A court in Moscow has begun considering a high-profile criminal case against 26 members of the Flint24 cyber fraud group. According to the investigation, hackers broke into the networks of foreign banks, stole their customers ' card details and sold them on the darknet. The prosecution considers Alexey Stroganov, who was already convicted of similar fraud in 2006, to be the head of an organized criminal community. After serving six years and being released, he seemed to have improved — even creating a non-profit organization, Kibalchish, ostensibly to fight cybercrime. In fact, the investigation believes that from 2014 to 2020, Stroganov recruited more than 20 hackers and created a whole structure of portals on the darknet that sold stolen bank card data.
International carding
On May 14, the prosecutor began to announce the indictment in the criminal case of Alexey Stroganov and 25 other defendants in the Flint24 group, accused of stealing bank card data and reselling them through stores on the darknet.
The courtroom of the Second Western District Military Court, where the case is being heard, barely accommodated all the participants in the high-profile trial — the interests of the accused are represented by about 30 lawyers, and numerous relatives came to support the defendants.
The prosecution believes that the organized criminal community (OPS) of the so-called carders operated from 2014 to 2020. It got its name — Flint24-due to the fact that its founder Alexey Stroganov had the nickname Flint. He was detained in 2020 after the control purchase of data by FSB officers and charged with illegal circulation of payment funds by an organized group and the creation of OPS.
According to investigators, Flint24 participants created a whole structure of online stores on the darknet, through which they sold bank card data. Among the victims of cybercriminals are American, Serbian and Vietnamese credit organizations and their clients.
According to the prosecution's position, which was voiced at the first court hearing, the group of cybercriminals consisted of several structural divisions - in Moscow, the Kaluga Region and the Crimea. Their work was coordinated by one of the defendants in the case — Roman Vasiliev. Some divisions were engaged in data theft from magnetic strips of bank cards (so-called dumps. - Izvestia), and the rest implemented them through the darknet.
In addition, Stroganov headed the Autonomous Non-profit Organization Kibalchish created by him. On paper, the organization was engaged in countering cybercrime, but in fact-in eliminating the group's competitors.
During the entire existence of the OPS, its participants managed to recruit and train more than 20 people. The prosecutor said that during searches at the address of one of the divisions of the criminal network, $432 thousand was seized.
After listening to the position of the prosecutor's office, Stroganov called it incomprehensible and not based on the law.
"The charge is illegal and absurd, and I plead not guilty," he said.
American Footprint
Charges of carding Stroganov were brought not only in Russia, but also in the United States. In early 2024, the US Secret Service put Flint on the wanted list. His case is handled by the Computer Crimes and Intellectual Property Division of the Criminal Division of the U.S. Department of Justice.
According to New Jersey prosecutors indictments reviewed by Izvestia, Stroganov and his associates collected data from hundreds of millions of credit cards and bank accounts and sold them, causing $35 million in damages to various financial institutions.
The US Attorney's Office qualified Stroganov's actions under three articles. The main charges of fraud using electronic means and conspiracy in American law provide for up to 20 years in prison and a fine of $250 thousand. For bank fraud in the United States, Stroganov could receive up to 30 years in prison and a fine of $1 million. And identity theft under aggravating circumstances carries a mandatory penalty of two years in prison.
However, all these sanctions could have been applied only if Russia had handed Stroganov over to American justice. But he is tried in his homeland, and Russian criminal law treats such crimes somewhat mildly. Thus, illegal circulation of payment funds by an organized group provides for up to seven years in prison and a fine of 1 million rubles, and the creation of an OPS-from 12 to 20 years in a penal colony.
Stroganov was previously convicted of carding — in 2006, the Lublin court of Moscow sentenced him to six years in a penal colony. After his release, he began working on the cybersecurity of commercial organizations.
Will the stolen funds be returned
Crimes related to the theft of personal data of cardholders began to be recorded simultaneously with the distribution of such means of payment, lawyer Emil Agamaliyev told Izvestia.
"At first, attackers often took advantage of the gullibility of citizens and the lack of basic knowledge in the field of PCs and electronic means of payment," he said. — Currently, one of the most common methods of personal data theft is phishing — a type of Internet fraud aimed at obtaining user identification data. This includes theft of passwords, credit card numbers, bank accounts, and other sensitive information. Phishing is used using malicious software.
The expert also added that unscrupulous bank employees are also engaged in "draining" data for money.
In some cases, banks can compensate for funds stolen by fraudsters, Daria Verestnikova, commercial director of SafeTech, explained to the publication.
— According to the law "On the National Payment System", for operations carried out without the client's consent, the bank is obliged to return the stolen money, but subject to a number of conditions," the expert noted. - Thus, article 9 of the law requires that if a bank card is lost or used without the owner's knowledge, the client immediately informs the bank about it, but not later than the day following the date of receiving a notification from the bank about the disputed transaction.
Daria Verestnikova stressed that the bank is obliged to return the money if the client did not violate the rule of using the means of payment — did not keep the card and PIN together, did not tell anyone the codes from SMS or push messages, did not transfer the card to third parties, did not provide the login password for entering the client bank, did not allow taking photos didn't share the CVV code on the back of the card with third parties.
In recent years, cases of hacker groups are not uncommon. In March 2023, the Tagansky court announced the verdict of four members of the Fraud Organization group under the article on illegal turnover of payment funds with damage of more than 1 billion rubles. They faced up to seven years in prison, but the defendants fully admitted their guilt and received suspended sentences.
• Source: https://iz.ru/1696429/stanislav-kuc...elo-gruppirovki-iz-26-khakerov-doshlo-do-suda
International carding
On May 14, the prosecutor began to announce the indictment in the criminal case of Alexey Stroganov and 25 other defendants in the Flint24 group, accused of stealing bank card data and reselling them through stores on the darknet.
The courtroom of the Second Western District Military Court, where the case is being heard, barely accommodated all the participants in the high-profile trial — the interests of the accused are represented by about 30 lawyers, and numerous relatives came to support the defendants.
The prosecution believes that the organized criminal community (OPS) of the so-called carders operated from 2014 to 2020. It got its name — Flint24-due to the fact that its founder Alexey Stroganov had the nickname Flint. He was detained in 2020 after the control purchase of data by FSB officers and charged with illegal circulation of payment funds by an organized group and the creation of OPS.
According to investigators, Flint24 participants created a whole structure of online stores on the darknet, through which they sold bank card data. Among the victims of cybercriminals are American, Serbian and Vietnamese credit organizations and their clients.
According to the prosecution's position, which was voiced at the first court hearing, the group of cybercriminals consisted of several structural divisions - in Moscow, the Kaluga Region and the Crimea. Their work was coordinated by one of the defendants in the case — Roman Vasiliev. Some divisions were engaged in data theft from magnetic strips of bank cards (so-called dumps. - Izvestia), and the rest implemented them through the darknet.
In addition, Stroganov headed the Autonomous Non-profit Organization Kibalchish created by him. On paper, the organization was engaged in countering cybercrime, but in fact-in eliminating the group's competitors.
During the entire existence of the OPS, its participants managed to recruit and train more than 20 people. The prosecutor said that during searches at the address of one of the divisions of the criminal network, $432 thousand was seized.
After listening to the position of the prosecutor's office, Stroganov called it incomprehensible and not based on the law.
"The charge is illegal and absurd, and I plead not guilty," he said.
American Footprint
Charges of carding Stroganov were brought not only in Russia, but also in the United States. In early 2024, the US Secret Service put Flint on the wanted list. His case is handled by the Computer Crimes and Intellectual Property Division of the Criminal Division of the U.S. Department of Justice.
According to New Jersey prosecutors indictments reviewed by Izvestia, Stroganov and his associates collected data from hundreds of millions of credit cards and bank accounts and sold them, causing $35 million in damages to various financial institutions.
The US Attorney's Office qualified Stroganov's actions under three articles. The main charges of fraud using electronic means and conspiracy in American law provide for up to 20 years in prison and a fine of $250 thousand. For bank fraud in the United States, Stroganov could receive up to 30 years in prison and a fine of $1 million. And identity theft under aggravating circumstances carries a mandatory penalty of two years in prison.
However, all these sanctions could have been applied only if Russia had handed Stroganov over to American justice. But he is tried in his homeland, and Russian criminal law treats such crimes somewhat mildly. Thus, illegal circulation of payment funds by an organized group provides for up to seven years in prison and a fine of 1 million rubles, and the creation of an OPS-from 12 to 20 years in a penal colony.
Stroganov was previously convicted of carding — in 2006, the Lublin court of Moscow sentenced him to six years in a penal colony. After his release, he began working on the cybersecurity of commercial organizations.
Will the stolen funds be returned
Crimes related to the theft of personal data of cardholders began to be recorded simultaneously with the distribution of such means of payment, lawyer Emil Agamaliyev told Izvestia.
"At first, attackers often took advantage of the gullibility of citizens and the lack of basic knowledge in the field of PCs and electronic means of payment," he said. — Currently, one of the most common methods of personal data theft is phishing — a type of Internet fraud aimed at obtaining user identification data. This includes theft of passwords, credit card numbers, bank accounts, and other sensitive information. Phishing is used using malicious software.
The expert also added that unscrupulous bank employees are also engaged in "draining" data for money.
In some cases, banks can compensate for funds stolen by fraudsters, Daria Verestnikova, commercial director of SafeTech, explained to the publication.
— According to the law "On the National Payment System", for operations carried out without the client's consent, the bank is obliged to return the stolen money, but subject to a number of conditions," the expert noted. - Thus, article 9 of the law requires that if a bank card is lost or used without the owner's knowledge, the client immediately informs the bank about it, but not later than the day following the date of receiving a notification from the bank about the disputed transaction.
Daria Verestnikova stressed that the bank is obliged to return the money if the client did not violate the rule of using the means of payment — did not keep the card and PIN together, did not tell anyone the codes from SMS or push messages, did not transfer the card to third parties, did not provide the login password for entering the client bank, did not allow taking photos didn't share the CVV code on the back of the card with third parties.
In recent years, cases of hacker groups are not uncommon. In March 2023, the Tagansky court announced the verdict of four members of the Fraud Organization group under the article on illegal turnover of payment funds with damage of more than 1 billion rubles. They faced up to seven years in prison, but the defendants fully admitted their guilt and received suspended sentences.
• Source: https://iz.ru/1696429/stanislav-kuc...elo-gruppirovki-iz-26-khakerov-doshlo-do-suda
