Cloned Boy
Professional
- Messages
- 1,190
- Reaction score
- 910
- Points
- 113
The unstable situation in the region, the global crisis — all these are impulses for the aggravation of cybercrime.
And Belarus is experiencing this wave today.
Criminals, often not on the territory of the country, test the strength of not only ordinary Belarusians, but also economic entities. Already 20 percent of all facts in crime reports are crimes with the prefix CYBER.
They are opposed by the operational unit of the Ministry of Internal Affairs, which celebrates its 20th anniversary.
In fact, with its creation, the formation of a new system for combating this type of crime has begun.
Who are they — universal operatives with knowledge of IT?
Which of the successful cases today are not classified?
And what are these crimes, where millions of dollars are involved?
Speaker:
Minsk. Autumn 2022. The detainee is sent to the EBC. His apartment, among other things, a pair of wristwatches. Each such part is worth about 20 thousand dollars, in the yard of a premium car. He got into his brother's well-established business, which was hunted by operatives from perhaps dozens of countries. An example of how a digital trail from Belarus led to a criminal 4.5 thousand kilometers away.
He was wanted for almost 15 years. A fake passport, possible partial plastic surgery on his face - all in the classic genre, and he was counting on a clean biography, taking into account the expired statute of limitations. But Belarusian Cyberfront fighters caught up with him in Bishkek.
Andrei Kovalev (Head of the Main Directorate for Combating Cybercrime of the Ministry of Internal Affairs of Belarus):
I didn't expect it. I cried like a child, because I was sure that literally half a year was ending there, and in six months the terms of criminal liability would expire. The first question was, how did you find me. It all started, that citizens of the Republic of Belarus suffered. It all started here, citizens of the Republic, my family is here, my parents are here. Yes, I studied, I got married, everything was here until we found them.
Speaker:
All this time, evidence of his crimes has been methodically collected in Belarus for many years. The person detained in Bishkek is a member of an international criminal group involved in carding. The cases involve millions of dollars, he had been hiding in Europe for a long time, as did his accomplices, who left a significant legacy in our country.
Andrei Kovalev (Head of the Main Department for Combating Cybercrime of the Ministry of Internal Affairs of Belarus):
With the great support of our Ministry of Foreign Affairs, an entire corridor was organized for us to leave for Spain, for joint police operations in Spain. That is, we exchanged contacts, exchanged digital evidence, which allowed us to detain this person.
Speaker:
Of course, this is not the only high-profile case in the history of Belarusian Cyberfront fighters in 20 years. Today, the arsenal includes modern systems, software, analytics, and Internet intelligence. Every police department has operatives who know a thing or two about IT. And a separate operational unit of the criminal police deals with solving crimes in the high-tech sphere, and five people in the capital grew out of the search department and later from departments.
The 90s. The first mobile phones appear in Belarus, and the Internet is launched. After the collapse of the Soviet Union, the Belarusian law enforcement system, like everything else in a young, sovereign country, wonders what's next. The process of automation is launched, from processing traces from unsolved crime scenes to creating electronic databases of pre-service special systems.
Boris Tarletsky (First Deputy Minister of Internal Affairs of Belarus 2001-2004):
Before automation, one expert could process approximately one fingerprint or one trace taken from an unsolved crime scene and 10 dactocards during his working time, and that's it. And the array of dactocards actually amounts to millions.
Speaker:
Minsk, as usual, was the legislator of the MOD. Major General Boris Tarletsky was debugging the work of the capital's police at that time. Even then, it was obvious that crime was changing, and it was no longer enough for an operative to have only intelligence and deduction.
Boris Tarletsky (First Deputy Minister of Internal Affairs of Belarus 2001-2004):
They began to understand that if some kind of automation is created, there will definitely be people who will be interested and want to penetrate these systems in order to gain some benefit for themselves.
Speaker:
Such concepts as an IT country and online payment systems had not yet been born, but the first generation of IT criminals was raising their heads in Belarus. The 1998 crime in the reports attracted attention. A Trojan horse in the "Victim's" computer gained access to the network details of users of the country's largest service provider.
Igor Chernenko (Head of the "K" Department of the Ministry of Internal Affairs of Belarus from 2002 to 2025):
Internet access passwords appeared on the market, which were sold, as I recall, for 10 dollars. We were working in the criminal investigation department at the time, and such words as Internet and provider were a novelty. Acting according to the principles of the criminal investigation department, we identified this person.
Speaker:
He went to prison, however, for fraud, and not for the so-called "computer crime". The Criminal Code was not yet familiar with this phenomenon, as were the operatives, where there could be one computer for the entire department, and the Internet was a luxury.
Igor Chernenko (Head of the "K" Department of the Ministry of Internal Affairs of Belarus 2002-2025):
Bright minds in our academic circles created a whole chapter in the Criminal Code called "Crime against information security", which included the main elements of crimes that were as close as possible to those elements of crimes that were set out in the European Convention on Cybercrime.
After that, the process began.
Speaker:
The first cyber thieves - individuals - obtained PIN codes for other people's payment cards. But after just a few years, this criminal environment was overgrown with organized groups. Their connections stretched to organized crime groups in other countries. It was necessary to urgently restore order. After all, if in 1998 there was one crime in the report, then by the millennium the figures had already approached half a thousand.
Boris Tarletsky (First Deputy Minister of Internal Affairs of Belarus 2001-2004):
In 2001, I was appointed to the post of First Deputy Minister of Internal Affairs of the Republic of Belarus. Prepared a report addressed to the Minister of Internal Affairs, a proposal to form such units both in the Central Office of the Ministry of Internal Affairs and in all regional internal affairs departments.
Speaker:
November 28, 2002 is the date when Belarus began to actively strengthen its "cyberfront". Strengthen with fighters capable of thinking outside the box, with the ability to read and record digital traces, analyze, and calculate the moves of criminals. This is how an independent operational unit appeared in the MBD. And then investigators, prosecutors, and judges were needed who know what they are dealing with.
In fact, the creation of the unit marked the start of the formation of a new system to combat this type of crime.
Alexander Rignevich (Deputy Head of the Main Directorate for Combating Cybercrime of the Ministry of Internal Affairs of Belarus):
Our unit employs very versatile people, and they must be very versatile. This person must be both an operative and a person with sufficiently broad, deep knowledge in technical terms. What is needed here is an operational mindset.
Speaker:
The Belarusians have made a loud statement almost from the very start. The special operation "Tornado", conducted at the initiative of the Ministry of Internal Affairs with the participation of Interpol, revealed more than 5 thousand websites with child pornography around the world. They were closed. Employees were sent to Baltimore three times at the request of the States to participate in special operations, but a digital criminal of 20 years ago is still a layman compared to what today's criminals operate in the digital world.
The same carding is more technologically advanced today. An apartment on Surganovo in Minsk. The detention group is ready. The criminal does not even suspect that in a matter of seconds the bracelets on his hands will close. He had to answer about Sonya and even in his underwear. - such is the effect of surprise.
The laptops contain a digital biography of diverse criminal activity - silver bars, currency, jewelry, flash drives with information useful to operatives.
Alexander Rignevich (Deputy Head of the Main Directorate for Combating Cybercrime of the Ministry of Internal Affairs of Belarus):
Modern cybercrime is not the action of one person. In the vast majority of cases, it is the action of a group. The police cannot find each other on the Internet, in various messengers, agree on the commission of this or that action, distribute roles. Members of this criminal group are not always on the territory of our country.
Speaker:
Carder was sure that he was smarter and more cunning than the police. The fighters of the "K" department proved otherwise.
An operative officer of the Department for Combating Cybercrime of the Main Directorate of Internal Affairs of the Minsk City Executive Committee:
You have been engaged in carding for 10 years, your activity has been recorded for one year. Everything is recorded in photos and videos, there are responses from international payment systems. Control purchases from you were made from your carding goods, which you sold.
Speaker:
And this is theft on an especially large scale using bank card details. For the user to understand, the criminal did not steal the plastic itself. We are talking about already stolen digital data.
An operative officer of the Department for Combating Cybercrime of the Main Directorate of Internal Affairs of the Minsk City Executive Committee:
Posing as the owners of these cards, they made purchases on Internet sites. To make an Internet pull, it was enough to enter the card number and confirmation code. This information is stolen by carders on all online stores, that is, by using some phishing links.
Speaker:
Golf clubs are one of the products that the carders tried to sell to launder money. In this footage, Spanish police officers inspect the goods in the apartment of one of the accomplices of the detained Belarusians. In close cooperation, law enforcement officers from the two countries stopped the activities of an international group that claimed hundreds of victims. For more than three years, they fed on the card accounts of Americans.
An operative officer of the Department for Combating Cybercrime of the Main Directorate of Internal Affairs of the Minsk City Executive Committee:
When our citizens who were on the territory of the Republic of Belarus were detained, instead of Spanish speed detectives, a resident of Spain was detained on the same day, through whom the resale of these goods was directly carried out. The damage exceeded one million US dollars.
Speaker:
In order to protect themselves when cashing out the stolen goods and to confuse their tracks, the carders came up with an intricate scheme. They paid for expensive goods on foreign Internet sites, then resold them, and divided the proceeds. All successful cases that have been carried out over 20 years, we do not talk even today, first of all, so as not to reveal the tactics and methods, because if the criminal world knows certain features and moments where we are present, where we are, it will be much more difficult for us to counteract this. Today we have reached that level. I am absolutely not afraid to say that the unit performs those tasks that no one has done. Speaker: A man with tattooed pictures on his body is a cybercriminal. On the personnel forums of the dark side of the Internet, his nickname is known to many. A sealed eye on a ceiling camera is a witness to an obvious desire to be alone. Perhaps, just during this communication session in messengers, numerous thematic forms.
Andrei Kovalev (Head of the Main Department for Combating Cybercrime of the Ministry of Internal Affairs of Belarus):
The year 2020. Belarus is reeling from the hybrid war waged against us. It is not easy for everyone. Not everyone can withstand the tests of strength with new political technologies, which were carried out in close cooperation with psycho-emotional influence through Telegram channels.
Criminals feel it too. But the assumption that law enforcement officers are distracted from their immediate task of catching criminals was false. Ishimera is another concept from the cyber dictionary - a female operative figured out.
An operative of the Main Directorate for Combating Cybercrime of the Ministry of Internal Affairs of Belarus:
A foreign citizen installed specialized equipment on ATMs of various banking institutions to remove information from the magnetic strip of a bank payment card, as well as a PIN code. Subsequently, this data was rewritten to duplicate bank cards and used to commit thefts.
Speaker:
The criminal disguised himself, a hood is not the most original means, wigs and gloves were used, and a technological plate is not visible to the average person.
An operative of the Main Directorate for Combating Cybercrime of the Ministry of Internal Affairs of Belarus:
A shimmer was used. This is a specialized plate that is immersed in the card acceptor of an ATM and is invisible to an ordinary user, an ordinary citizen. Either an overlay keyboard is installed, with which you can get the PIN code for a specific bank card, or an overlay is installed and a video recording is made of what the person enters on the keyboard.
Speaker:
He was riding a scooter, abandoning the car several blocks away. As it will become known later, this is a man with two higher educations - a business analyst. He gave consultations to famous people. It was difficult to identify him, much less catch him red-handed. But one fine day, passing by, the operative noticed traces of criminal interference in the operation of the ATM. What follows is a matter of technology, long hours of observation and patience. We met eye to eye, probably, 4 times. Fortunately, I am a girl, he did not pay attention to me. At the same time, he was extremely careful, watching the passers-by, whether anyone was sitting on the opposite side of the bus stop. We managed to record the car he was traveling in, establish the address of his place of residence and detain him red-handed. Speaker: The criminal worked on an article with theft on a large scale. More than two dozen people suffered. The difficult geopolitical situation in the region, the global crisis against the backdrop of the pandemic, instability - all these are impulses for cybercrime. Recently, attacks on our country have increased many times over. Andrei Kovalev (Head of the Main Department for Combating Cybercrime of the Ministry of Internal Affairs of Belarus):
An operative officer of the Main Directorate for Combating Cybercrime of the Ministry of Internal Affairs of Belarus:
Digital crime depends on many factors. First of all, on what is happening in the country, what is happening in its immediate neighbors, the economic and political situation.
Speaker:
It is not only ordinary people who are being tested for strength, but also economic entities. And the specialists of the "K" Department are, in fact, on the front lines of the cyber front today.
Alexander Rignevich (Deputy Head of the Main Department for Combating Cybercrime of the Ministry of Internal Affairs of Belarus):
Our country is being attacked, including of a slightly different kind. That is, attempts to convey disinformation to our people, attempts to compromise certain government agencies, organizations, including by replacing their real Internet resources with fake ones.
Speaker:
Each crime, its disclosure is an opportunity to compete with the attacker in knowledge, to test deduction. And when all the cash was stolen from an ATM on the street near an administrative building in Minsk one day, this was just such a case. We had to quickly look for a breach in the security system.
Dmitry Stasyulevich (Deputy Head of the Cybercrime Department of the Main Directorate of Internal Affairs of the Minsk City Executive Committee):
The attacker connected to the ATM in a certain way, so to speak, relying on the fact that the ATM was an old system with unupdated security systems. And using advanced software, he forced the ATM to give out all the cash it had. That is, in principle, there was no hacking or overt theft.
Speaker:
As it would later become known, it took the cyber thief half an hour to collect the money from the ATM into his bag. It became known, after we reviewed and analyzed the logs, how long he gave out this money, how he counted it out, and so on. Naturally, we established the reasons why this was possible. He had tasks that he had to complete. He had to do one, two, three actions. Then the program performed the most necessary manipulation. Well, and remote access was also established. Speaker: The next day, while withdrawing money from an ATM of a similar outdated system with a bag of cash, the criminal was caught. His accomplices from Russia were also identified. At the instigation of Belarusian operatives, they were detained by Russians at a similar ATM. Dmitry Stasyulevich (Deputy Head of the Cybercrime Control Department of the Main Directorate of Internal Affairs of the Minsk City Executive Committee): The service is loved because it is the most promising and rapidly developing among the criminal police services. Andrei Kovalev (Head of the Main Directorate for Cybercrime Control of the Ministry of Internal Affairs of Belarus): Unfortunately, not everyone sees and can appreciate that pedantry and meticulousness. You need to understand how much time and effort is spent on this so that digital traces can later form part of the evidence base. Speaker:
Dmitry Stasyulevich (Deputy Head of the Department for Combating Cybercrime of the Main Directorate of Internal Affairs of the Minsk City Executive Committee):
Among the extraordinary cases, the disclosure of which brings moral satisfaction to opponents, this is undoubtedly one. They were looking for two fraudsters, Abbeydale and Denis Patton, but one turned out to be two-faced, a woman. Her talented legends include numerous family ties with senior officials, including the security forces, where they are allegedly always ready to help resolve the issue for money.
Operational officer of the Department for Combating Cybercrime of the Main Directorate of Internal Affairs of the Minsk City Executive Committee:
If someone had any issues with law enforcement agencies, then the person indicated that they had acquaintances in the prosecutor's office, there were questions for VIST in embassy institutions, and by allegedly giving a bribe, these issues could be resolved. Communicating for a very long period of time, they transferred these funds, and even sent photos of their bank payment cards, including the back with the CWB code, which this person was later forced to use.
Speaker:
Elin, Elya, Eva, aka Albina, Yana, Barbara, communicated with Belarusians exclusively with an accent, calling herself a British subject, a citizen of Israel, and sometimes Poland. Communicating online with foreigners, she spoke pure Russian. She easily transformed from a woman into a man, changed her voice, and the victims did not suspect that their benefactor and a person, say, from the authorities, were one and the same person.
An operative officer of the Department for Combating Cybercrime of the Main Directorate of Internal Affairs of the Minsk City Executive Committee:
As was later established, she had previously been brought to criminal responsibility in 2011 in the territory of the Russian Federation for fraud, after which, according to our information, she was in Ukraine and committed crimes there. However, they could not bring her to criminal responsibility for the same crimes, because this person kept her real documents in a separate apartment that she rented. She herself used a number of intermediaries.
And, accordingly, when she received information that law enforcement agencies were on her trail somewhere, she simply left the territory of this state.
Speaker:
She used the same conspiracy scheme in Belarus. The number of her victims in our country, Latvia, Poland, Ukraine, and other countries is in the hundreds. Law enforcement agencies from many countries tried to identify her, but ours found and detained her. The machine was in the image almost until the curtain.
Operative officer of the Cybercrime Department of the Main Directorate of Internal Affairs of the Minsk City Executive Committee:
It is worth saying that even at the time of detention, this person introduced himself as a British citizen and demanded the consul of this state. It was a big surprise for her when we went to another address in Minsk, where her real documents were kept. After which, of course, this person realized that the game was over.
Speaker:
The woman is a psychologist by education. She knew the techniques of changing consciousness and perception of reality. With their help, she quickly collected the necessary dossier, and then simply parasitized on problems. As operatives joke, today an attacker just needs to look at the card, and there will be no money left on it. What bank?
Speaker:
Why are you calling from a Russian number? Stop brainwashing Belarusians already. The most common crime today in this area is fraud, when the victim is forced under any pretext to give bank card details. This is vishing phishing, where the bait is thrown in during a telephone conversation.
Andrey Kovalev (Head of the Main Directorate for Combating Cybercrime of the Ministry of Internal Affairs of Belarus):
To bring a person to a certain behavior pattern in order to fully control his attention, obtain personal information, or simply force him to do something else. Well, roughly speaking, transfer money.
Speaker:
The criminal uses a number substitution system, and this will surprise no one.
Inattention, gullibility, carelessness - excellent waters for such fishing work according to a template, changing scenarios to more relevant ones. And then IT technologies come into play.
Dmitry Stasyulevich (Deputy Head of the Department for Combating Cybercrime of the Main Directorate of Internal Affairs of the Minsk City Executive Committee):
Criminals have stopped posing as bank employees and have started posing as law enforcement officers. In principle, the mechanism itself is the same. Providing phishing links to various resources, that is, buying and selling services, hacking messengers themselves, dating has recently become popular. Providing a phishing link to a site where, in principle, people enter their details. Using these details, money is always stolen later.
Speaker:
Criminals have their own consultants on the Darknet, a community, they work in the shadow markets, they acquire details of cards from foreign banks. Then they withdraw funds. A team of professionals works to solve such crimes, where each has precise knowledge from different fields.
Alexander Rignevich (Deputy Head of the Main Department for Combating Cybercrime of the Ministry of Internal Affairs of Belarus):
A criminal group of young people has been exposed, who assisted the attackers in deceiving our citizens by calling a total of more than 60 people. At the moment, more than 2,000 victims have already been identified.
Fraudsters are young people under 25 who wanted to earn money quickly and without doing anything, but, naturally, such earnings that they find on the Internet lead them to places not so remote.
Speaker:
The popular population of the online trading platform is a tasty morsel for cyber fraudsters, especially when it comes to second-hand goods. There were days when dozens of buyers contacted just one of them per day, who lost all their savings from their cards.
An operative officer of the Department for Combating Cybercrime of the Internal Affairs Directorate of the Minsk Regional Executive Committee:
A group of people committing crimes in the field of fraud on the Kufor platform was identified in the Minsk Region. These people created software that could automatically generate a phishing page. Subsequently, this phishing page was sent to individuals. The fraudster signed up with the seller on behalf of the buyer and offered him to buy the goods for a certain price, and asked for a discount, asked about the goods, that is, behaved like an ordinary buyer.
And if they agreed on the amount, the attacker sent a link. When the seller followed this link, he was taken to a phishing page.
Speaker:
The card details left on the fake page allowed the criminal to withdraw all the money. The operatives identified the defendants in the criminal group, which had clearly divided responsibilities.
An operative officer of the cybercrime department of the Internal Affairs Directorate of the Minsk Regional Executive Committee:
The group included both citizens of the Republic of Belarus and citizens of Ukraine. There were two organizers who created the software, who created the links themselves and who managed the entire scheme, where, what, to whom, they studied courses from YouTube.
Speaker:
Thanks to the preventive work, the number of crimes is decreasing. And yet 20% of all crimes in the reports are crimes with the prefix "Cyber". One of the new criminal trends is swatting. Or svoiting, if we are close to the transcription from English. But the word managed to assimilate in a short time.
Alexander Garus (Head of the Department for Combating Cybercrime of the Internal Affairs Directorate of the Vitebsk Regional Executive Committee):
This is a false message about a threat. As a rule, such messages come to the e-mail of either an enterprise or an organization, which indicates that a given building or premises is mined and or some demands are put forward.
Speaker:
This young man was caught off guard. The guy had to answer the detectives' questions for himself and his friends.
Operative of the Cybercrime Department of the Main Directorate of Internal Affairs of the Minsk City Executive Committee:
From what email and what computer did you send it?
Fraudster:
From the Windows operating system, Firefox browser.
Speaker:
And this detainee is a ninth-grader from a small town in the Vitebsk region. And judging by the digital traces, with a decent amount of experience working in the shadow segment of the Internet.
Operative:
When did you create the Svatchevgram channel?
Fraudster:
I created it about three or four months ago.
Operative:
For what purpose?
Fraudster:
To help Vainer in the Svatchev community.
Speaker:
The guy smiles when asked about finances and seems to be even proud of himself. Their objects can be anywhere. As a rule, they are interested in Belarus, Russia, and other post-Soviet countries.
Alexander Garus (Head of the Cybercrime Department of the Internal Affairs Directorate of the Vitebsk Regional Executive Committee):
There are cases when electronic messages about mining of about a hundred objects come in one day. It is very difficult to calculate them, but it is possible. This is really labor-intensive work. Interaction, again, is necessary here between various law enforcement agencies of different countries. And only in this case is it possible to really succeed.
Speaker:
The goals of swatting are different. From the banal desire of teenagers to have fun and excite the operational services, to watch the result from the news to the desire to make money on blackmail.
Alexander Rignevich (Deputy Head of the Main Department for Combating Cybercrime of the Ministry of Internal Affairs of Belarus):
The main goal is this panic mood in a specific object, perhaps in some region. The desire for us to evacuate people, conduct some kind of mass checks - all this will cause a certain share of negative manifestations, which is the main goal. That is, just a few years ago, we basically didn’t encounter this form of cybercrime.
Aleksandr Garus (Head of the Cybercrime Department of the Vitebsk Regional Executive Committee’s Internal Affairs Directorate):
You have to respond to every message. And all the necessary services are dispatched to every message. This includes the police, the Ministry of Emergency Situations, and the ambulance. Sappers are dog handlers with dogs. A lot of manpower and resources are involved.
Operative:
How much did you earn from your community activities?
Fraudster:
200-250 thousand Russian rubles.
Operative:
How much mining did you do, approximately?
Fraudster:
More than 30, probably.
Speaker:
While a sleepy teenager in the Vitebsk Region was explaining his actions, his associates were nervous in the presence of people in black in Russia. A joint operation by Belarusian and Russian law enforcement officers identified and detained a group that had created more than 80 fake messages about terrorist attacks in three months. The Telegram channel accepted orders for money, and also posted reports on the work done. Let's go back to the beginning.
The criminal, who was recently brought in by operatives from four countries at the instigation of the Belarusians, was self-confident and reserved. His detention is a living example that everything secret becomes clear. The main thing is endurance and the ability to make prompt decisions in a timely manner.
Andrei Kovalev (Head of the Main Directorate for Combating Cybercrime of the Ministry of Internal Affairs of Belarus):
Well, the height of cynicism is that the fake passport was in my name, they detained him anyway. Like a wolf, they drove him to certain beacons, to certain countries, controlled him. Satisfaction, of course. You need to be a fan of your profession. It may take weeks, months, even years to develop or support a particular situation. It's all in your head, you live with it. Maximally focused on the rhythm, because either a task may be set, or the situation may change dramatically.
Speaker:
At the time of this topic, a defendant in a high-profile criminal case that lasted almost 15 years was awaiting extradition from Kyrgyzstan.
And Belarus is experiencing this wave today.
Criminals, often not on the territory of the country, test the strength of not only ordinary Belarusians, but also economic entities. Already 20 percent of all facts in crime reports are crimes with the prefix CYBER.
They are opposed by the operational unit of the Ministry of Internal Affairs, which celebrates its 20th anniversary.
In fact, with its creation, the formation of a new system for combating this type of crime has begun.
Who are they — universal operatives with knowledge of IT? Which of the successful cases today are not classified? And what are these crimes, where millions of dollars are involved?Speaker:
Minsk. Autumn 2022. The detainee is sent to the EBC. His apartment, among other things, a pair of wristwatches. Each such part is worth about 20 thousand dollars, in the yard of a premium car. He got into his brother's well-established business, which was hunted by operatives from perhaps dozens of countries. An example of how a digital trail from Belarus led to a criminal 4.5 thousand kilometers away.
He was wanted for almost 15 years. A fake passport, possible partial plastic surgery on his face - all in the classic genre, and he was counting on a clean biography, taking into account the expired statute of limitations. But Belarusian Cyberfront fighters caught up with him in Bishkek.
Andrei Kovalev (Head of the Main Directorate for Combating Cybercrime of the Ministry of Internal Affairs of Belarus):
I didn't expect it. I cried like a child, because I was sure that literally half a year was ending there, and in six months the terms of criminal liability would expire. The first question was, how did you find me. It all started, that citizens of the Republic of Belarus suffered. It all started here, citizens of the Republic, my family is here, my parents are here. Yes, I studied, I got married, everything was here until we found them.
Speaker:
All this time, evidence of his crimes has been methodically collected in Belarus for many years. The person detained in Bishkek is a member of an international criminal group involved in carding. The cases involve millions of dollars, he had been hiding in Europe for a long time, as did his accomplices, who left a significant legacy in our country.
Andrei Kovalev (Head of the Main Department for Combating Cybercrime of the Ministry of Internal Affairs of Belarus):
With the great support of our Ministry of Foreign Affairs, an entire corridor was organized for us to leave for Spain, for joint police operations in Spain. That is, we exchanged contacts, exchanged digital evidence, which allowed us to detain this person.
Speaker:
Of course, this is not the only high-profile case in the history of Belarusian Cyberfront fighters in 20 years. Today, the arsenal includes modern systems, software, analytics, and Internet intelligence. Every police department has operatives who know a thing or two about IT. And a separate operational unit of the criminal police deals with solving crimes in the high-tech sphere, and five people in the capital grew out of the search department and later from departments.
The 90s. The first mobile phones appear in Belarus, and the Internet is launched. After the collapse of the Soviet Union, the Belarusian law enforcement system, like everything else in a young, sovereign country, wonders what's next. The process of automation is launched, from processing traces from unsolved crime scenes to creating electronic databases of pre-service special systems.
Boris Tarletsky (First Deputy Minister of Internal Affairs of Belarus 2001-2004):
Before automation, one expert could process approximately one fingerprint or one trace taken from an unsolved crime scene and 10 dactocards during his working time, and that's it. And the array of dactocards actually amounts to millions.
Speaker:
Minsk, as usual, was the legislator of the MOD. Major General Boris Tarletsky was debugging the work of the capital's police at that time. Even then, it was obvious that crime was changing, and it was no longer enough for an operative to have only intelligence and deduction.
Boris Tarletsky (First Deputy Minister of Internal Affairs of Belarus 2001-2004):
They began to understand that if some kind of automation is created, there will definitely be people who will be interested and want to penetrate these systems in order to gain some benefit for themselves.
Speaker:
Such concepts as an IT country and online payment systems had not yet been born, but the first generation of IT criminals was raising their heads in Belarus. The 1998 crime in the reports attracted attention. A Trojan horse in the "Victim's" computer gained access to the network details of users of the country's largest service provider.
Igor Chernenko (Head of the "K" Department of the Ministry of Internal Affairs of Belarus from 2002 to 2025):
Internet access passwords appeared on the market, which were sold, as I recall, for 10 dollars. We were working in the criminal investigation department at the time, and such words as Internet and provider were a novelty. Acting according to the principles of the criminal investigation department, we identified this person.
Speaker:
He went to prison, however, for fraud, and not for the so-called "computer crime". The Criminal Code was not yet familiar with this phenomenon, as were the operatives, where there could be one computer for the entire department, and the Internet was a luxury.
Igor Chernenko (Head of the "K" Department of the Ministry of Internal Affairs of Belarus 2002-2025):
Bright minds in our academic circles created a whole chapter in the Criminal Code called "Crime against information security", which included the main elements of crimes that were as close as possible to those elements of crimes that were set out in the European Convention on Cybercrime.
After that, the process began.
Speaker:
The first cyber thieves - individuals - obtained PIN codes for other people's payment cards. But after just a few years, this criminal environment was overgrown with organized groups. Their connections stretched to organized crime groups in other countries. It was necessary to urgently restore order. After all, if in 1998 there was one crime in the report, then by the millennium the figures had already approached half a thousand.
Boris Tarletsky (First Deputy Minister of Internal Affairs of Belarus 2001-2004):
In 2001, I was appointed to the post of First Deputy Minister of Internal Affairs of the Republic of Belarus. Prepared a report addressed to the Minister of Internal Affairs, a proposal to form such units both in the Central Office of the Ministry of Internal Affairs and in all regional internal affairs departments.
Speaker:
November 28, 2002 is the date when Belarus began to actively strengthen its "cyberfront". Strengthen with fighters capable of thinking outside the box, with the ability to read and record digital traces, analyze, and calculate the moves of criminals. This is how an independent operational unit appeared in the MBD. And then investigators, prosecutors, and judges were needed who know what they are dealing with.
In fact, the creation of the unit marked the start of the formation of a new system to combat this type of crime.
Alexander Rignevich (Deputy Head of the Main Directorate for Combating Cybercrime of the Ministry of Internal Affairs of Belarus):
Our unit employs very versatile people, and they must be very versatile. This person must be both an operative and a person with sufficiently broad, deep knowledge in technical terms. What is needed here is an operational mindset.
Speaker:
The Belarusians have made a loud statement almost from the very start. The special operation "Tornado", conducted at the initiative of the Ministry of Internal Affairs with the participation of Interpol, revealed more than 5 thousand websites with child pornography around the world. They were closed. Employees were sent to Baltimore three times at the request of the States to participate in special operations, but a digital criminal of 20 years ago is still a layman compared to what today's criminals operate in the digital world.
The same carding is more technologically advanced today. An apartment on Surganovo in Minsk. The detention group is ready. The criminal does not even suspect that in a matter of seconds the bracelets on his hands will close. He had to answer about Sonya and even in his underwear. - such is the effect of surprise.
The laptops contain a digital biography of diverse criminal activity - silver bars, currency, jewelry, flash drives with information useful to operatives.
Alexander Rignevich (Deputy Head of the Main Directorate for Combating Cybercrime of the Ministry of Internal Affairs of Belarus):
Modern cybercrime is not the action of one person. In the vast majority of cases, it is the action of a group. The police cannot find each other on the Internet, in various messengers, agree on the commission of this or that action, distribute roles. Members of this criminal group are not always on the territory of our country.
Speaker:
Carder was sure that he was smarter and more cunning than the police. The fighters of the "K" department proved otherwise.
An operative officer of the Department for Combating Cybercrime of the Main Directorate of Internal Affairs of the Minsk City Executive Committee:
You have been engaged in carding for 10 years, your activity has been recorded for one year. Everything is recorded in photos and videos, there are responses from international payment systems. Control purchases from you were made from your carding goods, which you sold.
Speaker:
And this is theft on an especially large scale using bank card details. For the user to understand, the criminal did not steal the plastic itself. We are talking about already stolen digital data.
An operative officer of the Department for Combating Cybercrime of the Main Directorate of Internal Affairs of the Minsk City Executive Committee:
Posing as the owners of these cards, they made purchases on Internet sites. To make an Internet pull, it was enough to enter the card number and confirmation code. This information is stolen by carders on all online stores, that is, by using some phishing links.
Speaker:
Golf clubs are one of the products that the carders tried to sell to launder money. In this footage, Spanish police officers inspect the goods in the apartment of one of the accomplices of the detained Belarusians. In close cooperation, law enforcement officers from the two countries stopped the activities of an international group that claimed hundreds of victims. For more than three years, they fed on the card accounts of Americans.
An operative officer of the Department for Combating Cybercrime of the Main Directorate of Internal Affairs of the Minsk City Executive Committee:
When our citizens who were on the territory of the Republic of Belarus were detained, instead of Spanish speed detectives, a resident of Spain was detained on the same day, through whom the resale of these goods was directly carried out. The damage exceeded one million US dollars.
Speaker:
In order to protect themselves when cashing out the stolen goods and to confuse their tracks, the carders came up with an intricate scheme. They paid for expensive goods on foreign Internet sites, then resold them, and divided the proceeds. All successful cases that have been carried out over 20 years, we do not talk even today, first of all, so as not to reveal the tactics and methods, because if the criminal world knows certain features and moments where we are present, where we are, it will be much more difficult for us to counteract this. Today we have reached that level. I am absolutely not afraid to say that the unit performs those tasks that no one has done. Speaker: A man with tattooed pictures on his body is a cybercriminal. On the personnel forums of the dark side of the Internet, his nickname is known to many. A sealed eye on a ceiling camera is a witness to an obvious desire to be alone. Perhaps, just during this communication session in messengers, numerous thematic forms.
Andrei Kovalev (Head of the Main Department for Combating Cybercrime of the Ministry of Internal Affairs of Belarus):
The year 2020. Belarus is reeling from the hybrid war waged against us. It is not easy for everyone. Not everyone can withstand the tests of strength with new political technologies, which were carried out in close cooperation with psycho-emotional influence through Telegram channels.
Criminals feel it too. But the assumption that law enforcement officers are distracted from their immediate task of catching criminals was false. Ishimera is another concept from the cyber dictionary - a female operative figured out.
An operative of the Main Directorate for Combating Cybercrime of the Ministry of Internal Affairs of Belarus:
A foreign citizen installed specialized equipment on ATMs of various banking institutions to remove information from the magnetic strip of a bank payment card, as well as a PIN code. Subsequently, this data was rewritten to duplicate bank cards and used to commit thefts.
Speaker:
The criminal disguised himself, a hood is not the most original means, wigs and gloves were used, and a technological plate is not visible to the average person.
An operative of the Main Directorate for Combating Cybercrime of the Ministry of Internal Affairs of Belarus:
A shimmer was used. This is a specialized plate that is immersed in the card acceptor of an ATM and is invisible to an ordinary user, an ordinary citizen. Either an overlay keyboard is installed, with which you can get the PIN code for a specific bank card, or an overlay is installed and a video recording is made of what the person enters on the keyboard.
Speaker:
He was riding a scooter, abandoning the car several blocks away. As it will become known later, this is a man with two higher educations - a business analyst. He gave consultations to famous people. It was difficult to identify him, much less catch him red-handed. But one fine day, passing by, the operative noticed traces of criminal interference in the operation of the ATM. What follows is a matter of technology, long hours of observation and patience. We met eye to eye, probably, 4 times. Fortunately, I am a girl, he did not pay attention to me. At the same time, he was extremely careful, watching the passers-by, whether anyone was sitting on the opposite side of the bus stop. We managed to record the car he was traveling in, establish the address of his place of residence and detain him red-handed. Speaker: The criminal worked on an article with theft on a large scale. More than two dozen people suffered. The difficult geopolitical situation in the region, the global crisis against the backdrop of the pandemic, instability - all these are impulses for cybercrime. Recently, attacks on our country have increased many times over. Andrei Kovalev (Head of the Main Department for Combating Cybercrime of the Ministry of Internal Affairs of Belarus):
An operative officer of the Main Directorate for Combating Cybercrime of the Ministry of Internal Affairs of Belarus:
Digital crime depends on many factors. First of all, on what is happening in the country, what is happening in its immediate neighbors, the economic and political situation.
Speaker:
It is not only ordinary people who are being tested for strength, but also economic entities. And the specialists of the "K" Department are, in fact, on the front lines of the cyber front today.
Alexander Rignevich (Deputy Head of the Main Department for Combating Cybercrime of the Ministry of Internal Affairs of Belarus):
Our country is being attacked, including of a slightly different kind. That is, attempts to convey disinformation to our people, attempts to compromise certain government agencies, organizations, including by replacing their real Internet resources with fake ones.
Speaker:
Each crime, its disclosure is an opportunity to compete with the attacker in knowledge, to test deduction. And when all the cash was stolen from an ATM on the street near an administrative building in Minsk one day, this was just such a case. We had to quickly look for a breach in the security system.
Dmitry Stasyulevich (Deputy Head of the Cybercrime Department of the Main Directorate of Internal Affairs of the Minsk City Executive Committee):
The attacker connected to the ATM in a certain way, so to speak, relying on the fact that the ATM was an old system with unupdated security systems. And using advanced software, he forced the ATM to give out all the cash it had. That is, in principle, there was no hacking or overt theft.
Speaker:
As it would later become known, it took the cyber thief half an hour to collect the money from the ATM into his bag. It became known, after we reviewed and analyzed the logs, how long he gave out this money, how he counted it out, and so on. Naturally, we established the reasons why this was possible. He had tasks that he had to complete. He had to do one, two, three actions. Then the program performed the most necessary manipulation. Well, and remote access was also established. Speaker: The next day, while withdrawing money from an ATM of a similar outdated system with a bag of cash, the criminal was caught. His accomplices from Russia were also identified. At the instigation of Belarusian operatives, they were detained by Russians at a similar ATM. Dmitry Stasyulevich (Deputy Head of the Cybercrime Control Department of the Main Directorate of Internal Affairs of the Minsk City Executive Committee): The service is loved because it is the most promising and rapidly developing among the criminal police services. Andrei Kovalev (Head of the Main Directorate for Cybercrime Control of the Ministry of Internal Affairs of Belarus): Unfortunately, not everyone sees and can appreciate that pedantry and meticulousness. You need to understand how much time and effort is spent on this so that digital traces can later form part of the evidence base. Speaker:
Dmitry Stasyulevich (Deputy Head of the Department for Combating Cybercrime of the Main Directorate of Internal Affairs of the Minsk City Executive Committee):
Among the extraordinary cases, the disclosure of which brings moral satisfaction to opponents, this is undoubtedly one. They were looking for two fraudsters, Abbeydale and Denis Patton, but one turned out to be two-faced, a woman. Her talented legends include numerous family ties with senior officials, including the security forces, where they are allegedly always ready to help resolve the issue for money.
Operational officer of the Department for Combating Cybercrime of the Main Directorate of Internal Affairs of the Minsk City Executive Committee:
If someone had any issues with law enforcement agencies, then the person indicated that they had acquaintances in the prosecutor's office, there were questions for VIST in embassy institutions, and by allegedly giving a bribe, these issues could be resolved. Communicating for a very long period of time, they transferred these funds, and even sent photos of their bank payment cards, including the back with the CWB code, which this person was later forced to use.
Speaker:
Elin, Elya, Eva, aka Albina, Yana, Barbara, communicated with Belarusians exclusively with an accent, calling herself a British subject, a citizen of Israel, and sometimes Poland. Communicating online with foreigners, she spoke pure Russian. She easily transformed from a woman into a man, changed her voice, and the victims did not suspect that their benefactor and a person, say, from the authorities, were one and the same person.
An operative officer of the Department for Combating Cybercrime of the Main Directorate of Internal Affairs of the Minsk City Executive Committee:
As was later established, she had previously been brought to criminal responsibility in 2011 in the territory of the Russian Federation for fraud, after which, according to our information, she was in Ukraine and committed crimes there. However, they could not bring her to criminal responsibility for the same crimes, because this person kept her real documents in a separate apartment that she rented. She herself used a number of intermediaries.
And, accordingly, when she received information that law enforcement agencies were on her trail somewhere, she simply left the territory of this state.
Speaker:
She used the same conspiracy scheme in Belarus. The number of her victims in our country, Latvia, Poland, Ukraine, and other countries is in the hundreds. Law enforcement agencies from many countries tried to identify her, but ours found and detained her. The machine was in the image almost until the curtain.
Operative officer of the Cybercrime Department of the Main Directorate of Internal Affairs of the Minsk City Executive Committee:
It is worth saying that even at the time of detention, this person introduced himself as a British citizen and demanded the consul of this state. It was a big surprise for her when we went to another address in Minsk, where her real documents were kept. After which, of course, this person realized that the game was over.
Speaker:
The woman is a psychologist by education. She knew the techniques of changing consciousness and perception of reality. With their help, she quickly collected the necessary dossier, and then simply parasitized on problems. As operatives joke, today an attacker just needs to look at the card, and there will be no money left on it. What bank?
Speaker:
Why are you calling from a Russian number? Stop brainwashing Belarusians already. The most common crime today in this area is fraud, when the victim is forced under any pretext to give bank card details. This is vishing phishing, where the bait is thrown in during a telephone conversation.
Andrey Kovalev (Head of the Main Directorate for Combating Cybercrime of the Ministry of Internal Affairs of Belarus):
To bring a person to a certain behavior pattern in order to fully control his attention, obtain personal information, or simply force him to do something else. Well, roughly speaking, transfer money.
Speaker:
The criminal uses a number substitution system, and this will surprise no one.
Inattention, gullibility, carelessness - excellent waters for such fishing work according to a template, changing scenarios to more relevant ones. And then IT technologies come into play.
Dmitry Stasyulevich (Deputy Head of the Department for Combating Cybercrime of the Main Directorate of Internal Affairs of the Minsk City Executive Committee):
Criminals have stopped posing as bank employees and have started posing as law enforcement officers. In principle, the mechanism itself is the same. Providing phishing links to various resources, that is, buying and selling services, hacking messengers themselves, dating has recently become popular. Providing a phishing link to a site where, in principle, people enter their details. Using these details, money is always stolen later.
Speaker:
Criminals have their own consultants on the Darknet, a community, they work in the shadow markets, they acquire details of cards from foreign banks. Then they withdraw funds. A team of professionals works to solve such crimes, where each has precise knowledge from different fields.
Alexander Rignevich (Deputy Head of the Main Department for Combating Cybercrime of the Ministry of Internal Affairs of Belarus):
A criminal group of young people has been exposed, who assisted the attackers in deceiving our citizens by calling a total of more than 60 people. At the moment, more than 2,000 victims have already been identified.
Fraudsters are young people under 25 who wanted to earn money quickly and without doing anything, but, naturally, such earnings that they find on the Internet lead them to places not so remote.
Speaker:
The popular population of the online trading platform is a tasty morsel for cyber fraudsters, especially when it comes to second-hand goods. There were days when dozens of buyers contacted just one of them per day, who lost all their savings from their cards.
An operative officer of the Department for Combating Cybercrime of the Internal Affairs Directorate of the Minsk Regional Executive Committee:
A group of people committing crimes in the field of fraud on the Kufor platform was identified in the Minsk Region. These people created software that could automatically generate a phishing page. Subsequently, this phishing page was sent to individuals. The fraudster signed up with the seller on behalf of the buyer and offered him to buy the goods for a certain price, and asked for a discount, asked about the goods, that is, behaved like an ordinary buyer.
And if they agreed on the amount, the attacker sent a link. When the seller followed this link, he was taken to a phishing page.
Speaker:
The card details left on the fake page allowed the criminal to withdraw all the money. The operatives identified the defendants in the criminal group, which had clearly divided responsibilities.
An operative officer of the cybercrime department of the Internal Affairs Directorate of the Minsk Regional Executive Committee:
The group included both citizens of the Republic of Belarus and citizens of Ukraine. There were two organizers who created the software, who created the links themselves and who managed the entire scheme, where, what, to whom, they studied courses from YouTube.
Speaker:
Thanks to the preventive work, the number of crimes is decreasing. And yet 20% of all crimes in the reports are crimes with the prefix "Cyber". One of the new criminal trends is swatting. Or svoiting, if we are close to the transcription from English. But the word managed to assimilate in a short time.
Alexander Garus (Head of the Department for Combating Cybercrime of the Internal Affairs Directorate of the Vitebsk Regional Executive Committee):
This is a false message about a threat. As a rule, such messages come to the e-mail of either an enterprise or an organization, which indicates that a given building or premises is mined and or some demands are put forward.
Speaker:
This young man was caught off guard. The guy had to answer the detectives' questions for himself and his friends.
Operative of the Cybercrime Department of the Main Directorate of Internal Affairs of the Minsk City Executive Committee:
From what email and what computer did you send it?
Fraudster:
From the Windows operating system, Firefox browser.
Speaker:
And this detainee is a ninth-grader from a small town in the Vitebsk region. And judging by the digital traces, with a decent amount of experience working in the shadow segment of the Internet.
Operative:
When did you create the Svatchevgram channel?
Fraudster:
I created it about three or four months ago.
Operative:
For what purpose?
Fraudster:
To help Vainer in the Svatchev community.
Speaker:
The guy smiles when asked about finances and seems to be even proud of himself. Their objects can be anywhere. As a rule, they are interested in Belarus, Russia, and other post-Soviet countries.
Alexander Garus (Head of the Cybercrime Department of the Internal Affairs Directorate of the Vitebsk Regional Executive Committee):
There are cases when electronic messages about mining of about a hundred objects come in one day. It is very difficult to calculate them, but it is possible. This is really labor-intensive work. Interaction, again, is necessary here between various law enforcement agencies of different countries. And only in this case is it possible to really succeed.
Speaker:
The goals of swatting are different. From the banal desire of teenagers to have fun and excite the operational services, to watch the result from the news to the desire to make money on blackmail.
Alexander Rignevich (Deputy Head of the Main Department for Combating Cybercrime of the Ministry of Internal Affairs of Belarus):
The main goal is this panic mood in a specific object, perhaps in some region. The desire for us to evacuate people, conduct some kind of mass checks - all this will cause a certain share of negative manifestations, which is the main goal. That is, just a few years ago, we basically didn’t encounter this form of cybercrime.
Aleksandr Garus (Head of the Cybercrime Department of the Vitebsk Regional Executive Committee’s Internal Affairs Directorate):
You have to respond to every message. And all the necessary services are dispatched to every message. This includes the police, the Ministry of Emergency Situations, and the ambulance. Sappers are dog handlers with dogs. A lot of manpower and resources are involved.
Operative:
How much did you earn from your community activities?
Fraudster:
200-250 thousand Russian rubles.
Operative:
How much mining did you do, approximately?
Fraudster:
More than 30, probably.
Speaker:
While a sleepy teenager in the Vitebsk Region was explaining his actions, his associates were nervous in the presence of people in black in Russia. A joint operation by Belarusian and Russian law enforcement officers identified and detained a group that had created more than 80 fake messages about terrorist attacks in three months. The Telegram channel accepted orders for money, and also posted reports on the work done. Let's go back to the beginning.
The criminal, who was recently brought in by operatives from four countries at the instigation of the Belarusians, was self-confident and reserved. His detention is a living example that everything secret becomes clear. The main thing is endurance and the ability to make prompt decisions in a timely manner.
Andrei Kovalev (Head of the Main Directorate for Combating Cybercrime of the Ministry of Internal Affairs of Belarus):
Well, the height of cynicism is that the fake passport was in my name, they detained him anyway. Like a wolf, they drove him to certain beacons, to certain countries, controlled him. Satisfaction, of course. You need to be a fan of your profession. It may take weeks, months, even years to develop or support a particular situation. It's all in your head, you live with it. Maximally focused on the rhythm, because either a task may be set, or the situation may change dramatically.
Speaker:
At the time of this topic, a defendant in a high-profile criminal case that lasted almost 15 years was awaiting extradition from Kyrgyzstan.
Last edited by a moderator:
