It can happen to anyone. I accidentally lost my IP, made a call from a flashed SIM card, recognized my neighbor - no matter how, but I got burned.
They came to you, and guys in uniform came to you.
In any case, your task is to build a correct picture of what is happening in front of the investigators, which makes you innocent, and them - making mistakes and trying to sew a case to an innocent person - that is, you.
To understand what and why to say, know the following:
Only traces on your computer are 100% proof of a computer crime and nothing else.
Most often, this is correspondence in ICQ, Skype, and other messengers + the presence of bots builders, files with cardboard, etc.
Money transfers alone are also not sufficient evidence. Although essential.
If you have found everything at once (correspondence, cardboard, traces of financial transactions), then you will not be able to get off the topic.
But if you were at least minimally attentive to hiding traces (used truecrypt / bestcrypt, used portable software on wearable media, did not accept dirt and dullness from anywhere), most often the snoopers will only have financial transactions and testimonies at their disposal.
It is the latter that are highly vulnerable.
Any crime includes an object, subject, objective and subjective side of the case.
We are interested in the latter. Take away the subjective side - and there is no corpus delicti, that is, there is no crime itself.
In other words, if you did not want to commit crimes and did not know that the act you were committing was part of a crime, but on the contrary, you were sure that you were acting legally, and most importantly, you did not commit anything for which punishment is provided, then you automatically become a witness from a suspect.
The easiest way is to look like an intermediary or a drop, who was brazenly lit by evil carders. You yourself must be sure of this. You are piously indignant at how you were impudently deceived. Play, but don't overdo it.
More specifically, it looks like this.
Suppose you are accused of Western Union money (and on top of that, you yourself went to get money). Your behavior:
1) do not deny receiving money. do not deny objective factors that are easy to verify. yes, you did receive transfers. but is it illegal to receive transfers? is it illegal to transfer money to someone?
2) your role is a humble mediator. you receive the money and give it to the customer.
3) method of transfer - for example, throw money into a cash-in ATM (think!)
4) the card was received by the train conductor. the card has already been thrown away. forgotten receipt details.
5) met the customer on one of the forums on the Internet. communicated with him only on the forum - no mobile, no asec, no other contacts. all the details were discussed there, including the data of the transfers. there you told him your address for sending the card. after communication, all messages were deleted.
Everything. Your honest, but humble help in catching a real criminal carder will lead to the fact that you will become a witness from a criminal.
In other cases, your behavior should be the same - reduce everything to mediation, make sure that you had no idea that purchases are made with stolen credit cards.
For example, when accusing the same vestar of the carzhe - say that you started working in the support of the exchange service.
When charged with airline tickets, make sure that your partner told you that he is an employee of one of them, and he has many certificates from the airlines, which is why the tickets are so cheap. Your task was to look for clients.
Let's say a thing - a person on the forum asked you to help him sell unnecessary laptops / goods that were given to him for debts. You gave him the address, he came himself, brought him, you immediately gave him part of the money. Then he needed money himself, decided to sell unnecessary goods.
And so on.
Think over the legend before you start doing anything.
Be aware of objective things that trackers can easily check. Never deny them, prepare in advance, duplicate your messages, correspondence.
To pay attention:
1) calls by mobile and SMS; numbers and text of messages - it's all written and easy to check
2) your location; the history of your movements is recorded and stored for a long time; For example, removing money from an ATM-card of a drop, only an idiot will take with him his real mobile, which glows at home.
3) mobile interconnection; remember, if you carry your cell phone and your left cell phone with you turned on at the same time, this can be easily tracked. the software used by the authorities allows you to do this.
4) there should not be a single transfer between your wallet (webmoney, liberty, alpha, qiwi, in general, any) and drop wallets.
5) remember about cameras in ATMs. wear heels or squat (height), wear big glasses, a hat, etc. Cover your fingers with glue while removing.
6) be aware of the cameras next to the ATM. do not park your car or taxi near the ATM. go for a walk, but make sure the car is not caught in any lenses.
7) register sim cards for left people. do not keep the phone switched on unless necessary.
8) don't be greedy. do not stay on one phone for a long time. throw it out in the cafe, have someone pick it up and start using it.
9) prepare the correspondence on the forum. create dummy accounts in advance, from the left IP of course.
Psychological preparation.
This is even more important.
Remember, the trailblazers will not believe you a dime anyway. They have a sea of people like you.
Your task is to stand your ground. Be able to psychologically resist screaming, pressure, threats, beatings, sitting in a cell with criminals neighbors. This is their usual arsenal.
If they beat you, you can try to substitute your face / bone. So it will be possible to accuse them of corporality - this will significantly improve your situation and enable the lawyer to assert that the confession (if any) was obtained under beatings. Of course, the traces must be fixed immediately. If you are split, do not hesitate to fake the beatings.
Attempts to deceive. They will try to offer you a deal - you give them accomplices, and they make you a witness.
Don't believe it for a penny. Nobody will let you go and will not make you a witness. Surrender yours - you will all sit down and with an even longer term - the punishment of a group is always heavier than the punishment of a loner.
As a result, your task is not to surrender yourself. The trackers do not have a complete scheme, they do not know anything in detail, and if they pretend to know, do not believe it.
As you can see, everything is in your hands. Well, the usual thing - do not work on RU and CIS. Better cardite YUSU and YUK. Let me explain why. Agreements on joint work are usually concluded between the Russian Federation and the CIS countries, and good communication between departments has been established.
But for example, an agreement on joint work with Yusa has not been signed, and will not be signed for a long time.
Of course, there is no normal interaction between the departments.
This is precisely the reason that Yusy's carzh is so reluctantly investigated.
Addendum: how exactly do you not leave evidence in the technical sense?
I have already written above that the traces on your personal computer are the iron proof of your guilt.
To avoid evidence, you need to know what traces are, where they are stored, and how to hide / clean them.
Traces are most often:
1) bases of accs, cardboard, grandfathers, etc. material (they take up relatively little space)
2) correspondence in messengers, mail (stored both locally and on servers)
a) with your personal data
b) without your data
3) hack software (checkers, builders, cryptors, framers, etc.)
a) installed (usually a little)
b) archives (there is often a lot of software)
4) access logs (rdp, ssh, http, ftp, etc.) (stored on servers)
5) files of various wallets (including those attached to phones)
Also, the data can be in the trash can, in deleted files, but remaining on the disk available for recovery by software such as EasyRecovery, on flash drives in an open form.
From here, the rules of work are also quite obvious:
1) use separate (not related to your personality) ICQ / gills / Skype / mail / phones for work
2) never, under any circumstances, write in work messengers something related to your personality, even indirectly.
*) name, name, city, habits, past, even substitute the wrong time zone
*) wallets, accounts,
*) data of people with whom you worked
3) for mail use left hosting with domain and webmail configured
*) setting up automatic cleaning of mail messages
4) use only portable messengers on encrypted partitions with trick
*) I recommend a trucript or a bestcript, ideally - on a USB flash drive or somewhere deep in system files
*) also a good option for sftp + placing the encrypted disk on the network
5) also for base with material
6) for large archives, use external storage - for example, a wearable encrypted screw
*) do not keep it connected all the time - connect only as needed and remove immediately
7) disable logging in all your hosting / services
8) keeping SORM in mind, keep your hosting in different countries (china, singapore, costa rica are a good choice)
9) change all your hosting once every 2-3 months
10) use utilities like CCleaner or analogs (including wipes like BCWipe)
*) clean the trash / logs / rdp profiles etc.
*) regularly fill in already deleted files with zeros (just BCWipe)
11) browsers - only portable in private mode
12) for convenience, I recommend using a portable password storage manager
*) keepass or roboform desktop are good choices
13) it is advisable to prescribe all standard operations in the scheduler, so as not to do everything by hand
Pay some attention to creating the illusion of the good-natured type. Store porn videos (but without children's ones) in trickery, keep an unparsed archive with music, videos, books, and various useless software.
Use a lot of moronic software. It is desirable, of course, licensed / free (this is not to cling to trifles).
Remember, the more imaginary clutter in your system, the more difficult it is for employees to sort through the trash.
In principle, it is permissible to hide hack software in quite respectable c: \ windows \ system32, etc. places where no one will be looking.
Thus, no traces will be stored on your computer on a permanent basis, everything important will be stored on a USB flash drive with a crypto section or somewhere on the network - both material, and portable software, and everything else.
In case of an alarm, it is enough to physically turn off the computer and when it is turned on, there will be no traces.
This takes a few seconds. But there is a nuance.
For example, during capture operations, groups that block exits can be involved, and in preparation for the entrance, noise stun grenades. In this case, there can be no question of any of your reactions. Everything happens in seconds.
In order for you to have these seconds, you need to provide a warning system.
For example, by hanging an ordinary volumetric sensor + camera opposite the entrance to the apartment + mini-TV set at home.
Someone passes - the sensor beeps and shows who has come. These seconds will save your life.
And remember, no technical means will save you if you are a fucking bum.
Security is based on your attention to detail + organization, and not on any specific software or encryption method.
Rather than reacting to the reception, it is better to warn him.
