Man
Professional
- Messages
- 3,077
- Reaction score
- 614
- Points
- 113
Contents of the article
Even if the hacker is eaten, he will have at least two ways out. But if the hacker is detained by tough guys in uniform, there may be fewer ways out. Usually in such cases it is advised to hire a smart lawyer and hope for the best, and while waiting for the outcome, you can worry about coming up with a couple of reliable excuses. Which of them can work, and which ones are better not to use at all, we will discuss today.
In foreign films, a trial is a battlefield where an eloquent lawyer fights with an unyielding state prosecutor in front of the public, while the judge watches from above. In reality, a trial is boring and monotonous. In most cases, everything comes down to reading out a court ruling. The adversarial nature is conditional, and this is not surprising - all the answers to questions were received at the investigation stage, and judges, who are well versed in legal matters, understand much less about computer technologies and therefore do not distinguish well between the concepts of ransomware, bruteforce and pentest. In other words, in their decisions they often rely on the findings of investigators.
For this reason, the competition and struggle are transferred to the investigation stage. It is there that the evidence base is formed, which will then be presented as an accusation. And it is at this stage that those accused of committing computer crimes try in every way to justify themselves and build a defense, sometimes demonstrating enviable imagination and ingenuity.
The basis for recognizing software as malicious is an expert's conclusion. In recent years, a large number of programs and utilities have been recognized as "malicious". Among them are ScanSSH, Intercepter-NG, NLBrute, UBrute, RDP Brute, sqlmap, Netsparker, SQLi Dumper, Router Scan, Private Keeper, Havij, Metasploit, Armitage, DUBrute, Lamescan, Fast RDP Brute, njRAT, Acunetix. Experts often lump phishing pages, activators, keygens, patches, and banking Trojans into the same pile.
In addition to obvious malware, the list includes legal pentest tools: for example, Acunetix and Netsparker, which are not quite correct to classify as malicious. No less questionable is the inclusion of sqlmap, Metasploit and Armitage, which are part of Kali Linux. After this, all that remains is to ban the operating system itself.
The point is that it is impossible to say unequivocally whether software is malicious. The definition of maliciousness is given each time depending on the circumstances of the use of this software. A simple example: the use of Acunetix Web Vulnerability Scanner 8 by company specialists to identify vulnerabilities on a resource belonging to it does not constitute a crime. But the use of the same software by a cybercriminal to hack someone else's server makes it malicious. Such a legal conflict.
In general, the statement that the suspect had no idea about the harmful properties of the programs he used does not impress the investigators and the court. And it does not help to mitigate the punishment either.
Such statements are refuted in the following way: a forensic examination is carried out, as a result of which it is established whether access to the computer was opened via RDP, when it was connected, and whether there are signs of brute force in the logs .
The history and temporary files of browsers are also analyzed. The presence in the history of queries such as "how to hack an account remotely?", "download NLBrute" and similar ones are unlikely to play into the hands of the accused. The examination will also establish the presence of malware, the time of its launch, the presence of encrypted container files, the anonymization tools used on the computer, and so on.
Finally, the defendant's abilities and skills are assessed based on his education, work and interests. Information confirming his knowledge in the IT field will be used to support the charge.
It should be clarified here. The mere fact that the accused works as a system administrator and is interested in pentesting will clearly not be enough to convict an innocent person, so all of the above is considered together.
When brought to court, these guys try to prove that their job was only to find people and transfer money. They had never heard of any criminal schemes or malware.
Such statements are easily refuted by the results of operational and investigative activities and actions. Witnesses are questioned, telephone conversations, correspondence with other members of the criminal group are analyzed, bank transactions are raised, etc. As a rule, the totality of all this information allows us to prove that the accused knew how the money was obtained and what the bank cards of the mules were needed for.
In addition to everything else, these villains are also punished under Article 273 of the Criminal Code of the Russian Federation ("Use of malicious software"). And even if they were not directly involved in launching and installing malware. The investigation only needs to prove that the money was stolen by an organized group of people. Participation in it automatically entails punishment under this article of the Criminal Code.
Similar methods of protection are used by those accused of hacking ATMs using malware such as Cutlet Maker. They readily agree with the accusations of stealing money, but cannot understand what kind of malware is being discussed. At the same time, the accused refers to their lack of special knowledge in information technology. This once again confirms that in our time, an ordinary thief with a drill, flash drive and USB cable in his hands can become a “cybercriminal”.
Konstantin Kozlovsky, accused of stealing 1.7 billion rubles and attacking Russia's critical infrastructure, said he committed the crimes at the instigation of FSB officers. To add even more weight to these words, he took responsibility for hacking the servers of the US Democratic Party and Hillary Clinton's email in 2016. The court was skeptical of such a statement. The US Department of Justice also never stated that Kozlovsky was involved in these computer attacks.
The trial of the Lurk group members continues, and perhaps we can expect even more sensational and frank statements from their leader.
If only one of the members of a criminal group is caught, he will have to pay for everyone with his own money. This often happens when drop-off operators, cash-out operators and other low-skilled cyber-villains are detained.
However, the extortionist from the Vologda region avoided severe punishment by following this rule. For encrypting about 2,000 foreign computers and receiving about four million rubles as a ransom, he was given a suspended sentence of seven months, a probationary period of one year, and a fine of 100 thousand rubles. Similar actions against Russian users would certainly have led to a more severe punishment.
The activist received a sentence in the form of restriction of freedom, but was immediately amnestied in the courtroom and released from the assigned punishment and conviction in accordance with the resolution of the State Duma deputies.
Sometimes the accused did not even suspect that they were committing dangerous acts. Having read manuals on the dark web on how to hack remote resources, these enthusiasts boldly rush into battle without thinking about the consequences. Perhaps the state should conduct educational work among this category of users to warn them against making wrong moves. And it would be great to do this not only in schools, universities and on the website of the "League of Safe Internet".
But statements of loyalty and love for our country can help avoid severe punishment or significantly reduce it. The main thing is to do it sincerely. It is worth noting that the Criminal Code does not limit the list of circumstances mitigating punishment.
But the best way to avoid it is not to commit crimes. And then you definitely won't have to fantasize about "How did this happen?" or get acquainted with the intricacies of the Russian judicial system.
- Popular Excuses
- What helps
- Conclusions
Even if the hacker is eaten, he will have at least two ways out. But if the hacker is detained by tough guys in uniform, there may be fewer ways out. Usually in such cases it is advised to hire a smart lawyer and hope for the best, and while waiting for the outcome, you can worry about coming up with a couple of reliable excuses. Which of them can work, and which ones are better not to use at all, we will discuss today.
INFO
If you are interested in the topic of confrontation between cybercriminals and law enforcement, we recommend that you read the previous article, which talked about how cybercriminals are tried in Russia and how strict our judicial system is towards them.In foreign films, a trial is a battlefield where an eloquent lawyer fights with an unyielding state prosecutor in front of the public, while the judge watches from above. In reality, a trial is boring and monotonous. In most cases, everything comes down to reading out a court ruling. The adversarial nature is conditional, and this is not surprising - all the answers to questions were received at the investigation stage, and judges, who are well versed in legal matters, understand much less about computer technologies and therefore do not distinguish well between the concepts of ransomware, bruteforce and pentest. In other words, in their decisions they often rely on the findings of investigators.
For this reason, the competition and struggle are transferred to the investigation stage. It is there that the evidence base is formed, which will then be presented as an accusation. And it is at this stage that those accused of committing computer crimes try in every way to justify themselves and build a defense, sometimes demonstrating enviable imagination and ingenuity.
Popular Excuses
I didn't know the software was malicious.
Since the introduction of Article 273 "Creation, Use, and Distribution of Malicious Computer Programs" into the Criminal Code of the Russian Federation, disputes and discussions about what can be considered malware have not subsided for a minute. Let's leave demagogy to lawyers and turn to practice.The basis for recognizing software as malicious is an expert's conclusion. In recent years, a large number of programs and utilities have been recognized as "malicious". Among them are ScanSSH, Intercepter-NG, NLBrute, UBrute, RDP Brute, sqlmap, Netsparker, SQLi Dumper, Router Scan, Private Keeper, Havij, Metasploit, Armitage, DUBrute, Lamescan, Fast RDP Brute, njRAT, Acunetix. Experts often lump phishing pages, activators, keygens, patches, and banking Trojans into the same pile.
In addition to obvious malware, the list includes legal pentest tools: for example, Acunetix and Netsparker, which are not quite correct to classify as malicious. No less questionable is the inclusion of sqlmap, Metasploit and Armitage, which are part of Kali Linux. After this, all that remains is to ban the operating system itself.
The point is that it is impossible to say unequivocally whether software is malicious. The definition of maliciousness is given each time depending on the circumstances of the use of this software. A simple example: the use of Acunetix Web Vulnerability Scanner 8 by company specialists to identify vulnerabilities on a resource belonging to it does not constitute a crime. But the use of the same software by a cybercriminal to hack someone else's server makes it malicious. Such a legal conflict.
In general, the statement that the suspect had no idea about the harmful properties of the programs he used does not impress the investigators and the court. And it does not help to mitigate the punishment either.
My computer was hacked, I wasn't the one who carried out the attacks!
Not a bad attempt to escape responsibility. Remote access via RDP was allowed on the computer, an unknown cyber villain picked up the login and password and did shady deeds while the real user didn't even suspect it.Such statements are refuted in the following way: a forensic examination is carried out, as a result of which it is established whether access to the computer was opened via RDP, when it was connected, and whether there are signs of brute force in the logs .
The history and temporary files of browsers are also analyzed. The presence in the history of queries such as "how to hack an account remotely?", "download NLBrute" and similar ones are unlikely to play into the hands of the accused. The examination will also establish the presence of malware, the time of its launch, the presence of encrypted container files, the anonymization tools used on the computer, and so on.
Finally, the defendant's abilities and skills are assessed based on his education, work and interests. Information confirming his knowledge in the IT field will be used to support the charge.
It should be clarified here. The mere fact that the accused works as a system administrator and is interested in pentesting will clearly not be enough to convict an innocent person, so all of the above is considered together.
This is not my IP
Such statements are easy to refute: ask your provider to whom the IP address from which the computer attacks were carried out belongs. And it does not matter whether a static or dynamic IP address was used - in accordance with Yarovaya's law, the provider stores information about the IP address allocated to you for six months. Enough time to collect the necessary evidence.I didn't hack anything, I just checked how it works.
This is how script kiddies make excuses: “I downloaded the program, installed it, pressed start, and then everything just happened on its own...” And they may be quite sincere. But there is no point in this. The very fact of using malware is already illegal and entails criminal punishment. And if the target of the attack “accidentally” turned out to be a resource classified as “Objects of the critical information infrastructure of the Russian Federation,” then the punishment for such an act will be stricter, up to and including imprisonment for a term of two to five years.I only provided the material.
Theft of money from bank accounts is carried out by a group of people, the roles of which are assigned in advance. In addition to coders, cryptors, traffickers and uploaders who directly interact with malware, it also includes droppers and cashers. Their duties are limited to finding drops, working with them and transferring funds to the provided bank details.When brought to court, these guys try to prove that their job was only to find people and transfer money. They had never heard of any criminal schemes or malware.
Such statements are easily refuted by the results of operational and investigative activities and actions. Witnesses are questioned, telephone conversations, correspondence with other members of the criminal group are analyzed, bank transactions are raised, etc. As a rule, the totality of all this information allows us to prove that the accused knew how the money was obtained and what the bank cards of the mules were needed for.
In addition to everything else, these villains are also punished under Article 273 of the Criminal Code of the Russian Federation ("Use of malicious software"). And even if they were not directly involved in launching and installing malware. The investigation only needs to prove that the money was stolen by an organized group of people. Participation in it automatically entails punishment under this article of the Criminal Code.
Similar methods of protection are used by those accused of hacking ATMs using malware such as Cutlet Maker. They readily agree with the accusations of stealing money, but cannot understand what kind of malware is being discussed. At the same time, the accused refers to their lack of special knowledge in information technology. This once again confirms that in our time, an ordinary thief with a drill, flash drive and USB cable in his hands can become a “cybercriminal”.
I followed the orders of the FSB
The leader of the hacker group Lurk was certainly not the first to resort to such a justification for his activities. But it was his statement that received wide publicity. Let me remind you how it happened.Konstantin Kozlovsky, accused of stealing 1.7 billion rubles and attacking Russia's critical infrastructure, said he committed the crimes at the instigation of FSB officers. To add even more weight to these words, he took responsibility for hacking the servers of the US Democratic Party and Hillary Clinton's email in 2016. The court was skeptical of such a statement. The US Department of Justice also never stated that Kozlovsky was involved in these computer attacks.
The trial of the Lurk group members continues, and perhaps we can expect even more sensational and frank statements from their leader.
What helps
Active assistance in solving a crime, turning oneself in, special procedure
In the vast majority of criminal cases, cybercriminals resort to such methods of mitigating punishment if the investigation has enough evidence of their guilt. This is not surprising - if the police have your hard drive with a collection of malware, a brute force database and valid accounts obtained, it would be strange to deny it. Of course, you can resort to the methods from the first part of the article, but there is a chance to ruin everything completely.Compensation for material damage and moral harm
Everything must be paid for, and most often in monetary terms. It is better to compensate for material damage at the investigation stage, then the court will consider it as a mitigating circumstance.If only one of the members of a criminal group is caught, he will have to pay for everyone with his own money. This often happens when drop-off operators, cash-out operators and other low-skilled cyber-villains are detained.
Apologizing to the injured party
Everything is simple here: the rules of good manners are welcomed by the court. You can apologize in any form - in person, by mail, publicly. The main thing is not to forget to record it.Petition of the collective
A positive reference and a petition from the work team often help IT specialists who commit cybercrimes when they learn the basics of cybersecurity and pentesting.Lecture on the inadmissibility of illegal activity
A relatively new form of mitigation that is viewed favorably in court. It is often used by script kiddies who accidentally attack a government resource. Lectures are given at universities, schools, or workplaces. It is believed that this helps other aspiring hackers avoid the slippery path of crime.It didn't work in Ru
For many years, following this principle allowed cybercriminals to avoid punishment for their crimes. Recently, the picture has changed. Examples have begun to appear when cyber fraudsters and criminals who hacked computers of foreign citizens and organizations and stole money are brought to trial.However, the extortionist from the Vologda region avoided severe punishment by following this rule. For encrypting about 2,000 foreign computers and receiving about four million rubles as a ransom, he was given a suspended sentence of seven months, a probationary period of one year, and a fine of 100 thousand rubles. Similar actions against Russian users would certainly have led to a more severe punishment.
For love of the Motherland
These are the words used by an activist of the United Russia party from Sochi to explain the reasons for the cybercrime. It happened back in 2011. Feeling personal hostility towards people who expressed dissatisfaction with the results of the State Duma elections, he blocked the phones of members of election commissions and opposition supporters using the flooders SkypePhoneKiller, SkypeX, Rings Skyper, Mobile Attacker, SIP Unlock . He also carried out DDoS attacks on local news sites.The activist received a sentence in the form of restriction of freedom, but was immediately amnestied in the courtroom and released from the assigned punishment and conviction in accordance with the resolution of the State Duma deputies.
Conclusions
In an attempt to escape punishment for the crimes they have committed, cybercriminals resort to a variety of methods. Some sound very cynical, absurd and stupid. The result is predictable.Sometimes the accused did not even suspect that they were committing dangerous acts. Having read manuals on the dark web on how to hack remote resources, these enthusiasts boldly rush into battle without thinking about the consequences. Perhaps the state should conduct educational work among this category of users to warn them against making wrong moves. And it would be great to do this not only in schools, universities and on the website of the "League of Safe Internet".
But statements of loyalty and love for our country can help avoid severe punishment or significantly reduce it. The main thing is to do it sincerely. It is worth noting that the Criminal Code does not limit the list of circumstances mitigating punishment.
But the best way to avoid it is not to commit crimes. And then you definitely won't have to fantasize about "How did this happen?" or get acquainted with the intricacies of the Russian judicial system.
