The official anti-hacker unit of the Belarusian Interior Ministry has been operating in the country for almost 15 years, generating news about detentions of cybercriminals operating in cyberspace. Onliner.wu talked to an employee of the High-tech Crime Detection Department, or, as it is also called, the "K" department, and learned about the romanticization of hacking, clever schemes for taking money from pedophiles, and punctures made by inexperienced cybercriminals.
The K Department has officially existed in Belarus since 2002. Over 15 years of work, its employees have accumulated a lot of experience in tracking down and hunting down Belarusian hackers and guest carders who use our country as a transit point on their way from Europe to Russia and back. According to one of the employees of the K department, over the past years, this criminal profession has lost its touch of romanticism: "You might as well romanticize a pickpocket." And if in the ruins of the Soviet Union, high-tech criminals were served by people who had knowledge, but did not find a place in normal life, today they are rather self-taught people who want to earn quick and easy money without getting up from the computer.
"They don't think anyone will find them. But they are found and planted. Even though they think they have some kind of sacred knowledge, it's just right for us to go dig potatoes. This is a significant addition to the hacker's profile — high self-esteem and excessive pathos. It's a shame for some people that with their intelligence and knowledge they went the wrong way.
Our interlocutor emphasizes that the days of altruistic hackers are gone. This sphere generates huge income and deprives not only large companies and banks of money, but also ordinary citizens, for whom savings on a virtual account may be the last.
- Hackers are presented as corsairs who, traveling through the waves of the Internet, use their remarkable intelligence to demonstrate literacy in hacking without consequences… Today, in this criminal profession, there are still those who were commercialized. I found a way to earn money for myself. Conditionally. After all, for the most part, this is fraud or theft. Just in the field of high technology.
There is nothing to romanticize here. It is more correct to call them cybercriminals. In our country, those who started out in the 90s were the product of a good Soviet education. Mature people who can buy a computer and connect it to the Internet. And most importantly-they understand why it is necessary. And since the mid-2000s, our customers have started to get younger: affordable and fast Internet has appeared, and it has become much easier to get a computer.
— When did Belarus face the first noticeable manifestations of cybercrime?
— In the noughties, cybercrime in Belarus was massively expressed in clothing carding, when attackers gained access to other people's card accounts. Mostly young people were involved in this, since this type of crime did not require a thorough knowledge of IT. This was a kind of way to" fuck " money, taking advantage of the confusion, the lack of legal regulation.
Major countries where online stores were located did not see Belarus as a serious threat. At first, they compensated their clients for minor thefts, but when this became widespread, we ended up being one of the leaders in clothing carding. In those days, one of the biggest purchases of this kind was the mast of an expensive yacht. When this became widespread, American stores blacklisted Belarus and did not deliver on our orders anymore.
Duffel carding and the damage caused to the image of Belarus served as the final impetus for the creation of the K department and the introduction of changes to the criminal legislation related to crimes against information security.
-It is difficult for ordinary field investigators to do this, because there are special features, special traces and actions of criminals. We also have a high detection rate because before we go to detain someone, we need to understand who it is, where it comes from, and prove what it was doing. Therefore, at the beginning, a lot of work is being done, an evidence base is being collected, from which you can not get away. The problem at an early stage was to find investigators capable of handling such cases, and judges who would understand what it was all about.
If we talk about Belarusian carding using fake bank cards, then foreign criminal groups prevail here. There are barely a couple of dozen local plastic specialists for all the time of their activity, the K department notes. With the increase in the number of ATMs, such attacks have become a frequent occurrence in Belarus: five to six groups per year.
— Among them, I remember a group of students who used a 3D printer to create an overlay on the card reader. It was difficult for the layman to distinguish them. After reading a huge amount of information, they made cards and went to withdraw money to the nearest regional center. They "fell asleep" on the fact that our people are observant.
But this is rather an exception to the rules in the actions of domestic carders. Most often, our clients buy ready-made dumps on "black" forums and use other people's card sets to pay for services abroad or come up with ways to cash out money.
A few years ago, the so-called Malaysians were operating in Belarus — an extensive group with a backbone in Brest and their own people in the republic. There are seven people in total. They started by paying for phones, car tires, expensive flowers for girls, and pizza at someone else's expense.
Then they switched to cashing out: they bought expensive trips to exotic countries using Internet banking, and then sold these trips through third parties for half the cost. The ticket is already highlighted, but the travel agency may simply not know about it or simply not take this information seriously: what does it matter to them? The money has arrived, and it doesn't smell.
That's why we call our sphere highly patent — crimes are committed in conditions of non-obviousness. Someone does not understand that an illegal act was committed, and someone hides the fact of a crime committed against them, for objective reasons.
There are other factors as well. For example, it is difficult not to notice and suspect something is wrong when a Swiss card account is used to pay for pizza in Bobruisk at night. But the banking sector, for objective reasons, is in no hurry to reveal its cuisine, justifiably fearing for its image. However, as time goes on, Belarus has already adopted the zero-liability principle, which works successfully in developed countries.
At the same time, experts note that the number of crimes related to bank cards is decreasing. After all, the percentage of manufacturers of professional skimmers is quite low. Most of the crimes relate to the use of genuine cards: a card with a pin code is stolen or transferred in violation of all instructions to a third party.
— How does this happen most often? The men are drinking, the money and vodka have run out, and Vasya gives his card to a friend. It seems that there is an agreement, but when I overslept, I checked my card — there is no money. My friend didn't say anything. And appeals to the police and the bank begin. The problem was that there were a huge number of such statements. Reducing their number began with the introduction of video surveillance and repeated dialing of the pin code after each operation. After all, they also stole from cards that were forgotten at an ATM with a typed pin code.
— In recent years, more and more often we hear about scammers who hide behind the Ministry of Internal Affairs and demand fines from netizens for viewing pornography.
— A large number of citizens have paid, are paying and, unfortunately, will continue to pay fraudsters. People, out of breath, run to the police to pay the so-called fine, with the words: "I forgot, I was too late, I'm sorry." Or they call us at the department: "I'll just take a peek." Our goal is to reduce the number of such requests as much as possible.
Previously, ransomware with blocking was carried out by worms that completely blocked the operating system before transferring money to the electronic wallets of criminals. Later, this evolved: one "master" of a Belarusian university added to this worm a splash screen of the Ministry of Internal Affairs of the Republic of Belarus with articles, punishments and details for paying a fine for viewing pornography. We caught the intruder, but his case lives on. Studying the motivation of this "master", the investigators reached a dead end. He was offered a high-paying job, and the word "master" was not his nickname at all, but an academic degree. What is it? The desire to stand out, earn more and faster? Most likely, the concept of an intelligent challenge is partially present — "I'm smarter, you won't find it".
This is how social engineering works. Knowing the problem points in human psychology, attackers put pressure in the right places. The categorical unwillingness of a person to grow above himself also works here. We've already said a hundred times: "google it" before you do something or pay someone.
— Last year, the country reduced the age of criminal responsibility for teenagers under your articles of the Criminal Code. What was the motivation for this?
— Last year, 866 people were brought to justice, including 34 minors. Basically, this is hacking pages, obtaining illegal access to information. The percentage of teenagers is small, but there is a slow increase.
We were not the initiators of lowering the age of criminal responsibility. But we supported it, because in the future this direction can become much younger. And the tendency to use the age of minors to avoid responsibility is already observed today. Realizing that they will not be attracted, advanced teenagers will begin to move faster to this area. We believe that lowering the age limit for prosecution is more of a preventive measure.
— What trends have been observed in the field of cybercrime in recent years?
— In the West, more and more cases of shiming are being recorded — stealing from a card using a plate as thick as a human hair. It is inserted into the card reader, but it is so thin that it does not interfere with the card. This plate is used to calculatedata. But this is an expensive invention from the field of nanotechnology, which is still unlikely to be justified for installation on Belarusian ATMs.
New forms are emerging, but we are somewhat saved by the fact that Belarus is not such a rich country. You can't call us a tourism mecca either. Therefore, we are not attractive for the global cybercriminal either.
The difficulty is that money is withdrawn from these cards much later and in completely different parts of the world. As a rule — through front men in Latin America, who are there temporarily and who have nothing to fear: vacationers, exchange students, just drifters.
So, the card of a Belarusian singer with the amount of about $30 thousand was compromised in France or England. A month later, in a nightclub, she began to receive SMS notifications that $2-3 thousand was being debited from her account in different parts of America, until everything went to zero. Of course, she tried to quickly call the bank to block the account. Later, she managed to prove the fact of criminal disappearance of money and, after several trials, recover losses from the bank.
— Where do the cadres come from in the "K" department?
— We do not have specialized educational institutions that train personnel for us. A potential employee must be either an opera person with a technical background, or a tech guy with a clean background. Our technical universities have quite a decent level to train such specialists. If there is a need, we go to these institutions ourselves and find worthy candidates. But I'll tell you right away that we don't hire hackers.
— Was the fight against pornography in your competence?
— No, this is not our job profile. But in our early practice, our specialists identified a group of Belarusian programmers who combined thematic sites with child pornography into a common network, linked the entrance to an electronic wallet, and advertised the resource among pedophiles. Entrance is paid, the card is linked. Thus, criminals received not only an entrance fee, but also access to the card accounts of pedophiles. And they could not apply to the authorities, because they knew that according to the law they themselves would be involved. That's how the intruders collected a double concoction until we stopped them.
We once took the initiative to deal with webmasters who clog the virtual space with child pornography. The main idea was to create an atmosphere of rejection and rejection of such orders. It is necessary that this category of programmers considers those who help promote such resources to be outcasts.
The K Department has officially existed in Belarus since 2002. Over 15 years of work, its employees have accumulated a lot of experience in tracking down and hunting down Belarusian hackers and guest carders who use our country as a transit point on their way from Europe to Russia and back. According to one of the employees of the K department, over the past years, this criminal profession has lost its touch of romanticism: "You might as well romanticize a pickpocket." And if in the ruins of the Soviet Union, high-tech criminals were served by people who had knowledge, but did not find a place in normal life, today they are rather self-taught people who want to earn quick and easy money without getting up from the computer.
"They don't think anyone will find them. But they are found and planted. Even though they think they have some kind of sacred knowledge, it's just right for us to go dig potatoes. This is a significant addition to the hacker's profile — high self-esteem and excessive pathos. It's a shame for some people that with their intelligence and knowledge they went the wrong way.
Our interlocutor emphasizes that the days of altruistic hackers are gone. This sphere generates huge income and deprives not only large companies and banks of money, but also ordinary citizens, for whom savings on a virtual account may be the last.
- Hackers are presented as corsairs who, traveling through the waves of the Internet, use their remarkable intelligence to demonstrate literacy in hacking without consequences… Today, in this criminal profession, there are still those who were commercialized. I found a way to earn money for myself. Conditionally. After all, for the most part, this is fraud or theft. Just in the field of high technology.
There is nothing to romanticize here. It is more correct to call them cybercriminals. In our country, those who started out in the 90s were the product of a good Soviet education. Mature people who can buy a computer and connect it to the Internet. And most importantly-they understand why it is necessary. And since the mid-2000s, our customers have started to get younger: affordable and fast Internet has appeared, and it has become much easier to get a computer.
— When did Belarus face the first noticeable manifestations of cybercrime?
— In the noughties, cybercrime in Belarus was massively expressed in clothing carding, when attackers gained access to other people's card accounts. Mostly young people were involved in this, since this type of crime did not require a thorough knowledge of IT. This was a kind of way to" fuck " money, taking advantage of the confusion, the lack of legal regulation.
Major countries where online stores were located did not see Belarus as a serious threat. At first, they compensated their clients for minor thefts, but when this became widespread, we ended up being one of the leaders in clothing carding. In those days, one of the biggest purchases of this kind was the mast of an expensive yacht. When this became widespread, American stores blacklisted Belarus and did not deliver on our orders anymore.
Duffel carding and the damage caused to the image of Belarus served as the final impetus for the creation of the K department and the introduction of changes to the criminal legislation related to crimes against information security.
-It is difficult for ordinary field investigators to do this, because there are special features, special traces and actions of criminals. We also have a high detection rate because before we go to detain someone, we need to understand who it is, where it comes from, and prove what it was doing. Therefore, at the beginning, a lot of work is being done, an evidence base is being collected, from which you can not get away. The problem at an early stage was to find investigators capable of handling such cases, and judges who would understand what it was all about.
If we talk about Belarusian carding using fake bank cards, then foreign criminal groups prevail here. There are barely a couple of dozen local plastic specialists for all the time of their activity, the K department notes. With the increase in the number of ATMs, such attacks have become a frequent occurrence in Belarus: five to six groups per year.
— Among them, I remember a group of students who used a 3D printer to create an overlay on the card reader. It was difficult for the layman to distinguish them. After reading a huge amount of information, they made cards and went to withdraw money to the nearest regional center. They "fell asleep" on the fact that our people are observant.
But this is rather an exception to the rules in the actions of domestic carders. Most often, our clients buy ready-made dumps on "black" forums and use other people's card sets to pay for services abroad or come up with ways to cash out money.
A few years ago, the so-called Malaysians were operating in Belarus — an extensive group with a backbone in Brest and their own people in the republic. There are seven people in total. They started by paying for phones, car tires, expensive flowers for girls, and pizza at someone else's expense.
Then they switched to cashing out: they bought expensive trips to exotic countries using Internet banking, and then sold these trips through third parties for half the cost. The ticket is already highlighted, but the travel agency may simply not know about it or simply not take this information seriously: what does it matter to them? The money has arrived, and it doesn't smell.
That's why we call our sphere highly patent — crimes are committed in conditions of non-obviousness. Someone does not understand that an illegal act was committed, and someone hides the fact of a crime committed against them, for objective reasons.
There are other factors as well. For example, it is difficult not to notice and suspect something is wrong when a Swiss card account is used to pay for pizza in Bobruisk at night. But the banking sector, for objective reasons, is in no hurry to reveal its cuisine, justifiably fearing for its image. However, as time goes on, Belarus has already adopted the zero-liability principle, which works successfully in developed countries.
At the same time, experts note that the number of crimes related to bank cards is decreasing. After all, the percentage of manufacturers of professional skimmers is quite low. Most of the crimes relate to the use of genuine cards: a card with a pin code is stolen or transferred in violation of all instructions to a third party.
— How does this happen most often? The men are drinking, the money and vodka have run out, and Vasya gives his card to a friend. It seems that there is an agreement, but when I overslept, I checked my card — there is no money. My friend didn't say anything. And appeals to the police and the bank begin. The problem was that there were a huge number of such statements. Reducing their number began with the introduction of video surveillance and repeated dialing of the pin code after each operation. After all, they also stole from cards that were forgotten at an ATM with a typed pin code.
— In recent years, more and more often we hear about scammers who hide behind the Ministry of Internal Affairs and demand fines from netizens for viewing pornography.
— A large number of citizens have paid, are paying and, unfortunately, will continue to pay fraudsters. People, out of breath, run to the police to pay the so-called fine, with the words: "I forgot, I was too late, I'm sorry." Or they call us at the department: "I'll just take a peek." Our goal is to reduce the number of such requests as much as possible.
Previously, ransomware with blocking was carried out by worms that completely blocked the operating system before transferring money to the electronic wallets of criminals. Later, this evolved: one "master" of a Belarusian university added to this worm a splash screen of the Ministry of Internal Affairs of the Republic of Belarus with articles, punishments and details for paying a fine for viewing pornography. We caught the intruder, but his case lives on. Studying the motivation of this "master", the investigators reached a dead end. He was offered a high-paying job, and the word "master" was not his nickname at all, but an academic degree. What is it? The desire to stand out, earn more and faster? Most likely, the concept of an intelligent challenge is partially present — "I'm smarter, you won't find it".
This is how social engineering works. Knowing the problem points in human psychology, attackers put pressure in the right places. The categorical unwillingness of a person to grow above himself also works here. We've already said a hundred times: "google it" before you do something or pay someone.
— Last year, the country reduced the age of criminal responsibility for teenagers under your articles of the Criminal Code. What was the motivation for this?
— Last year, 866 people were brought to justice, including 34 minors. Basically, this is hacking pages, obtaining illegal access to information. The percentage of teenagers is small, but there is a slow increase.
We were not the initiators of lowering the age of criminal responsibility. But we supported it, because in the future this direction can become much younger. And the tendency to use the age of minors to avoid responsibility is already observed today. Realizing that they will not be attracted, advanced teenagers will begin to move faster to this area. We believe that lowering the age limit for prosecution is more of a preventive measure.
— What trends have been observed in the field of cybercrime in recent years?
— In the West, more and more cases of shiming are being recorded — stealing from a card using a plate as thick as a human hair. It is inserted into the card reader, but it is so thin that it does not interfere with the card. This plate is used to calculatedata. But this is an expensive invention from the field of nanotechnology, which is still unlikely to be justified for installation on Belarusian ATMs.
New forms are emerging, but we are somewhat saved by the fact that Belarus is not such a rich country. You can't call us a tourism mecca either. Therefore, we are not attractive for the global cybercriminal either.
The difficulty is that money is withdrawn from these cards much later and in completely different parts of the world. As a rule — through front men in Latin America, who are there temporarily and who have nothing to fear: vacationers, exchange students, just drifters.
So, the card of a Belarusian singer with the amount of about $30 thousand was compromised in France or England. A month later, in a nightclub, she began to receive SMS notifications that $2-3 thousand was being debited from her account in different parts of America, until everything went to zero. Of course, she tried to quickly call the bank to block the account. Later, she managed to prove the fact of criminal disappearance of money and, after several trials, recover losses from the bank.
— Where do the cadres come from in the "K" department?
— We do not have specialized educational institutions that train personnel for us. A potential employee must be either an opera person with a technical background, or a tech guy with a clean background. Our technical universities have quite a decent level to train such specialists. If there is a need, we go to these institutions ourselves and find worthy candidates. But I'll tell you right away that we don't hire hackers.
— Was the fight against pornography in your competence?
— No, this is not our job profile. But in our early practice, our specialists identified a group of Belarusian programmers who combined thematic sites with child pornography into a common network, linked the entrance to an electronic wallet, and advertised the resource among pedophiles. Entrance is paid, the card is linked. Thus, criminals received not only an entrance fee, but also access to the card accounts of pedophiles. And they could not apply to the authorities, because they knew that according to the law they themselves would be involved. That's how the intruders collected a double concoction until we stopped them.
We once took the initiative to deal with webmasters who clog the virtual space with child pornography. The main idea was to create an atmosphere of rejection and rejection of such orders. It is necessary that this category of programmers considers those who help promote such resources to be outcasts.
