business environment, understanding of interrelations of business processes and the used information systems, the correct assessment of cyberthreats and possible effects, and, as a result, the optimal choice of adequate preventive and reactive measures of protection.

Nikolay Samodayev
»

In Russia for cyber attacks will put on 10 years

Legislative protection against cyberthreats

The Government of the Russian Federation submitted in December for consideration of the State Duma several bills directed to information system protection of the Russian Federation from kibreugroz. Packet of the bills "About Security of the Critical Information Infrastructure (CII) of the Russian Federation"[24], it was introduced to the State Duma on December 6, 2016, Interfax reports. In particular, for hackers in it imprisonment up to 10 years is prescribed.

Protection of critical information infrastructure

Authors of bills carry IT systems of state bodies, power, defense, fuel enterprises and other important state objects to objects of critical information infrastructure, noting that "at succession of events according to the worst scenario the computer attack is capable to paralyze critical information infrastructure of the state and to cause social, financial and/or environmental disaster".

"By data in recent years, proceeding from different techniques of assessment of damage from malware, it was from $300 billion to $1 trillion, i.e. from 0.4% to 1.4% of universal annual GDP, and these indicators tend to steady growth. Can serve as characteristic examples of effects of negative impact of the computer attacks on critical infrastructure of the state a stop of centrifuges of the Iranian nuclear power plant using a computer virus of StuxNet in September, 2010 and paralysis of work of several large financial institutions of South Korea in March, 2013", said in accompanying documents to bills.

Bills should "set the basic principles of security of critical information infrastructure, power of state bodies of the Russian Federation in the field of security of a critical information structure and also the right, a duty and responsibility of the persons owning objects of KII, telecom operators and information systems providing interaction of these objects".

Register of objects of KII

As one of security measures of KII it is offered to create the special register which will include all infrastructure facilities which are of importance distributed on the political, economic, ecological and social importance. It is supposed that the objects entered in the register will have one of three categories of the importance: high, average or low.

Representatives of objects of KII entering the register will be obliged to inform on incidents of cyber attacks and to render assistance in liquidation of their effects. In particular, owners of critical infrastructure will oblige to create and ensure functioning the systems of cybernetic safety of their objects and also to monitor creation and storage of backup copies of information necessary for normal functioning of IT systems.

Hackers will be given up to ten years

Also it is offered to supplement the criminal code of the Russian Federation with Article 274.1 "Illegal Impact on CUES of the Russian Federation". Article will provide criminal liability for creation and distribution of the harmful computer programs intended for attacks to KII, for illegal data access, contained in KII, and abuse of regulations of storage systems and processing of such data.

Article provides penalties for malefactors to 2 million and prison terms up to 10 years — depending on weight of the committed crime, existence of previous concert and number of participants. Authors of bills emphasize that "the attacks made in the criminal, terrorist and prospecting objectives from individuals, communities, foreign special services and the organizations can constitute danger".

It is planned that the amendments submitted for consideration will become effective since January 1, 2017, except for several articles among which there are regulations on introduction of criminal liability for violations in the field of security of critical infrastructure. They will become effective since the beginning of 2018.

The center for fight against cyberthreats is created in Rostec

Antikhakersky the center or the Corporate center of detection, warning and mitigation of consequences of the computer attacks (KTsPKA) in November, 2016 began work in structure of Rostec state corporation. Cyber security specialists were a part of the organization. Their main objectives are the round-the-clock tracking of malfunctions in work of computer systems at the military-industrial enterprises, timely response to attempts of cracking and blocking of cyber attacks. Learn more: KTSPKA.

"Russians try to crack everything". To the British ministers prohibited to carry Apple Watch

To the British ministers prohibited to put on hours of Apple Watch during the meetings of the Government for a concern that the Russian hackers can crack them to use them as the listening devices. The The Daily Telegraph newspaper with reference to unnamed sources[25] reports about it].

"Russians try to crack everything" — told one of sources.

A ban was imposed after the post of the prime minister of Great Britain in the summer of 2016 was held by Theresa May. In the government of her predecessor David Cameron several members of the government carried the smartwatch.

The court in the USA found the son of the deputy Seleznyov guilty of cyberfraud

The Russian citizen Roman Seleznyov is found by jury trial in Seattle guilty of cyberfraud. RIA Novosti with reference to the correspondent reports about it [26].

Against the Russian charge in total on 40 criminal episodes was brought, imputed it four articles, including cyberfraud, computer hacking and theft of personal data. According to the investigators, Seleznyov is involved in theft and sale of 1.7 million credit card numbers. Charge said that Seleznyov caused damage for $170 million.

Roman Seleznyov who is the son of the deputy of the State Duma Valery Seleznyov was delayed on Maldives in 2014, and then exported on the territory of the USA.

Seleznyov's protection and his father called detention of the Russian stealing. The MFA of Russia called the incident "the next unfriendly step of Washington" and violation of rules of international law.

Information security experts: "The Russian hackers" it is the myth

Experts in the field of information security from Informzashita, Kaspersky Lab, ESET and Aladdin R.D. commented on a phenomenon of "the Russian hackers" whom the USA accuses of large computer hacking of the politicians[27].


Intellectual potential as premises of charges

The base for creation of the myth about "the Russian hackers" was put by progress of the Russian programmers which since the end of the 1990th years is demanded in the USA, Klimov Evgeny, the technical director of Informzashita says. Having convinced of professionalism of the Russian programmers, the foreign companies easily could assume that the Russian hackers are not less talented.

In Russia there is a younger generation of IT specialists, and some of his representatives really are engaged in hacking, however are not criminals, Klimov considers. These are so-called "ethical hackers" (ethical hackers) who work for the benefit of the commercial and state organizations, helping them to protect the information and IT infrastructure. The Russian ethical hackers are engaged in cracking generally within bounty-programs of different brands and tenders on search of vulnerabilities for money.

Whether really to trace "the Russian trace" in cybercrimes?

One of the main reasons for which it is impossible to prove participation of citizens of any specific country in a certain cybercrime is an ability of hackers "cover up tracks".

"In the modern world it is impracticable to set an attack source if the level of knowledge of attacking allows it to crack the secure information systems in the world, – Evgeny Klimov considers. – Hackers have the whole pool of tools to destroy the slightest catches about the location not only in a certain city, but also on the whole planet. Moreover, these ingenious guys have an opportunity to create any idea of the geoposition that suspicion fell on someone another, for example, on the specific country".
"The Russian hackers" is a classical stereotype of the ninetieth and the beginnings zero. Today it is widely used for the purpose of promotion, – Baranov Artem, the virus analyst of ESET company considers. – Yes, in its basis there is an element of truth – Russian-speaking programmers have high qualification and can theoretically turn knowledge "on a dark side" – to be engaged in development of malware. On the other hand, in a century of globalization it is strange to place emphasis on national identity of hackers. Quality education in the field of programming can be got not only in Russia, cybercrimes are committed worldwide, cyber-groups integrate natives of the different countries. The great number of the hackers who were coming into the view of virus laboratory ESET acted from China or, for example, the countries of Latin America".

Political roots of a concept of "Russian hackers"

The loudest attacks attributed to "the Russian hackers" are the diversions directed against the governments of the countries bordering on Russia, but adhering to westernized orientation: Ukraine, Georgia, countries of the Baltics. Therefore probability is high that behind charges there are not only the real facts elicited by the investigation but also political motives.

"Certainly, the Russian cybercriminals exist, moreover, they are quite famous around the world, – the expert of Kaspersky Lab [Gostev Alexander] considers]. – But here it is more correct to speak rather about Russian-speaking cybercriminals". Under Russian-speaking in this case the cybercriminals who are not only are meant by citizens of the Russian Federation, but also some countries of the former Soviet Union bordering on it. In most cases Ukraine and the countries of the Baltics treat such countries, Kaspersky Lab considers. It leads to a paradoxical situation when natives of Ukraine and the Baltics participate in attacks to the governments of own countries, but the public confers responsibility for it on "the Russian hackers".

Who is who in the world of cyber crime

"Russian-speaking hackers long time were leaders, but now conceded superiority Chinese (generally exclusively because of number)". The third place in the world is taken by the Latin American hacker community where also Brazilians enter. In recent years promptly the so-called "Muslim" cyber crime grouped generally around turkoyazychny community develops.

The authorities conduct "carpet" blocking of the foreign Internet because of ancient court's decision

In the summer of 2016 Roskomnadzor began to block in a mass order the IP addresses connected with gambling activity on the Internet without binding to URL and domains of the corresponding websites. The number of the addresses blocked thus, according to data of a card file of reestr.rublacklist.net, is calculated by hundreds.

Decisions about blocking of resource data are made or the Federal Tax Service (FTS) authorized for blocking of the websites of casino, totalizators, bookmakers, etc., or regional courts. And in a case with courts the majority of blocking of the IP addresses belongs to the solution of one instance — October district court of Stavropol, taken out in June, 2013.

According to the text of court's decision published in a card file of sudact.ru with the claim the district prosecutor took legal action. He detected in Network the websites with the prohibited gamblings (poker, a tape measure, game machines) and also with totalizators. At the same time in the published text of the solution there are no addresses of the websites which are subject to blocking[28].

Investments into crime

On June 24, 2016 active investment by cyber crime of the means stolen at fellow citizens in researches for the purpose of improvement became known from Ilya Medvedovsky, the CEO of Digital Security company (the Digital Security guard)[29].

According to opinion of the expert, up to 30–40% of the money stolen from cards of citizens, hackers direct to researches which purpose — improvement of criminal schemes. Hackers began to spend the considerable amounts for researches, in connection with change of a priority — corresponding accounts of banks became the purpose of swindlers. Criminals order researches on legal channels.

According to the Central Bank, in 2015 the volume of losses from cyberfraud was 1.14 billion rubles. A third of this amount is invested. By Ilya Medvedovsky's estimates, hackers can direct up to 300–400 million rubles to researches. Earlier hackers spent no more than 10-20 million rubles for these purposes.

«
Cyberswindlers study new technologies which will allow them to simplify schemes of the attacks. Under a sight banks and payment systems with their innovations according to cards, Internet and mobile bank. Hackers order researches under the guise of legal startups, fintech. These are the huge amounts on researches in the field of cyber security. The legal companies in the market spend for researches many times less. Investments help hackers to carry out further such schemes, difficult from the technical point of view, as an attack to Kuznetsky bank from which damage was 500 million rubles. It is relevant and because cyberswindlers began to switch to corresponding accounts of banks.
»

Forecast of the expert: hackers will put to a half of "profit" in further development.

On corresponding accounts of banks announced priority inversion of cyberswindlers and Artem Sychev, the deputy chief of head department of security and data protection Central Bank. By estimates CENTRAL BANK, in 2016 losses from cyberfraud, first of all from cracking of corresponding accounts of banks, will be about 4 billion rubles.

Sergey Nikitin, the deputy manager of laboratory of computer criminalistics Group-IB considers, hackers invest the stolen amounts of writing of a high-quality malicious code; regular enciphering of executable files to hide them from antivirus software; purchase and search of exploits — programs for operation of vulnerabilities in the most different platforms; payment of traffic — infection of computers for the purpose of expansion of own botnets (networks of the infected computers); channels on legalization of money.

According to Artem Sychev, the coordinator of the attack gets about 40% of the stolen amount, to "pourer" - he sends trojans and other malicious software for cracking of a customer account, an information system of bank — 10%. 8% are received by the people withdrawing the stolen money (receive cards in bank departments or independently manufacture cards clones for the subsequent cash withdrawal in ATMs). 30–40% get to those who remove cash via ATMs and transfer them to the customer. The malicious software (software) costs considerable money, to $50 thousand for the program too.

The representative of the Central Bank described the technical organization of the scheme of the attack on corresponding accounts of banks:

  • swindlers start the malware for cracking of an information system of credit institution.
  • there is a capture of information infrastructure of bank — actually malefactors begin to manage network, information on all transactions of bank, frequency and volume of transaction, a remaining balance on the corresponding account becomes available to them.
  • hackers "sit" in network of bank week, at most two.
  • the crew for an output (cashing in) of the stolen means prepares,
  • the false documents on write-off of funds from the corresponding account certified by legal signatures of responsible persons of bank form.
  • payment orders are sent to payment system for which it is the legal payment document therefore it is obliged to perform it according to the agreement and the legislation.

«
To be one step away ahead of criminals, banks should concentrate on a number of the aspects interesting hackers: make the careful analysis of own payment processes and IT technologies in terms of real risks of cracking, not to place means of protecting on perimeter, and to integrate protective technologies into the automated banking system, to be engaged in training of the users in rules of Internet bank, to pass from chaotic to process information security support.

Andrey Yankin, head of department of consulting of Information Security Center of Jet Infosystems company
»

National Technical Initiative program

The state Agency of strategic initiatives at the request of the president and the Government of the Russian Federation is engaged in program implementation "A national technical initiative". According to this program, till 2025 there will be the Russian programming language and completely safe communication will be provided, and by 2035 even data transmission on the basis of teleportation can become a reality (the idea of development of teleportation was popular in the USSR and decayed together with its disorder). 10.8 billion rubles will be selected for program implementation. However not all amount will be financed by the state, are possible as well investments of the Russian private financial institutions and even non-profit organizations.

2015

FSB will take security in Runet under control

In Russia it is announced creation "The system of fight" against cyberthreats. The national coordination center for computer incidents at FSB will become in one of key components. A system is created on the basis of FSB and one more authorized federal authority which name does not reveal[30].

Safety of the websites of domestic public authorities will be ensured by special unit of FSB - the National coordination center for computer incidents.

Office FSB, Moscow, 2013


Information on its creation contains in "The concept of the state Detection system, warning and mitigation of consequences of the computer attacks on information resources of Russia" from which statement is published on the website of FSB. According to the publication on the website of FSB, the President of Russia approved on December 12, 2014 the regulating document under the name "Concept of the State Detection System, Warning and Mitigation of Consequences of the Computer Attacks on Information Resources of the Russian Federation", but its fragment in a public access for the first time.

The published statement from Concept is devoted to an organization structure of the Detection system, warning and mitigation of consequences of the computer attacks on information resources of the Russian Federation which is created on the basis of presidential Decree No. 31s of January 15, 2013.

In Concept a System is described as "the uniform centralized, geographically distributed complex" as a part of which force (authorized power divisions) and means (technological solutions) of detection, warning and mitigation of consequences of the computer attacks.

Will be a part of the system two federal executive authorities: one of them is authorized to ensure safety of critical information infrastructure of the Russian Federation (it in the document is not named), the second - to create and provide functioning of a System. The obligation for creation of a System is assigned by Decree No. 31s to FSB.

In Concept 12 functions on information security support of the Internet resources assigned to a System are listed. Among them:

  • identification of signs of carrying out computer attacks,
  • development of methods and sensors, warnings and mitigations of consequences of the computer attacks;
  • formation of the detailed information on the information resources of the Russian Federation which are in the System area of responsibility (i.e. resources of authorities);
  • forecasts in the field of providing Information Security of the Russian Federation;
  • the organization and interaction with law enforcement agencies and other state agencies, owners of information resources of the Russian Federation, telecom operators, Internet service providers and other interested organizations at the national and international levels in the field of detection of the computer attacks and establishment of their sources;
  • the organization and carrying out scientific research in the field of detection, warning and mitigation of consequences of the computer attacks, etc.

Though the specified main objective of a System in Concept - protection of the websites of state agencies (information resources of the Russian Federation), studying of its documentary functions allows the assumption, about the boundless width of powers of FSB on information security support in Runet.

In Russia the system of cyber security is created

In Russia own security system and counteractions to cyberthreats is created, quoted the Interfax agency of the Deputy Prime Minister Dmitry Rogozin who made a speech on March 10, 2015 at a conference on cyber security in MSU[31].

The Russian system of cyber security, according to the Deputy Prime Minister, will be based "on use of smart weapon". This weapon "is created using the most difficult production lines, technology chains which are the smart equipment too", - Rogozin Dmitry told.

In the performance the Deputy Prime Minister classified the main threats in the field of cyber security which Russia can face. According to Interfax, according to him, "threats can be in three cases: the first - the country, stronger (than Russia - a comment of CNews) or even the coalition of the countries; the second - the opponent, equal on force; the third - the opponent technically weaker".

The concept of development of IT in the Armed Forces of the Russian Federation is approved

The head Ministry of Defence Russia Sergey Shoygu announced that in February, 2015 he signed "The concept of development of information and telecommunication technologies of Armed forces until 2020". The Minister of Defence made the message about it at a meeting of board of the department on March 30, 2015.

From a context of a speech of the minister it is possible to draw a conclusion that Concept contains responses to changes in military science in the world of the developed information technologies and, perhaps, ways of development of the Russian army IT and their fighting applications.

"Now traditional views of conducting armed struggle and processes of the leadership in military operations, of further construction and use of Armed forces, their technical and technology equipment change. Information superiority and the high level of management of troops become factors of military force. With respect thereto in February of the current year I approve the Concept of development of information and telecommunication technologies of Armed forces until 2020", - Sergey Shoygu on board of the Ministry of Defence literally said.

The Ministry of Defence will create division of cybertroops in the Crimea

The Ministry of Defence of the Russian Federation creates separate division of troops of information operations in the Crimea, TASS a source in the Defense Ministry[32] reported[33].

According to him, "violation of work of information networks of the probable opponent and as a result violation of functioning of its management system for troops" and also "ensuring cyber security of the information networks" will become tasks of division.

In May, 2014 it was announced creation in Russia of troops of the information transactions intended for protection of the Russian military management systems and communication. Parts and divisions in military districts and on the fleet, staffed with highly qualified specialists in the field of mathematics, programming, cryptography, communication, radio-electronic fight will be their part.

"The pro-Russian hackers" attacked NATO using rare vulnerability

Specialists recorded the attack, the first for two years, made using vulnerability in Java. It is supposed that behind it there are pro-Russian hackers[34].

Analysts from anti-virus company Trend Micro recorded cyber attack to the country — the member of alliance NATO — and the American organization specializing in national security. The vendor reported about it in the summer of 2015.

The attack is remarkable the fact that for its carrying out hackers used unknown vulnerability (vulnerability of "zero day") in the environment of execution of Java. It allowed to crack computers of the victims by sending harmful messages by e-mail. Specialists emphasized that it is the first case in two years (since 2013) when malefactors used vulnerability 0-day in Java.

Cyberthreats in online retail

Research agency 42Future by request of Qrator Labs conducted survey of twenty large online retailers on DDoS attacks. The managers of the companies of an average and the top management knowledgeable on the matter participated in poll.

2014

Ministry of Internal Affairs of the Russian Federation: The number of financial cybercrimes in Russia in 2014 doubled

According to the Ministry of Internal Affairs of the Russian Federation in Russia in 2014 11 thousand crimes in the field of telecommunications and computer information were registered.

"The main motive of commission (crimes) is desire of extraction of material benefit. In 2013 thefts and frauds made 30% of all registered crimes in the information sphere, acting as the undisputed leader in this category. In 2014 their share made already 41% and if the number of the registered frauds changed not strongly, then the number of thefts increased twice", - the chief of Bureau of special technical events of the Ministry of Internal Affairs of the Russian Federation Alexey Moshkov noted.

According to him, modern services act as tools for advertizing and involvement of the potential victims, communication, money transfer on condition of preserving of anonymity of malefactors. "The developing situation represents serious threat, discredits network business and undermines confidence of users to electronic payments", - Moshkov considers.

One of important trends in the field of crimes in the field of IT he called wide use of mobile platforms as means for obtaining confidential information. First of all the malware focused on embezzlement from bank accounts using the system of mobile bank are for this purpose used. However also cases on remote receiving control over devices were recorded.

"Besides, malefactors successfully use in the purposes new services and technologies for mobile devices, wrapping their functionality against the owners. The majority of modern smartphones and tablets use a binding to an account, and often store data in cloud services", - Moshkov explained. Having got access to the user account malefactors can load contact lists of the subscriber, the photo and video, the information on its correspondence supplied about movements, to block the device as lost or stolen. Sometimes kibeprestupnik get data access of bank cards and to passwords with accounts in different services. These data are used for plunder of money and blackmail, Moshkov concluded.

Data of Kaspersky Lab and B2B International

As a result of actions of cybercriminals in 2014 a third of financial companies (36%) in Russia faced leak of the important data connected with implementation of cash transactions. At the same time 81% of financial institutions consider that they "take all necessary measures for maintenance of relevance of protective technologies". Such data were obtained during the research conducted by Kaspersky Lab together with B2B International company.

Financial institutions accept, process and store big arrays of confidential information of the clients. For this reason in business where the trust from client side is highly appreciated, cyber attacks can be especially sensitive and result in the increased risks, both material, and reputation. According to the research, financial institutions about it are knowledgeable — 52% from them announced that they are ready to implement new technologies for additional protection of financial transactions.

After the serious incidents of the company, as a rule, pay more attention to information security. Ensuring safe connection of client transactions became the most popular measure this year among the Russian financial institutions — it was followed by 86% of respondents. The companies are also more interested in providing customized applications to the clients for work with online banking for mobile devices (61%). It demonstrates that safety of mobile payments becomes one of priority tasks.

Providing the protective solution to the clients — free of charge or at the reduced cost was the least widespread measure. Only 53% of respondents were disturbed by implementation of specialized means of protecting on computers and mobile devices of clients after date leak. It indicates higher interest of the companies in security of own infrastructure, than user.

  • These researches "Information Security of Business", carried out by Kaspersky Lab and B2B International to the period from April, 2013 to April, 2014. More than 3900 IT specialists from 27 countries of the world, including Russia participated in a research.

Data of BSTM of the Ministry of Internal Affairs

According to Bureau of special technical events of the Ministry of Internal Affairs of the Russian Federation (BSTM Ministry of Internal Affairs), the number of computer crimes in Russia in 2013 increased by 8.6%. Extraction of material benefit became the main motive of cybercriminals, note in law enforcement agencies. Practically all cases of an illegal information access (19% of all computer crimes) are directed to plunder of money. A crime amount, organized for the purpose of hooliganism, extremely slightly.

In 2013-2014 the largest share of computer crimes, according to BSTM Ministry of Internal Affairs, is the share of fraud (37%) which illegal access to computer information (19%) and distribution of a child pornography (16%) follows. On 8% of all computer crimes committed for this period it is the share of computer piracy and distribution of malware.

Among top trends of computer crime in BSTM Ministry of Internal Affairs note that the increasing number of traditional types of crime moves to network, the increasing number a crime is committed from the mercenary purposes, and mobile devices become the purpose of criminals even more often.

For the first half of 2014 of year in Russia more than 7 thousand cybercrimes were registered. At the end of 2013 their quantity exceeded 11 thousand.

Data of Proofpoint

Wayne Huang from busy information security of Proofpoint company published in the fall of 2014 a detailed report about grouping of hackers of Qbot, is reserved getting access to others accounts in banks. At peak the Qbot grouping controlled about 500 thousand PCs, collecting data on keyboard input of the user passwords to bank services[35].

Half a million infected PCs are not too big it is interesting to botset the research published by the researcher the expert of Proofpoint according to present standards, however, what describes difficult tactics of authors of this botnet, and, besides, it points to their Russian origin.

The hypothesis of the Russian (Russian-speaking) roots of creators of a botnet is based on the Qbot control panel to which researchers of Proofpoint got access. On the screenshots presented in reports of Proofpoint menu items and comments in the correct Russian on managing pages of a botnet are well visible.

According to a research, Qbot which in Proofpoint is also called by Qakbot was aimed at the attack of the systems of remote banking of the American banks. 75% of the IP addresses which managing servers of a botnet contacted are the share of the USA, and 59% from them belong to clients of five largest American banks. Only a quarter of under control PCs is the share of other countries of the world.

It is interesting that 52% of the PC which Qbot was succeeded to infect work running Windows XP, though as authors of the report emphasize, this OS occupies a share only in 20-30% of the PC both in households, and in the corporate sector now. Support of Windows XP was stopped by Microsoft in April, 2014.

According to the analysis of Proofpoint, 82% of successful infections of Qbot were made by means of the Internet Explorer browser.

Attacks on computers of the potential victims were carried out from the websites constructed on the WordPress engine. Creators of a botnet got initial access to them, having purchased base of administrator's names and passwords then implemented the malicious code in the websites in the black market.

At visit by the potential victim of the infected website the special management system for traffic analyzed the PC of the potential victim on signs of its IP address, type of the browser, the operating system, the set protective software and other criteria. Thus creators of a botnet minimized danger of detection of their malicious software implemented in the websites.

The majority of the infected websites executed regular anti-virus scannings, however the implemented malicious code remained unnoticed as attacking tried to use the exploits which are not causing reaction in an anti-virus software. According to Wayne Huanya, before loading of the vredonsony code he was checked according to the Scan4U database aggregating data from tens of the anti-virus companies. If the base learned a malicious code, it was changed for such in which scanning did not cause problems.

Founders of Qbot took measures for protection against the antivrusny companies: if the visitor of their website resembled an automatic virus scanner, then the management system for traffic redirected it to not infected version of the website. At the disposal of hackers there was a list of the IP addresses used by the cybersecurity companies, and any traffic from them was also readdressed to "blank" copies of the websites. Owing to these measures as Wayne Huan writes, many owners of the websites whom he contacted, did not believe that they are attacked.

For the purposes of a sniffing (scanning of keyboard clicking when entering the bank login and the password) authors of Qbot used the whole array of vulnerabilities in plug-ins of PDF, Java, Flash and Internet Explorer which were selected from each case depending on unique features of a direct system. Exploits for operation of these vulnerabilities were usually purchased in the black market, and hackers refused them when they became too widespread.

Huan writes in the research that authors of Qbot, having scanned 500 thousand computers, could obtain data approximately about 800 thousand bank accounts.

According to it, organized criminal groups are ready to buy data on bank accounts, proceeding from the price of $25 thousand apiece, and, thus, even if founders of Qbot "will sell a share of percent of accounts in the black market, they will get multimillion profit on the transaction".

Though internal security aids of founders of Qbot were good, it is impossible to call them perfect, Huan says and gives an amusing detail: when it found the control panel web address a botnet, it was found out that access to it does not require the password.

National online teams

The public chamber suggested to organize national online teams which on the Internet will trace and reveal the websites and accounts of cybercriminals, the undersecretary of OP Vladislav Grib reported RIA Novosti[36].

"Specialists from among law enforcement agencies which struggle with Internet criminals not so much. Forces at law enforcement authorities in monitoring of Internet criminals are very insignificant, and on the Internet we have less criminals now, than in real life. Many active Internet users from among members of OP are ready to organize so-called onlay-monitoring of a cyberspace" — Grib told.

He reported that the Public chamber would like to create certain national teams on the Internet and to attract there several thousands of people that they revealed offenses in network and reported about it in competent authorities and the Roskomsvyaznadzor.

The State Office of Public Prosecutor of the Russian Federation suggests to sign the agreement on fight against cyber crime within the UN

The State Office of Public Prosecutor of the Russian Federation suggested foreign colleagues to sign within the UN the agreement on fight against crime in the field of information technologies. The offer was read during the Baikal international conference of prosecutors which opened in Irkutsk in August, 2014 (according to ITAR-TASS).

The Prosecutor General Yury Chaika noted that Russia achieved certain success in cooperation with the foreign states in questions of fight against cross-border flows of "dirty" investments.

He explained that lately with the participation of the international public prosecutor's community it was succeeded to liquidate a number of cross-border criminal groups. In particular, in the case of Boris Berezovsky the Russian prosecutors cooperated with colleagues from France and Brazil, in Yukos case - with Holland and Armenia, Switzerland and Great Britain assisted in return of means of Sovcomflot of Russia. This practical experience, according to Chaika, needs to be strengthened the corresponding regulatory framework now.

As the Deputy Prosecutor General of the Russian Federation Alexander Zvyagintsev who made a speech at a conference noted, in 2001 under the auspices of the Council of Europe the convention against cyber crime was signed. According to him, it has a number of shortcomings, in particular in issues of cooperation in criminal cases and therefore "cannot apply for a role of world-wide recognized agreement in this sphere".

In this regard the State Office of Public Prosecutor suggests foreign colleagues to sign the agreement on fight against cyber crime within the UN. "It is sure, not to do the international community without (such) agreement", - Zvyagintsev told.

Besides, department suggests foreign partners to sign bilateral and multi-lateral international agreements about return of the property received in the criminal way that will promote return of revenues of the states. "Without such agreement to any state it is simply unprofitable to send abroad inquiries for confiscation of the property received in the criminal way as the confiscated assets can remain at the disposal of the required state", - explained to the Deputy Prosecutor General.

Bases of state policy of the Russian Federation in the field of the international information security until 2020

The President of Russia Vladimir Putin signed the document defining policy of the country in the field of ensuring the international information security in July, 2013. Follows from this document that for itself Moscow sees the main threats in use of Internet technologies as "information weapon in military-political, terrorist and criminal objectives" and also for "intervention in internal affairs of the states".

It is reported that V. Putin signed "Bases of state policy of the Russian Federation in the field of the international information security until 2020" at the end of the last week. It was developed in Security Council of the Russian Federation with the assistance of the profile ministries, including the MFA, the Ministry of Defence, the Ministry of Telecom and Mass Communications and Ministry of Justice. According to media, the document partly thought as the response to the "International strategy for actions in a cyberspace" accepted in 2011 by the USA. In it Washington for the first time equated acts of computer diversions to traditional military operations, having reserved the right to react to them all means, up to use of nuclear weapon.

The Russian answer looks is more peaceful: as it appears from the text, Moscow intends to fight against threats in Network not of methods of intimidation, and strengthening international cooperation. In the document four main threats for the Russian Federation in this sphere are selected.

  • The first - use of information and communication technologies as information weapon in the military-political purposes, for implementation of hostile actions and acts of aggression.
  • The second - use of ICT in the terrorist purposes.
  • The third - cybercrimes, including illegal access to computer information, creation and distribution of malware.
  • The fourth threat designated in the document reflects purely Russian approach - it is about use of Internet technologies for "intervention in internal affairs of the states", "disorderly conduct", "kindling of hostility" and "promotion of the ideas inciting to violence". According to interlocutors of the edition, the events of "the Arab spring" which showed the capacity of the Internet for the organization and coordination of anti-government protests forced to pay attention to this threat of the power of the Russian Federation.

Russian authorities intend to resist to these threats together with the allies, first of all members of SCO, the CSTO and BRICS. With their help Moscow expects to achieve implementation of a number of key initiatives: acceptances in the UN of the Convention on ensuring the international information security, development of internationally recognized rules of conduct in a cyberspace, internationalization of a management system for the Internet and establishments of the international legal regime of non-proliferation of information weapon. Still the countries of the West opposed initiatives of the Russian Federation, believing that they are directed to gain of state control over the Internet.

The Federation Council suggests to encourage "white" hackers

The concept of Strategy of cyber security of the Russian Federation provides development of mechanisms of encouragement of the citizens helping regarding search of vulnerabilities of the protected information resources and formation of offers on their elimination, follows from the draft of the concept[37].

The draft of the concept contains several sections devoted: to general-system measures for ensuring cyber security; to improvement of a regulatory framework, scientific research; to creation of conditions for development, production and use of means of ensuring of cyber security; to improvement of staffing and organizational measures; organizations of internal and international interaction for ensuring cyber security; to formation and cultural development of safe behavior in a cyberspace.

Among proposed measures there is, in particular, a development of the state detection system, warning and mitigation of consequences of the computer attacks on information resources of the Russian Federation. Besides, toughening of administrative and criminal liability for the crimes committed in a cyberspace is offered.

As one of measures development of system measures for implementation and application domestic program and hardware, including means of ensuring of cyber security, instead of analogs of foreign production in the state information systems, information and telecommunications networks, information systems of crucial objects is supposed.

Recorded Future analyzed the Russian pro-government hackers

The international information and analytical Recorded Future project which is based in the USA and Sweden published [5] an activities overview of the Russian "pro-government" hacker groupings in November, 2014. It is about the malware of the Uroburous, Energetic Bear and APT28 groups appearing under different names in the history of cybercrimes of the last years[38].

Having compared information on activity, the used tools and conducts, researchers came to a conclusion that three groupings were created with the different purposes — political and economic espionage (Uroburous), preliminary positioning of Russia for conducting future cyber war (Energetic Bear) and also monitoring and regulation of a geopolitical situation (APT28). These purposes, according to authors of material, can lead to the main characters standing behind the organization of the attacks.

Activity of the described groups is well planned at the strategic, tactical and operational levels what constantly changing, but not crossed purposes testify to, researchers of Recorded Future believe. Organized and accurate work of the Russian cybergroups, they note, does difficult their identification and the analysis in comparison, for example, with negligence of the Chinese hackers. All this brings Russia to the level of serious cyberthreat on a global scale.

2013

Council for automated systems and investigation

And April, 2013 the first meeting of council for automated control systems, communication, investigation, radio-electronic fight and information confrontation took place. The structure is created at the government military-industrial commission which chairman is the Deputy Prime Minister Dmitry Rogozin. Council is headed by the former deputy chief of the General Staff major general Igor Sheremet.[39]

In the opening speech Rogozin emphasized importance of equipment of armed forces with the modern electronics allowing to make quickly decisions and also declared importance of ensuring cyber security. "Means of cyberfight come to the forefront, - he considers. – Destruction of communication in troops with their help can be compared to artillery preparation".

Rogozin reminded the audience of creation of the state automated system of the defense order (GOZ state automated system). It should cover all enterprises executing military orders, and the institutes which are engaged in scientific developments for the benefit of army. At last, the Deputy Prime Minister noted that he considers it necessary to concentrate on equipment of army modern means of radio-electronic fight (REB).

"We should equip armed forces with modern electronics which will provide decision making speed, - Rogozin said. – We have many institutes, the last two years there is a consolidation". Means, including, creation of Management systems corporation (in its office there took place the meeting of council), which CEO was a co-owner of Technoserv system integrator Ananyev Alexey. The same organization is also a head contractor on GOZ state automated system.

The system of state defense order is necessary for control of expenditure of means and receiving in a foreground mode of data on execution of orders at the enterprises contractors. Earlier was declared about what is software should earn in 2014.

In addition Rogozin announced fast entry into Management systems corporation of two more structures – institute of communication systems and management (NIISSU, head enterprise on creation of the field communication system in troops) and the Voronezh concern "Sozvezdiye" which is directly making military communication systems.

Now the corporation already includes 14 institutes and manufacturing enterprises among which the Sistemoprom concern which is engaged in solutions on security for special consumers specializing in management systems for troops of scientific research institute of the automatic equipment of Semenikhin, etc.

However, in addition to the organization headed Ananyevy, Rogozin emphasized also the role of new council at the government commission. "Work will be headed by the general Sheremet, under his presidency you should interact", - Rogozin said to members of council at the first meeting.

The Russian Minister of Defence Sergey Shoygu recognized in October, 2013 that using cyber attacks it is possible to cause damage to infrastructure comparable to a loss from weapons of mass destruction: Even without having rockets and aircraft, using the computer attacks it is possible to cause serious damage to infrastructure of any large city today, the minister said: "The question on cyber security rose the mansion. I can already call this threat a cyber weapon today — it, of course, goes to the concept "weapons of mass destruction" closer and closer. We already closely approached that, and it is shown by hackers of the different countries that at the expense of it it is possible to reach anything".

In February, 2013, in three months after taking office of the Minister of Defence Sergey Shoygu charged to the General Staff to develop the idea of creation of cybercommand. As expected, the basic level of the Russian cybercommand will be created by the end of 2014.

Data of Symantec

Based on the report of Norton Report 2013:

  • 85% of Russians in 2013 faced cybercrimes
  • 59% of users of smartphones faced mobile cybercrimes in the last year
  • 56% of users of mobile devices in Russia do not know about existence of solutions for security for them
  • 56% of the working users are more senior than 18 years use the personal mobile device both for entertainment, and for work
  • 60% of users are more senior than 18 years use the public or unprotected networks Wi-fi

Damage assessment from cyber attacks

Each cyber attack to networks of the large Russian companies causes financial damage to the organization on average for the amount of $695 thousand. The companies of medium and small business lose about $14 thousand for one cyberincident. Such conclusions are drawn in joint survey of B2B International and Kaspersky Labs company[40].

Damage caused to the companies was established by researchers of B2B International by poll of IT specialists from 24 countries of the world, including Russia. In total by preparation of the report 2895 respondents were polled.

According to originators of a research, to financial losses carry on three main investigations of cyber attacks: forced idle time of the company, the missed opportunities for its business (including losses of contracts) and additional expenses on services of specialists. Proceeding from costs of these factors the average amount of damage was calculated.

According to the report forced idle time of the companies is recognized the most expensive factor. For large enterprises it cost in the amounts to $791 thousand, to the companies of the SMB-segment - on average in $13 thousand.

The damage from the missed opportunities (in particular, the contracts which are not signed by the companies) reached $375 thousand for the large companies and $16 thousand for the small and medium enterprises.

At last, involvement of third-party specialists for mitigation of consequences of cyber attacks costed respectively in $6.6 thousand for a segment of SMB and in $26 thousand for large enterprises. These data collected in the Russian companies differ from global data from the same report: on average in the world additional expenses of the SMB-companies after cyber attacks averaged $13 thousand, and large enterprises - $109 thousand.

FSB of Russia will conduct investigations for hackers

The Federal Security Service (FSS) of Russia intends to adopt obligations of the Ministry of Internal Affairs on investigation of computer crimes (information for August, 2013). Experts of FSB already submitted the document setting criminal liability for the illegal access to the computer information protected by the law which entailed damage of security of critical information infrastructure of the country or created threat of its approach. The maximum punishment - imprisonment for a period of ten years.

Besides, department prepared the bill providing criminal liability for "the abuse of regulations of operation of means of storage, processing or transfer of the protected computer information or information and telecommunications networks and the final equipment and also rules of access to such networks which entailed damage of security of critical information infrastructure of the Russian Federation or created threat of its approach". This document prescribes the maximum punishment in the form of seven years of imprisonment.

It is planned that drafts of the federal laws directed to protection of information resources of the Russian Federation against the computer attacks will become effective since January 1, 2015.

The State Duma Committee on Security and Anti-Corruption Activity made in November, 2013 the decision to recommend for acceptance in the first reading the government bill allocating the staff of the Federal Security Service (FSS) with powers to hold investigation and search operations "on getting of information on the events or actions (failure to act) creating threats of information security of the Russian Federation". This innovation will allow to counteract more effectively such threats in the conditions of large-scale informatization of all spheres of public life, authors of the bill consider.

According to RBC, in explanatory materials to the document is specified that now activation of interstate information confrontation is noted, cases of distribution of the malicious software used as information weapon are fixed. A wide scale is assumed by activity of hacker groupings. The possibility of use of information telecommunication technologies for preparation and commission of crimes, including terrorist orientation is not excluded. At the same time objects of illegal aspirations, as a rule, are the information systems used by public authorities, credit and financial, educational and other organizations, mass media including on crucial infrastructure facilities.

In December, 2013 the State Duma unanimously adopted the bill which will allow FSB to be engaged in operational search activity in the field of information security in the second and third reading. At the same time deputies note that the security service was engaged in it earlier, and the project is only designed to legalize similar methods of work.

"Adoption of the specified federal law will create conditions for conducting the investigation and search operations directed to getting of information on the events, actions or failure to act creating threats of information security of the Russian Federation that will allow to counteract more effectively these threats in the conditions of large-scale informatization of all spheres of public life" — noted during the report at the second reading Nikolay Kovalyov, the member of the committee of the State Duma on security and anti-corruption[41].

Deutsche Telekom: Russia is the main source of cyber attacks in the world

The German IT company Deutsche Telekom started in the spring of 2013 the website displaying cyber attacks worldwide in real time. According to the card of the portal, Russia wins first place in the world by the number of outgoing Internet threats.

The http://www.sicherheitstacho.eu portal shows the cyber attacks registered by "traps for hackers" ("honeypot"). From Russia in February, 2013 nearly 2.5 million attacks that is 2.5 times more, than from Tayvani, taken the second place were registered. Further Germany with more than 900 thousand threats follows. Used more than 90 sensors for monitoring of Deutsche Telekom worldwide. The website shows that daily there are about 200,000 new versions of viruses, trojans and worms menacing to security of computers and their owners.
"Of course, not all 2.5 million attacks – work of the Russian hackers, a part of Internet criminals just use the Russian servers. The Deutsche Telekom group developed this instrument of monitoring as the company works with personal data of customers and pays special attention to data protection. Statistics provided on the website can be used by any company for assessment of the situation, including in dynamics, and creations of an end-to-end system of protection against cyber-threats. Any user with public IP can install the free application and place with himself on the computer a trap (honeyspot), all are necessary links is on the portal. In exchange for it access to the IP addresses of the attacking and attacked machines is guaranteed to it", – the CEO of T-Systems CIS Toskin Alexey comments.

On the website Sicherheitstacho the schematic world map showing sources of cyber attacks is submitted. Here it is specified to what purposes the attacks are directed, statistics of the attacks on their forms and the countries is displayed. However, malefactors not necessarily physically are in the same countries, as their servers. According to developers, the new Sicherheitstacho platform will allow to stop cyber crime in a germ.

The Russian Defense Ministry created a high tech - divisions and employs cyber-fighters

In the Ministry of Defence of the Russian Federation the bodies of military management responsible for information and telecommunication technologies, the innovation researches and robotics are created. As it appears from the updated information on the website of the department, a curator of these divisions is the deputy minister colonel general Pavel Popov who passed into the Ministry of Defence from a position of the deputy minister of emergencies in November, 2013[42].

Popov is the veteran of the Ministry of Emergency Situations. Since 1993 he worked in the East Siberian regional center of the ministry, and in 1999 headed the Siberian center. In 2004-2008 directed Academy of civil protection of the Ministry of Emergency Situations then it was appointed the deputy minister. In the Ministry of Emergency Situations in addition it was responsible for informatization and communication.

The managements of the Ministry of Defence connected with IT, telecommunications, robots and innovations are united in the System of perspective military research and development (SPVIR). Also enter Bureau of Defense Solutions Research center in Moscow this system and Department of the innovative developments in St. Petersburg. Creation of regional structures in Yekaterinburg, Novosibirsk and Vladivostok is planned.

2012

Data of the Ministry of Internal Affairs

The Ministry of Internal Affairs published in October, 2012 statistics on crimes in the field of high technologies for the first half of the year 2012. According to the ministry in Russia 5696 cybercrimes were recorded that is nearly 11% more, than in the same period of 2011. Among them the crimes connected with creation, distribution and use of malware and also with fraud on the Internet prevail.

Internet fraud, according to law enforcement agencies, are the most widespread crimes in IT, and their number continues to grow. In 6 months 2012 1443 such crimes (growth by 44%) are recorded. At the same time, according to the experts, the real number of Internet frauds are several times higher as these crimes are characterized by the high level of latency. Especially in the Ministry of Internal Affairs noted increase in number of crimes using the systems of remote banking.

The Ministry of Internal Affairs also reported on results of the transaction "Weed" which problem is control of offenses, connected with distribution of a child pornography in P2P networks of the Internet. Today 1179 users extending illegal content from the territory of 61 countries of the world are set. As of September, 2012 the Russian investigation authorities bring 131 criminal cases on the basis of the materials received during the transaction "Weed". On channels of an international telecommunication the staff of Administration "K" of the MIA of Russia to law enforcement agencies of the foreign states sends 204 messages containing data on electronic resources which are used for distribution of a child pornography. 23 countries among which the USA, Great Britain, Canada, Australia, Germany, France, Belgium and the Netherlands, says department already got into collaboration in prevention of crimes in this sphere.

Data of Symantec

The Norton company provided results of the annual research on the cybercrimes committed concerning users, Norton Cybercrime Report 2012 in September, 2012. Specialists of Norton assessed the general damages of users from cybercrimes in the world at 110 billion US dollars. In Russia the total damage was about 2 bln. dollars, and 31.4 million people became the victims of cybercriminals.

In spite of the fact that most of users take basic actions for personal data protection and information, nearly 40% from them neglect simple methods of precaution, in particular, create simple passwords or change them irregularly. One more problem is that many users do not know about how some forms of cyber crime changed over the years. For example, 40% of users do not know that malware can work imperceptibly and difficult define that the computer is struck, and more than a half (55%) are not sure whether their computer is infected with a virus.

Data of NCC Group

The research published at the beginning of 2012 by the British company NCC Group showed what the USA is in the lead among other countries on number of the outgoing hacker attacks. Results of this research are based on given monitoring of the logs of attempts of cyber attacks worldwide provided by DShield - the community in information security field which is based in the States. The country source of attempt of the attack was determined by the IP address.

According to a research, the USA is generated by 22.3% of all attempts to attack computers. It is followed by China – 16%. By NCC Group estimates, in total these countries the hacker actions annually cause damage to world economy of more than $43 billion.

With very big separation from them Russia takes the third place on number of attempts to attack computers – 3.6%, said in the report of the British analysts. Annual damages from actions of her cyber-malefactors are assessed approximately at $4 billion. Not much more Russia is lagged behind by Brazil from 3.5%. On the Western European countries – the Netherlands, France, Italy, Denmark, Germany on average it is necessary from 2.5% to 3.2% of all cyber attacks in the world.

The USA regularly indicates Russia and China as on the main sources of threats of cyber security for the country. So, recently, head of the national intelligence of the USA James R. Klepper (James R. Clapper), speaking at listenings of committee on investigation of the House of Representatives of the U. S. Congress, expressed serious concern in growth of number of cyber attacks from the Russian hackers to the American computer networks.

File:Сша рассадник.jpg
"We are especially concerned by the fact that some organizations in China and Russia perform invasions into the American computer networks and steal information. And the amplifying role of these players in a cyberspace is a fine example of easy access of similar persons to potentially destructive technologies and production secrets", - quoted its western media. The "Russian-Chinese" cyber-threat he earlier repeatedly mentioned in the official reports.

Recently Russia is often accused of different illegal cyber-actions, at the same time cases when different cracking writes off for the Russian hackers without the bases, sufficient on that, are frequent. So, at the end of 2011 Russia was accused of an attack on infrastructure of the USA: local media distributed the message that the Russian hackers got access to the computer and broke work of the water-pressure station in the State of Illinois.

As afterwards showed formal investigation about it, in the IT system of the station the input from the Russian IP address was really registered, however it was performed by the employee of the station during stay in Russia who and was recognized later in it, and work of the station was not broken at all.

In January, 2012 the American media distributed the message that the computer virus in the IT system of one of colleges in San Francisco for several years sent data of its users to Russia, China and some other countries in spite of the fact that this fact was not confirmed yet by local investigators.

Cyber-police of the Russian Federation

In February, 2012 the President Russia Dmitry Medvedev suggested to create new structure in the system of the Ministry of Internal Affairs on fight against crimes on the Internet. On board in the Ministry of Internal Affairs Medvedev said that "it is necessary to think of creation of such divisions which essentially new and are focused on identification and disclosure of very difficult crimes in the technology roadmap". According to Medvedev, the police should pay more attention to crime in information space, and police chiefs — to be able to use the Internet. He emphasized that in Network it is possible to meet not only financial speculators, but also drug dealers, extremists, other types of crime, Interfax tells.

In the Russian Armed forces the new type of military forces for fight against cyberthreats is created. This information was confirmed in August, 2013 on air of radio "Echo of Moscow" by the head of the Russian Fund of perspective researches Andrey Grigoriev. According to him, there is now a work on the concept of the program which will be developed by the Defense Ministry. The Russian Fund of perspective researches was created as an analog of the Agency of perspective researches of the USA. He is engaged in developments for the benefit of defense of the country, is specified in the message of radio station.

Cybercommand of Russia

In March, 2012 there was spread information that in Armed forces of Russia, perhaps, cybercommand will appear. Information on this initiative is not enough so far. It is possible that the new structure which will be perhaps created will be among other how to solve problems of ensuring protection of strategically important objects against cyberthreats, and to pursue the state interests of the country in a cyberspace. The question of creation of similar structure in Russia is interesting also in terms of development of public and private partnership, for example, of transfer of some specific tasks on outsourcing.

So far it is unknown what problems will be solved by new division in structure of the Russian army to whom to submit and so on. Though this subject is brought up at the different levels for a long time. The day before, according to media, the Deputy Prime Minister Dmitry Rogozin mentioned the existing plans during the meeting with military scientists, having told that the issue of formation of cybercommand is discussed now.

In the Russian armed forces today the problems which are partially stated above are solved by the relevant division - troops of radio-electronic fight, answering, including, for such tasks as protection of management systems for troops and arms from the attacks of the opponent and also violation of work of strategic management systems for troops of the opponent. Now in the Russian army more and more electronic equipment appears. It both means of communication, and means of information processing, and directly military equipment with electronic "stuffing" (for example, unmanned aerial vehicles). In present realities even just loss of communication can be very critical, and leak and distortion of information and even less so.

As for a situation with similar structures which is observed in the world, for example, if to make a start from official data, it is possible to call the existing cyberdivisions in armed forces of the different countries of the world rather young. For example, officially in the USA cybercommand of DARPA (Defense Advanced Research Projects Agency) for counteraction to hackers was created in 2009. Similar structures are in Israel, Great Britain and other countries. On the other hand, it is obvious that the special groups which are responsible for information protection and diversions in a cyberspace existed earlier.

Practice of public and private partnership in the field of information security in the world is quite developed: from involvement of certain specialists of the known companies, before use of resources of the whole companies for the solution of specific tasks. If in some areas the interests of the state and private companies will be crossed. It is no secret that the Russian companies in the field of cybersecurity are among the leading players.

2011

Report of Symantec on Internet threats

According to the annual report of Symantec corporation on Internet threats (Internet Security Threat Report, Volume 17) Russia took the sixth place in the world on the level of harmful activity on the Internet for 2011. At the same time Russia is in the third place in the world by quantity spam zombie, and Moscow takes the 11th place in the world on number of bots (malware, automatically performing operations instead of people, often without their consent).

For 2011 Russia made two significant jumps in the world rankings of the countries with the greatest number of spam and network attacks. In 2010 the country held the 6th place in rating by quantity of spam, and in 2011 rose by the 3rd position and still takes 1 place among the countries of the region of EMEA including the countries of Europe, the Middle East and Africa.

In a year Russia also rose from 8 by the 5th line of rating by the number of network attacks. The tendency to the systematic growth of number of the attacks by a malicious code and also the phishing websites was outlined in 2011. Besides, growth is traced and by quantity of active bots in network – every 100-th bot in the world has the Moscow registration (the 11th place in the world). After Moscow by quantity of bots there are such cities as St. Petersburg, Tver, Voronezh and Nizhny Novgorod.

From the general tendency to increase in number of threats only the web attacks are beaten out. Here Russia showed good result and fell in rating from 7 for the 8th line. Nevertheless, against the background of others, the Russian user look an attractive target for cybercriminals - in the world ranking of the countries on harmful activity in 2011 Russia rose from 10 to the 6th place.

Besides, Russia takes the 9th place in the world on number to the web attacks (in comparison with the 10th place last year), saved the 7th place in the world on number of the web attacks.

Image:Лидеры рейтинга стран-источников вредоносной активности в Интернете.jpg

The leaders of the rating of the countries sources of harmful activity on the Internet

Image:Лидеры рейтинга стран-источников вредоносной активности в Интернете таблица ботов.jpg

Data of Economic Crime Department on Moscow

For 2011, according to Management on fight against economic crimes of Moscow, the Moscow cyberpolice officers more than 70 crimes connected with fraud on the Internet were revealed. From them 90% have economic focus.

Earlier first place was won by the crimes connected with fraud with bank cards, but in the last year in leaders crimes in the field of Internet banking were beaten out. At the same time the damage from the swindlers cracking programs of remote banking reaches tens of million rubles.

2010

Data of ESET

The volume of the money earned by cybercriminals in 2010 amounts about 2-2.5 billion euros in Russia. Percentage of the incidents in information security field which took place at physical persons and legal entities was 50% for 50%. At the same time quantity of the financial resources received by malefactors as a result of malicious attacks to the different companies, much more than at distribution of the malware among home users.

It is possible to designate 2010 year of the purposeful attacks. Information on two similar large incidents was open for a public access. The first attack implemented at the beginning of a year and which received the code name "Aurora" was directed to the whole group of the world famous companies. Not only the specific organization, but also IT infrastructure of a certain type can be the purpose for the directed attack. Such methodology was applied at other attack, the Stuxnet worm getting on industrial enterprises.

The increased number of the Trojan programs aimed at the banking sector, including at specific banking systems allows to speak about the directed attacks to certain banks and systems remote banking (RBS). Besides, analysts of ESET predict that the interest of cybercriminals at distribution of bank trojans in 2011 still will more be displaced on the popular systems of Internet banking. It is connected with a huge number profited as one successful incident can bring to malefactors up to several million rubles.

Earlier not the known vulnerabilities in the software help to implement the purposeful attacks in many respects (0-days or vulnerabilities of "zero day"). Last year a large number of such "holes", both in the most popular browsers, and in not less widespread expansions to them was recorded. Products of Adobe company became permanent leaders among the detected and most often used vulnerabilities. However in an early autumn the championship in amount of the operated vulnerabilities of "zero" day was intercepted by a software platform of Java. On statistical data of technology of early detection of ThreatSense.Net, in Russia the following exploits and Trojan loaders were most often used: Java/Exploit.CVE-2009-3867, JS/Exploit.CVE-2010-0806, Java/TrojanDownloader.OpenStream, Java/TrojanDownloader.Agent.

As for the most widespread software in our region, the Russian ten in 2010 was headed by different modifications of the Conficker worm with the general indicator in 10.76%. On the second place family of the malware which are transferred on removable media - INF/Autorun (6.39%). Completes top three of Win32/Spy.Ursnif.A (5.73%) which steals personal information and accounts from the infected computer, and then sends them to a remote server. Besides, the Trojan can extend as a part of other malware.

Also relatively the Russian region the number of the incidents connected with infection of computers with family of the Win32/Hoax.ArchSMS programs racketeers (on classification of ESET) which practically did not leave the twenty of the most widespread threats in Russia in the second half of the year 2010 grew. This type of fraud means distribution of popular content, for example, a flash players or e-books, with the special program installer which requires to send the Sms in the course of installation for its continuation. In spite of the fact that the malicious Hoax.ArchSMS program did not get in TOP-10 the rating of the most widespread threats, it caused many problems to the Russian users and brought considerable income to swindlers in 2010. Data are provided by ESET company.

By estimates of analysts of Group-IB company for 2011 the "Russian" hackers earned about 4.5 billion dollars
link=http://www.group-ib.ru/images/media/Group-IB Report 2011 RUS.pdf
. In 2011 the damage from the cybercrimes in Russia committed by residents of the Russian Federation was the amount about 2.3 billion dollars while the world damage from cybercrimes exceeded 12.3 billion dollars. In the Russian market accounts with the amount less than 500 thousand dollars practically ceased to interest cybercriminals. So, according to Group-IB company, the largest cyber theft made 26 million dollars: this amount was stolen in 3 months. At the same time average age of the cybercriminal – 25 years, the average price for 1000 infected computers is 20 dollars now, and one investigation in the field of cybercrime in Russia lasts at least 2-3 years.

Key trends of 2011:

  • Doubling of financial performance of the Russian market. Financial indicators of the world market of computer crime in 2011 were 12.5 billion dollars. From them falls to the share of the "Russian" hackers to a third of all income — about 4.5 billion dollars. This amount includes also income of the Russian segment — 2.3 billion dollars. Thus, it is possible to speak about almost double increase in last year's indicators of the market of cyber crime in Russia.
  • Cyber crime market centralization. Due to consolidation of participants and penetration of traditional criminal groupings the market of cyber crime of Russia endures the period of dynamic transition from a chaotic status to centralized.
  • Internet fraud and spam make more than a half of the market. In 2011 the Russian Internet swindlers managed to steal about $942 million; they are followed by spammers who earned $830 million; domestic market of Cybercrime to Cybercrime made $230 million; and DDoS — $130 million.

2000-2010

Data of Powerscourt and RAEC: The loudest messages about the cyber conflicts with participation of Russia

The Russian Association for Electronic Communications (RAEC) together with the British research agency Powerscourt released in the middle of 2011 the rating of the loudest materials about Russia on a subject of cyber crime and a cyber war. The rating is on materials of a large-scale content research of the western press from January, 2000 till March, 2010.

"A problem of rating — to show the main points of tension in the relations of Russia with the West in the hi-tech sphere and to tell about the main anti-heroes who for the last 10 years caused damage to image of Russia and reduced investment attractiveness of our country in general — the Chairman of the board of NP RAEC Mark Tverdynin tells. — The rating, as well as a research, shows that in recent years the image of our country in the field of IT changed in a negative side. Russia is represented as the homeland of dangerous cybercriminals and one of the main enemies of the USA and Europe capable to conduct opposition on the virtual battlefield. In conditions when the Russian economy stakes on innovations in the technology sphere, this trend is threat for development of our country. Especially, when in our country such projects as RBN or Glavmed appear".

The rating was formed on the basis of a full-fledged research of the largest European and American newspapers and magazines on the principle of the analysis of references of Russia in connection with a key word: hackers (hacking), cybercrimes, the malicious software (viruses, net worms), botnets (network of the infected computers), a phishing (fraud for the purpose of obtaining personal data), cyber security and a cyber war.

The rating included articles about these cybercriminals and also the materials which became result of the active promotional campaigns launched in the western media. For example, the campaign connected with recent events in Georgia. Subjects in rating are distributed by the absolute number of original publications. Total number of reprints on several orders exceeds number of original materials.

The loudest messages about the cyber conflicts with participation of Russia 2000-2010

Place Description of an event Time Number of publications

  1. Cyber attacks to Georgia and the Georgian bloggers in LiveJournal, August, 2008, 65 publications
  2. Anniversary of war in Georgia, cyber attacks to the Georgian bloggers in Twitter and Facebook, August, 2009, 60 publications
  3. the World's largest pharmaceutical network of spammers of Glavmed advertizes and sells using spam counterfeit means for protection against swine flu, November, 2009, 40 publications
  4. the Russian hackers are accused of cracking of mailboxes of the scientists-climatologists discussing lack of a problem of global warming, December, 2007, 38 publications
  5. Messages about activity and subsequent closing of Russian Business Network, November, 2007, 35 publications
  6. Cyber attacks to eBay and Yahoo! which led to difficulties in activity of these Internet companies and to falling of a rate of their stocks, January, 2000, 27 publications
  7. Detention by the staff of FBI of hackers Vasily Gorshkov and Alexey Ivanov who hacked networks of security of the American companies and offered protection against own cracking, October, 2000, 21 publications
  8. Кампания in protection of the programmer of Elkomsoft company Dmitry Sklyarov who cracked protection of files of the popular PDF format and the arrested on charge of Adobe company at an exhibition in Las Vegas, the USA, July, 2000, 19 publications
  9. Virus epidemic of the net worm of MyDoom which became the most fast-extending malware in the world, February, 2004, 17 publications
  10. Messages about threat of global epidemic of the Conficker virus as which creators rank unknown Russian programmers, February, 2010, 15 publications



Изображение России в западной прессе в связи с киберконфликтами последнего десятилетия


"The image of Russia in the western press in connection with the cyber conflicts of the last decade", the Research Powerscourt, London especially for NP RAEC

2008

In 2008 in Russia there were more than 14 thousand crimes in the field of IT that is 2 thousand more in comparison with indicators of 2007. All division "To" the Ministry of Internal Affairs of the Russian Federation during 2008 brought 5572 criminal cases - 21.4% more, than in 2007.

RIA Novosti with reference to the words of Boris Miroshnikov, the chief of Bureau of special technical events of the Ministry of Internal Affairs of the Russian Federation reports about it, during his performance at the 11th National forum of information security "Information security of Russia in the conditions of global information society" (Infoforum).

However, this statistics is rather conditional. First, it partly duplicates data of adjacent divisions. For example, fraud cases with cash cards can pass both on discharge of economic crimes, and on discharge of information crime.

And secondly, in this sphere the so-called latency is extremely high — the organizations are usually not inclined to advertize unreliability of the IT systems therefore up to 85% of crimes around the world disappears and is not included in official reports.

In 2008 law enforcement agencies submitted to courts 5638 criminal cases under Article 272 of the Criminal Code of the Russian Federation ("Illegal access to computer information"), 1359 cases on Article 273 of the Criminal Code of the Russian Federation ("Creation, use and distribution of malware for a computer"), eight criminal cases under Article 274 ("Abuse of regulations of operation of a computer, computer system or their network"). Also in 2008 1078 crimes under the Article 159 ("Fraud") were recorded and 620 criminal cases are opened that is 66% more, than in 2007.

"Information space just teems with illegal acts: a huge number of the swindlers abducting personal data, distributors of viruses, creators of underground call offices which cause extensive damage to telecom operators in the form of plunder of traffic, any huge list of the websites with a child pornography, the extremist websites, non-licensed products and so on", - Miroshnikov told.

The chief of Bureau of special technical events of the Ministry of Internal Affairs of the Russian Federation noted that positive dynamics in fight against distribution of a child pornography in Russia is observed - in 2008 under the Article 242 UK ("Illegal distribution of pornographic materials or objects") brought 160 criminal cases that is 74% more in comparison with 2007.

Among other positive changes in the field of cybercrimes, it was mentioned that providers "began to take the responsibility for self-cleaning, self-regulation" and also public institutes were connected to fight against criminals. It allowed to close for negative contents without court more than 1.2 thousand information resources in 2008.

In 2008 forces of police officers delayed criminals who were engaged in the organization of DDoS attacks on websites of the different companies and extorted money for their termination. For the organization of the attacks about 8 thousand PCs were infected, and more than 10 large Russian companies suffered from them.

The Ministry of Internal Affairs tries to gain trust of business, but so far the situation is far from an ideal. If above-mentioned statistics gives an adequate idea only of the general dynamics of development of crime (the number of offenses that is not surprising, grows), then indicators of effectiveness of work of BSTM are quite specific. In 2007 4.5 thousand criminal cases, in the 2008th — 5.5 thousand were opened. The main problem in fight against network crimes for bodies, obviously, is the transnationality of the Internet.

As Sergey Mikhaylov (FSB) notes, in Russia FSB rather well interacts with all registrars and providers. At the request of department they in the shortest possible time close unreliable resources and provide necessary data. And here outside the country a situation absolutely other.

See Also





  1. Trend Micro Admits it Was Hacked, Symantec Denies Claims of 'Fxmsp' Breach
  2. Hackers were built in a system
  3. The number of cyber attacks in Russia doubled
  4. German Gref suggested to create the Ministry of Emergency Situations in the digital sphere
  5. In Russia the automated system of information exchange about cyberthreats will appear
  6. Nearly a half of cyber attacks in Russia teenagers make
  7. the Supreme Court of the Russian Federation explained subtleties of qualification of cyberfraud
  8. Most the Russian companies are not steady against cyber attacks, stated in PwC
  9. In Russia want to enter a cyberinsurance
  10. https://xn--b1aew.xn--p1ai/news/item/10304447 Administration "K" of the MIA of Russia activity of the organized group suspected of plunder of money from bank accounts by means of the Trojan program is stopped]
  11. Falling Krone
  12. the Ministry of Defence of Denmark: the Russian hackers cracked two years mail of our employees
  13. Cybercriminals mask under the "Russian" hackers
  14. Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX
  15. : Hackers in Russia will be imprisoned for 10 years
  16. [http://www.kommersant.ru/doc/3187320 Into the Internet
  17. entered cybertroops]
  18. Analysts called Russia among five countries with the best cybertroops
  19. Fancy Bear#page1 Germany: the Russian hackers have long hands
  20. [1]
  21. [http://www.dw.com/ru/%D0%BC%D0%BE%D0%B6%D0%B5%D1%82-%D0%BB%D0%B8-%D0%BA%D1%80%D0%B5%D0%BC%D0%BB%D1%8C-%D0%BF%D0%BE%D0%B2%D0%BB%D0%B8%D1%8F%D1%82%D1%8C-%D0%BD%D0%B0-%D0%B2%D1%8B%D0%B1%D0%BE%D1%80%D1%8B-%D0%B2-%D0%B3%D0%B5%D1%80%D0%BC%D0%B0%D0%BD%D0%B8%D0%B8/a-36740463 whether
  22. the Kremlin Can influence elections in Germany?]
  23. Cyber crime in the world
  24. of CNews: In Russia for cyber attacks will put on 10 years
  25. [http://www.telegraph.co.uk/news/2016/10/09/apple-watches-banned-from-cabinet-after-ministers-warned-devices/ of Watches banned from Cabinet after ministers warned devices could be vulnerable to hacking Apple
  26. the Court in the USA found the son of the deputy Seleznyov guilty of cyberfraud
  27. of CNews: Information security experts: "The Russian hackers" it is the myth
  28. of CNews: The authorities conduct "carpet" blocking of the foreign Internet because of ancient court's decision
  29. Cyberswindlers spend 40% of kidnapped persons of funds for researches
  30. FSB will direct security in Runet
  31. [2]
  32. [http://lenta.ru/news/2015/04/17/infowar/ of Lenta
  33.  : The Ministry of Defence will create division of cybertroops in the Crimea]
  34. of CNews: "The pro-Russian hackers" attacked NATO using rare vulnerability
  35. the Russian hackers performed large-scale operation on cracking of bank accounts in the USA and Europe
  36. the Public chamber suggested to create cyberteams
  37. the Federation Council suggests to encourage "white" hackers
  38. of Recorded Future analyzed the Russian pro-government hackers
  39. Rogozin: means of cyberfight come to the forefront
  40. For a year of 95% of the Russian companies underwent cyber attacks
  41. the State Duma permitted FSB to be engaged in information security of the country
  42. the Russian Defense Ministry created a high tech - divisions and employs cyber-fighters