BadB
Professional
- Messages
- 1,668
- Reaction score
- 1,586
- Points
- 113
In this topic, Roman Sannikov and I discussed Russian hackers and touched on the problems of modern cybercrimes: why people choose this path, how many and what dangers are hidden in the crimes and attacks committed, Russian hackers in America, cybersecurity as a profession.
Enjoy reading!
Contents:
What were hackers like in the early 00s and how do they differ from Western hackers?
Dmitry:
We are moving on to an interview with Roman Sannikov, an employee of Recorded Future. And the second part is dedicated to Russian hackers. The first question from our viewers, Roman. You have focused on cybercrime as an activity from a linguist's point of view since 2000. What were Russian hackers like then and how do they differ from today's? This is the first question. And also how do Russian hackers differ from, for example, American hackers?
Roman:
Now specialization has become quite acute. In the early 2000s, people who were mainly engaged in this activity, they had to be able to do practically everything, they had to understand practically everything, they had to write software themselves to some extent, they had to understand the financial system, how it was possible to hack something there, how it was possible to gain access to something.
They had to understand social engineering, they had to know how to make calls, know how to transfer funds from one account to another, as they said, to do a flood, and so on.
They had to understand how to program cardboard or white plastic, as it was called in those days, and all this had to, again, it seems to me that this is the idea that now comes to many people's minds - a hacker, a person who can do all this, these were the hackers of that time, it seems to me that now it is a little outdated, because now people are mostly engaged in more targeted, again, a person who organizes some kind of activity or some kind of attack or even some kind of software, this is not the person who writes it, this is not the person who then makes some exploits or does spam or does crypto, does money laundering, using drops and so on, hiring these people. That's why now, when you look again at forums and people's activities, it's much more specialized than it was 20 years ago.
Is this the reason why there are more cyber criminals? I think it's definitely because many people who are cyber criminals now are not really hackers. They don't understand programming that much, they don't understand technical issues that much, they may be much more knowledgeable about financial, financial fraud, how banks work, and so on.
They may even barely use a computer, but they understand how to communicate with people, how to do social engineering, how to convince a person that you are the one who transferred some money from one account to another. Well, and it seems to me that people simply realized that it is more profitable and easier to do one thing that you really know and understand thoroughly than to try to cover all the points and all the issues. Well
, to some extent, it seems to me, because it is more difficult to do this now. 20 years ago, this was still something fairly new and many companies did not understand it well and did not fight it well. Therefore, it was easier to penetrate, it was easier to find these loopholes and so on.
But now, indeed, very often you have to be a specialist to do this and somehow make money on it.
Dmitry:
And how is a Russian hacker different from hackers from America, for example?
Roman:
Well, it's hard to say, it seems to me that there are simply fewer hackers from America now, to some extent, because law enforcement agencies are quite effective in combating this in the States, so it's harder for people in America to do this. On the other hand, it's easier for them to find a normal job with a company where they can earn good money without this fear that someone will be knocking on their door any minute now and so on.
Therefore, it seems to me that again, they are encouraged to engage in illegal activity, much less than they were 20 years ago and much less than people in Russia, who, it seems to me, have fewer opportunities to find normal jobs than in the West.
Ransomware attacks among Russian-speaking hackers and why the FSB is powerless in the event of such attacks
Dmitry:
I see. Thank you. Next question. I would like to talk about the moral part of the ransomware attack problem. Take Russian-speaking hackers, for example. What are your comments on how they feel about this kind of business, it's popular, it's a bit underground, what kind of stigma is there?
Roman:
You know, this is a very, very interesting question. I remember I was following the development of this. I remember how back in the 2000s, FSB officers came to us and warned Russia, warned the United States and said that, you know, we now have such a big problem in Russia, where, as we said, scareware, where computers are literally infected en masse and these ads pop up that your computer is infected and that you can’t do anything with it until you pay $100 or something like that. And the FSB complained that this is according to the law, as far as I remember, as far as they explained, that according to the law, these 100 dollars, they do not reach the level where the FSB can consider this, so it has to be considered at the level, because this is considered individually, not as a mass attack and as a mass operation of corruption or organized crime, but namely as individual attacks on individual computers, so it was transferred to the Ministry of Internal Affairs, and the Ministry of Internal Affairs, again, as far as we were told, I do not want to offend anyone, but as far as we were told, they did not really deal with this or did not deal with it very effectively and so I just remember how it developed back then and then after some time it turned into ransomware, where literally really they were not just scared by what popped up, but literally completely blocked the computer, there was no access, and so on, and I remember there were quite long negotiations. For example, there is one, those who do not know, there is a forum that now, probably, can be called, well, boldly called the leading forum on cybercrime, it is called Exploit, again, those who don't know, there is quite a large, a large part of this forum is devoted to legal, there, the fight against, or, not that fight, but namely, cybersecurity and so on.
Well, and also there is quite a large part, where various criminal, criminal, or rather, issues are considered. And there was a discussion about the fact that they wanted for some time, I think, somewhere 6-7 years ago, to simply block and prohibit all conversations about Ransomware. And then it was, it seems to me, if this had happened, it really could have significantly affected the development of Ransomware. They tried to get in there and stay there, steal something there or use this system as a bot in some further offense, botnets, etc. But to do all this as quietly as possible, so that the owners of this system would not know about it. They used connections, exploits to do this, etc.
Again, because an exploit is one of, well, now I think it is the leading one, at that time it was one of the leading forums of Russian-speaking and English-speaking people who are involved in crime, cybercrime, but the topic that was discussed was both moral and technical. From a technical point of view. Before that, people who hacked computers and systems there, they tried to do it quietly. Ransomware, immediately bricked the computer, so that the owners immediately understood that the computer was infected, they could check there how it was infected and so on. Because of this, a lot of those tools that were used to infect this system, these computers, poured out. But the moral question was also very interesting. I remember, unfortunately, I don’t remember the nickname of this person, but he just openly said, how would you feel if your grandmother was in a hospital where Ransomware was infected, how would you feel in that place? And again, it seems to me that this relates to the issue that we discussed earlier, that people who engage in cybercrime are not ordinary bandits. They are not far enough away from the victim, that they consider themselves people who, as if we do not cause real damage to some real person. And here, when the question arose that maybe we really do cause some damage, maybe we can even physically harm some person. It seems to me that many people thought about this. But, unfortunately, the profit from ransomware was such that most people, even those who had some kind of moral "buts", still closed their eyes and continued to do it.
What is dangerous about ransomware
Dmitry:
And why is a grandmother in danger in a hospital with ransomware, in addition to databases, personal data, the activities of the hospital are blocked?
Roman:
Yes. This means that the hospital's activities are completely blocked, the entire system can stop, and then the question is about monitoring a person's health, what is happening to a person. Literally, the system can turn off all computers. There was a situation several years ago, where I think it was in Switzerland or Austria, where hotel residents were locked in their rooms because they could not leave their rooms for more than a day, because all the doors in this hotel were computer ones, and when the computer network was turned off because of ransomware, people could not be let out, and if suddenly a fire could occur in this hotel, they could not open the doors in any way, and so on. So this, Yes, this is a very serious situation.
About popular cybercrimes today
Dmitry:
And tell me, besides Ransomware, what other cybercrimes are popular today?
Roman:
Well, there are many, but it seems to me that the most developed is hacking. And hacking that occurs in different ways. But again, this is getting access to some system or some computer and so on. And this very often entails an attack, because why try to hack it yourself, to be a hacker, if you can buy it from someone.
And this again comes back to the issue of specialization. There are some people who do it very well, very successfully, they may not do anything else with it, they just get access.
It's literally, I beg your pardon, a person gets a key to the door, he doesn't go in, maybe nothing, or maybe he opens it, looks, but doesn't do anything else, then he sells this key to someone else, who already gets in, who already collects there, already steals what is in this house and then takes it to someone further, sells it, but this penetration into some systems, this very often happens in different ways, sometimes again it's hacking, these are technical methods, sometimes it's phishing, this is the distribution of
various electronic messages, email, where there are links that infect a person, very often it can be a message that comes from other addresses that this person trusts.
One example, very often, for example, if they hack someone, some person, or sometimes they don’t even hack, but they can just make an email, the email address of this person and send it to subordinates there, and say, I have some kind of case that is stuck, and I urgently need you to send some, some amount, or send some documentation, immediately here. Using this, usually this is something that needs to be done urgently, so it kind of puts pressure on the subordinate, because some boss, some head expects an immediate response from him, an immediate reaction.
And therefore very often people, despite the fact that they are taught, very often they do not check in advance whether this is really the person or not, and simply send the information that is asked for.
On fraud related to cryptocurrency
Dmitry:
Our law office is very often called by victims of cybercrimes related to cryptocurrency. Most often, for example, people become victims of some fake business, which they invested in it to get cryptocurrency there, or people get access to something, a wallet, and they are robbed.
Do you pay attention to cybercrimes related to cryptocurrency in your line of work?
Roman:
We do, but I would say that not as much as we would like. Again, because basically our clients are either government agencies, but mainly these are private companies, private corporations, at the moment private corporations, most of them, they do not keep any huge funds, currencies, and so on, in these
cases, these are mainly individuals and also mainly these are people who are not insured against this and therefore they turn to you, because very.
Dmitry:
Often they have no one to turn to, they contact the police, but they are made to understand that they themselves are to blame, that there are government recommendations, that cryptocurrency is a big risk, you took it and you became a victim. They call us in the hope that we will be able to find foreign cybercriminals, but okay, even if you find them, you have to return the money, and if there is no jurisdiction, it is very difficult to do.
And what is your advice to individuals, victims of cybercrime with cryptocurrency?
Roman:
Well, I would say, again, what he said before, that be very careful where you transfer money, who you transfer money to, also use exchanges that are, I don’t want to name specific exchanges because I don’t want to sponsor anyone,
but before you keep cryptocurrency somewhere or conduct an exchange of cryptocurrency through some exchange, you need to check this exchange, that it is some exchange that is really real,
Dmitry:
Read reviews of satisfied customers, what they comply with.
Roman:
There are laws related to this jurisdiction and so on. Well, again, cryptocurrency fraud is very often the same as fraud with any other currency and with credit cards and so on. Again, you have to be very careful what you click on, what links you click on, where you enter your passwords and so on, so that you include some
additional identification, 2FA as it is called, just make this process as difficult as possible, because scammers, criminals, they basically try as much as possible, as quickly as possible, So everything that creates some obstacles, yes, they can probably overcome all these obstacles, but if they see that it takes too much
time, they will go to the next one, who may not have this second, third and so on.
How many hackers return to criminal activity after prison and to what extent does an American prison reform a criminal
Dmitry:
Such a question, in your opinion, how many hackers after they have served time in prison return to criminal activity, if we are talking specifically about an American prison?
Roman:
Well, it's hard for me to say, but I know many who haven't returned to it, it seems to me that, again, these are people who, for the most part, it seems to me, are not bandits, and they don't like sitting in jail, and they are people who, in principle, are not stupid, educated, and they try, it seems to me, just, in my opinion, experience of communicating with people, they try to somehow build a different life for themselves, a different way of life.
Those who did it for the thrill of it, they grow up, they become mature people, and again, they don't want to put themselves in a situation where they can end up in jail again, and so on. So it seems to me that most of the people I've talked to, either they started working in a positive direction specifically with cybersecurity, or they simply moved away from this topic completely and did something completely different.
And have you had any cases when you knew that this...
Dmitry:
The person served time in prison and it was he who returned to criminal activity?
Roman:
Personally, it's hard for me to remember now. I know that some people, not after they served their sentences, but during their cooperation with the authorities, that they returned to this situation, sometimes because of the need for money, sometimes because of other thoughts, and so on, but usually it was during this period of time after the arrest, but before they were convicted, and so on, that this cooperation fell through.
Well, I also know from forums where people wrote that they returned, served some time, and so on, and returned to the topic. So this also happened sometimes.
Dmitry:
If you served time, for example, in America, and you were deported to Russia, then this can provoke more active activity in some people, as if to take revenge for the pain caused in prison.
Roman:
I remember that there were a couple of people who were in prison, who talked about this, but I don’t remember that they particularly took revenge on the States and so on. They loved to talk about what they were like there, how they were sitting, how they were, what different adventures they had and so on.
There were, I think, 2 or 3 people who, I remember, sat on forums and talked about this, but I don’t remember that they had any particular hatred for America in general because of this.
Dmitry:
And were there any comments, or what is your opinion about whether the US correctional system is effective?
Roman:
This is a difficult question, you know, I can say purely my personal opinion, simply because I am interested in this, I would not say that it seems to me that it is far from ideal, because people are punished, but they try quite minimally to somehow correct or help people get back on their feet.
It seems to me that there are many countries in Europe where this is done much more effectively, where they understand that a person will get out at some point and that they need to be helped somehow, get back on their feet or give them some education so that they can then be some kind of positive member of society and so that they are not drawn back into the same sphere because of which they ended up in prison in the first place.
What is the role of a lawyer in cases of Russian hackers
Dmitry:
Roman, what role do you think a lawyer plays in the success of investigations and in general in the cases of so-called Russian hackers in the future life of these people as well?
Roman:
Well, that's another five-day question, because on the one hand, the role of a lawyer is to warn their client, and not specifically to help in the consideration of the case.
On the other hand, if the client cooperates, the fact that many, most people cooperate with the prosecutor's office and the prosecutor, and in this case it turns out that the lawyer, indeed, his role changes a little, because in order to help his client, he needs to do something so that the client can help the prosecutor, because, again, to what extent they can mitigate the term or reduce the term, or in general, like, the punishment of the client or the convicted person, depends on how much the person can help the prosecutor,
help the investigation, so it seems to me that the role of a good lawyer is to correctly assess the situation, assess the evidence that the prosecutor has, assess the value of the client in the overall case that the prosecutor is considering, because, again, very often their client is not the only person who participates in this case, there may be
others who provide information to the prosecutor, so on the one hand, it is necessary to put pressure on the prosecutor so that he gives the most positive opportunities or proposals to the client, on the other hand, if you give such a concept to the prosecutor, it seems to me that if the client is too difficult to work with, the prosecutor can say yes,
I already have information I have other defendants there who are involved in this case, I can just contact them and I don’t need your client as an employee. Therefore, again, this is a rather delicate role and you just need to understand well what the prosecutor has, the common
cause and what the client has, what the client can give, how he can help the prosecutor, the value of the client, the value of the defendant to the prosecutor in this case.
Can an American lawyer represent a Russian hacker?
Dmitry:
And have you seen examples of successful representation of the interests of a Russian hacker, but by an American lawyer who did not even speak Russian at all.
Roman:
Yes, of course, but again it depended on the defendant, because some spoke, in principle, quite good English.
Usually, of course, they invited translators who worked with the defendant, so I would not say that it is necessary for the person to be, for the lawyer to be Russian-speaking, on the other hand, of course, it may be easier for a person who understands the mentality of a person from the former Soviet Union, so a lawyer who can sort of explain American culture.
Dmitry:
That is exactly what I wanted to ask, that if you take a Russian-speaking hacker who is in the American judicial system, and the judicial system in America is very different from, for example, the Russian one. And also FBI agents, or secret service, are also different from Russian police officers, judges, that is, can an American lawyer explain the cultural difference?
Roman:
I think that the question may differ from your previous question, you said whether he can successfully, I think the business desk and can successfully represent interests, I have seen this many times. But I would say that on average, it seems to me that a person who is not only Russian-speaking, but who understands again the culture and system of the former Soviet Union, that it will be easier for him to explain this to a Russian-speaking defendant, than to a person who does not understand that it is even necessary to explain these differences.
Again, I myself very often, when I was an interpreter, I translated in such situations, and it was difficult, because I translated purely word for word, as an interpreter, but I saw that the client did not understand what the lawyer was telling him, because it is not that he does not understand the words, but that he simply does not understand the ideas, does not understand the system, yes, that's exactly it.
And sometimes it was like that, that I had to kind of distance myself a little bit, say, I beg your pardon, can I pause for a second and say that, but again, it had to be done very delicately, because sometimes the lawyers would get offended, that's why I somehow butt in, because
as an interpreter I basically have to be neutral, I always tried to be neutral, but sometimes, again, purely morally, if you understand that a person is suffering because they don't understand each other.
Dmitry:
With the aim of improving the situation.
Roman:
Yes, I tried to somehow simply explain that maybe it is necessary to explain the system a little bit before starting to talk about the facts of the case.
On the Russian-speaking mentality among cybersecurity workers
Dmitry:
We have a mutual friend, thanks to whom we met, this is Dmitry Smilyanets, from a cultural point of view, he is a person from Moscow, from the Russian Federation, he works in your company, the fact that he is a Russian person, is this an advantage or a disadvantage, is it harder for him to work?
Roman:
I think that the advantage, again, I don’t advertise my company, but one of the things I really like about Recorded Future is that it’s a global company, we have offices in many different countries around the world and it seems to me that this global culture, that it helps the company, that of course there are frequent misunderstandings between each other, but there is an opportunity
to sit down, discuss, talk and so on, and it seems to me that again, there are no such restrictions, that we are Americans, we grew up in America and we have such strict concepts, and the fact that there are people from other European countries, that there are people, Dmitry, there are several people who work with me from the former USSR, there are people from Latin America who work with me.
And it seems to me that this greatly enriches our, my team and our organization, in general, and for us, in my opinion, again, I’m not trying to advertise advertising, but I just like it myself. We have, in my opinion, more than 50 languages spoken by the company's employees and it is nice, it is nice to work with people from different countries of the world.
Dmitry:
Does your company have any awards, or a certificate of honor, in Russian, for activities and if so, were Russian-speaking employees somehow distinguished in comparison with others?
Roman:
We have, every year our employees vote for, I think, about 12 people, all together and you vote for those who work with you in your, as if in your industry, in your body, and you also vote for those who, I think, there are three people all together, for whom you can vote, who work in completely different industries, for example, in advertising or sales and so on.
That's why it doesn't work out that everyone is just for their own people. And there, yes, there were, I think, if I remember correctly, there were two times people from the former Soviet Union who were leaders, who came out in these 12.
Dmitry:
Now after you there will be another leader, Dmitry Smelyanets, I am sure that he is trying very hard.
Roman:
Of course, he is trying very hard, yes, he has already written many interesting articles, conducted interviews, so it is very interesting to work with him, very pleasant.
Dmitry:
I am sure that he is a new person, he brings new ideas in general.
Roman:
Well, and he is an expert on many issues specifically in cybersecurity. And he, again, understands very well how this underground activity occurs. So this is a huge plus.
Advice to young talents in the field of cybersecurity
Dmitry:
Tell me, Roman, if some young guy with talents in the field of cybersecurity is watching us now, what area would you advise us to go into, instead of not committing cybercrimes?
Roman:
Well, specifically in cybersecurity, because at the moment there is a shortage, there is a real shortage of people who understand this well, who are versed in this. Recently, well, I will not lie, so I will not give figures there, but I just read that there is a shortage of literally a million people in this specialty, because in fact every business needs a person who can somehow warn, who can protect this person.
It is not a person, but a business. Therefore, there are many companies that are engaged both from a technical point of view and from a more intelligence point of view and more humanitarian or investigation of people who are engaged in this, the motivation of people who are engaged in this.
Therefore, it seems to me that there are, in principle, many opportunities for people who are interested in this area, which they can go into and then not be afraid that they cannot travel to certain countries and so on.
Dmitry:
You say a million is all over the planet or in America?
Roman:
If I remember correctly, I think about a year ago, an article came out where, again, as far as I remember, I think it was the military, some kind of American military service, where they estimated that the United States lacks a million people who would be engaged in information technology and cybersecurity,
the implementation of cybersecurity.
Dmitry:
And so if you advise getting involved in cybersecurity in this particular area, at what stage of life should you start doing this? During college?
Roman:
Well, yes, of course, during college it is easiest, but then again there are people who are technical or there are people who have an interest in this, I myself started doing this much after graduating from college, I think I was about 30 when I started doing this, as I said in our previous meeting, it was a little bit like a given in advance, but here I would not even say that it is necessary for people who are only
interested in programmers or programming, there are many topics here that are indirectly related to information technology and cybersecurity, so I hope that I will be my son, even if he does not do programming or anything else, but I would like him to understand how it is all built and how it all happens.
Dmitry:
As you saw, the biggest, fastest transformation occurred for a person from one industry to cybersecurity, For example, it took him two months, he independently studied everything and he began to work for a salary and was useful.
Roman:
You know, I can't say honestly, because again it depends a lot on the person and a lot on the field he ended up in. I know, for example, we hired people in the companies where I worked who had nothing to do with cybersecurity, they were, say, analysts, analysts who were involved in examining political issues or some other.
And I was able to teach them quite successfully in a couple of months so that they could examine, immerse themselves in different forms.
Dmitry:
And these people, were they from the humanities, or slightly technical professions?
Roman:
Both. There were humanitarian people who, again, were actually engaged in political issues, sometimes financial issues and so on. And they could, if the person was basically resourceful and versed, then we made a pretty good analyst out of him.
Dmitry:
Okay, Roman, thank you very much for your answers, a very interesting conversation. Please write comments and your questions, we will definitely pass them on to Roman. And thank you for reading this interview.
Enjoy reading!
Contents:
- What were hackers like in the early 00s and how do they differ from Western hackers?
- Ransomware attacks among Russian-speaking hackers and why the FSB is powerless in the event of such attacks
- Why ransomware is dangerous
- About popular cybercrimes today
- About cryptocurrency scams
- How Many Hackers Return to Crime After Prison and How Much Does American Prison Rehabilitate a Criminal?
- What is the role of a lawyer in Russian hacker cases?
- Can an American lawyer represent a Russian hacker?
- On the Russian-speaking mentality among cybersecurity workers
- Advice to young cybersecurity talents
What were hackers like in the early 00s and how do they differ from Western hackers?
Dmitry:
We are moving on to an interview with Roman Sannikov, an employee of Recorded Future. And the second part is dedicated to Russian hackers. The first question from our viewers, Roman. You have focused on cybercrime as an activity from a linguist's point of view since 2000. What were Russian hackers like then and how do they differ from today's? This is the first question. And also how do Russian hackers differ from, for example, American hackers?
Roman:
Now specialization has become quite acute. In the early 2000s, people who were mainly engaged in this activity, they had to be able to do practically everything, they had to understand practically everything, they had to write software themselves to some extent, they had to understand the financial system, how it was possible to hack something there, how it was possible to gain access to something.
They had to understand social engineering, they had to know how to make calls, know how to transfer funds from one account to another, as they said, to do a flood, and so on.
They had to understand how to program cardboard or white plastic, as it was called in those days, and all this had to, again, it seems to me that this is the idea that now comes to many people's minds - a hacker, a person who can do all this, these were the hackers of that time, it seems to me that now it is a little outdated, because now people are mostly engaged in more targeted, again, a person who organizes some kind of activity or some kind of attack or even some kind of software, this is not the person who writes it, this is not the person who then makes some exploits or does spam or does crypto, does money laundering, using drops and so on, hiring these people. That's why now, when you look again at forums and people's activities, it's much more specialized than it was 20 years ago.
Is this the reason why there are more cyber criminals? I think it's definitely because many people who are cyber criminals now are not really hackers. They don't understand programming that much, they don't understand technical issues that much, they may be much more knowledgeable about financial, financial fraud, how banks work, and so on.
They may even barely use a computer, but they understand how to communicate with people, how to do social engineering, how to convince a person that you are the one who transferred some money from one account to another. Well, and it seems to me that people simply realized that it is more profitable and easier to do one thing that you really know and understand thoroughly than to try to cover all the points and all the issues. Well
, to some extent, it seems to me, because it is more difficult to do this now. 20 years ago, this was still something fairly new and many companies did not understand it well and did not fight it well. Therefore, it was easier to penetrate, it was easier to find these loopholes and so on.
But now, indeed, very often you have to be a specialist to do this and somehow make money on it.
Dmitry:
And how is a Russian hacker different from hackers from America, for example?
Roman:
Well, it's hard to say, it seems to me that there are simply fewer hackers from America now, to some extent, because law enforcement agencies are quite effective in combating this in the States, so it's harder for people in America to do this. On the other hand, it's easier for them to find a normal job with a company where they can earn good money without this fear that someone will be knocking on their door any minute now and so on.
Therefore, it seems to me that again, they are encouraged to engage in illegal activity, much less than they were 20 years ago and much less than people in Russia, who, it seems to me, have fewer opportunities to find normal jobs than in the West.
Ransomware attacks among Russian-speaking hackers and why the FSB is powerless in the event of such attacks
Dmitry:
I see. Thank you. Next question. I would like to talk about the moral part of the ransomware attack problem. Take Russian-speaking hackers, for example. What are your comments on how they feel about this kind of business, it's popular, it's a bit underground, what kind of stigma is there?
Roman:
You know, this is a very, very interesting question. I remember I was following the development of this. I remember how back in the 2000s, FSB officers came to us and warned Russia, warned the United States and said that, you know, we now have such a big problem in Russia, where, as we said, scareware, where computers are literally infected en masse and these ads pop up that your computer is infected and that you can’t do anything with it until you pay $100 or something like that. And the FSB complained that this is according to the law, as far as I remember, as far as they explained, that according to the law, these 100 dollars, they do not reach the level where the FSB can consider this, so it has to be considered at the level, because this is considered individually, not as a mass attack and as a mass operation of corruption or organized crime, but namely as individual attacks on individual computers, so it was transferred to the Ministry of Internal Affairs, and the Ministry of Internal Affairs, again, as far as we were told, I do not want to offend anyone, but as far as we were told, they did not really deal with this or did not deal with it very effectively and so I just remember how it developed back then and then after some time it turned into ransomware, where literally really they were not just scared by what popped up, but literally completely blocked the computer, there was no access, and so on, and I remember there were quite long negotiations. For example, there is one, those who do not know, there is a forum that now, probably, can be called, well, boldly called the leading forum on cybercrime, it is called Exploit, again, those who don't know, there is quite a large, a large part of this forum is devoted to legal, there, the fight against, or, not that fight, but namely, cybersecurity and so on.
Well, and also there is quite a large part, where various criminal, criminal, or rather, issues are considered. And there was a discussion about the fact that they wanted for some time, I think, somewhere 6-7 years ago, to simply block and prohibit all conversations about Ransomware. And then it was, it seems to me, if this had happened, it really could have significantly affected the development of Ransomware. They tried to get in there and stay there, steal something there or use this system as a bot in some further offense, botnets, etc. But to do all this as quietly as possible, so that the owners of this system would not know about it. They used connections, exploits to do this, etc.
Again, because an exploit is one of, well, now I think it is the leading one, at that time it was one of the leading forums of Russian-speaking and English-speaking people who are involved in crime, cybercrime, but the topic that was discussed was both moral and technical. From a technical point of view. Before that, people who hacked computers and systems there, they tried to do it quietly. Ransomware, immediately bricked the computer, so that the owners immediately understood that the computer was infected, they could check there how it was infected and so on. Because of this, a lot of those tools that were used to infect this system, these computers, poured out. But the moral question was also very interesting. I remember, unfortunately, I don’t remember the nickname of this person, but he just openly said, how would you feel if your grandmother was in a hospital where Ransomware was infected, how would you feel in that place? And again, it seems to me that this relates to the issue that we discussed earlier, that people who engage in cybercrime are not ordinary bandits. They are not far enough away from the victim, that they consider themselves people who, as if we do not cause real damage to some real person. And here, when the question arose that maybe we really do cause some damage, maybe we can even physically harm some person. It seems to me that many people thought about this. But, unfortunately, the profit from ransomware was such that most people, even those who had some kind of moral "buts", still closed their eyes and continued to do it.
What is dangerous about ransomware
Dmitry:
And why is a grandmother in danger in a hospital with ransomware, in addition to databases, personal data, the activities of the hospital are blocked?
Roman:
Yes. This means that the hospital's activities are completely blocked, the entire system can stop, and then the question is about monitoring a person's health, what is happening to a person. Literally, the system can turn off all computers. There was a situation several years ago, where I think it was in Switzerland or Austria, where hotel residents were locked in their rooms because they could not leave their rooms for more than a day, because all the doors in this hotel were computer ones, and when the computer network was turned off because of ransomware, people could not be let out, and if suddenly a fire could occur in this hotel, they could not open the doors in any way, and so on. So this, Yes, this is a very serious situation.
About popular cybercrimes today
Dmitry:
And tell me, besides Ransomware, what other cybercrimes are popular today?
Roman:
Well, there are many, but it seems to me that the most developed is hacking. And hacking that occurs in different ways. But again, this is getting access to some system or some computer and so on. And this very often entails an attack, because why try to hack it yourself, to be a hacker, if you can buy it from someone.
And this again comes back to the issue of specialization. There are some people who do it very well, very successfully, they may not do anything else with it, they just get access.
It's literally, I beg your pardon, a person gets a key to the door, he doesn't go in, maybe nothing, or maybe he opens it, looks, but doesn't do anything else, then he sells this key to someone else, who already gets in, who already collects there, already steals what is in this house and then takes it to someone further, sells it, but this penetration into some systems, this very often happens in different ways, sometimes again it's hacking, these are technical methods, sometimes it's phishing, this is the distribution of
various electronic messages, email, where there are links that infect a person, very often it can be a message that comes from other addresses that this person trusts.
One example, very often, for example, if they hack someone, some person, or sometimes they don’t even hack, but they can just make an email, the email address of this person and send it to subordinates there, and say, I have some kind of case that is stuck, and I urgently need you to send some, some amount, or send some documentation, immediately here. Using this, usually this is something that needs to be done urgently, so it kind of puts pressure on the subordinate, because some boss, some head expects an immediate response from him, an immediate reaction.
And therefore very often people, despite the fact that they are taught, very often they do not check in advance whether this is really the person or not, and simply send the information that is asked for.
On fraud related to cryptocurrency
Dmitry:
Our law office is very often called by victims of cybercrimes related to cryptocurrency. Most often, for example, people become victims of some fake business, which they invested in it to get cryptocurrency there, or people get access to something, a wallet, and they are robbed.
Do you pay attention to cybercrimes related to cryptocurrency in your line of work?
Roman:
We do, but I would say that not as much as we would like. Again, because basically our clients are either government agencies, but mainly these are private companies, private corporations, at the moment private corporations, most of them, they do not keep any huge funds, currencies, and so on, in these
cases, these are mainly individuals and also mainly these are people who are not insured against this and therefore they turn to you, because very.
Dmitry:
Often they have no one to turn to, they contact the police, but they are made to understand that they themselves are to blame, that there are government recommendations, that cryptocurrency is a big risk, you took it and you became a victim. They call us in the hope that we will be able to find foreign cybercriminals, but okay, even if you find them, you have to return the money, and if there is no jurisdiction, it is very difficult to do.
And what is your advice to individuals, victims of cybercrime with cryptocurrency?
Roman:
Well, I would say, again, what he said before, that be very careful where you transfer money, who you transfer money to, also use exchanges that are, I don’t want to name specific exchanges because I don’t want to sponsor anyone,
but before you keep cryptocurrency somewhere or conduct an exchange of cryptocurrency through some exchange, you need to check this exchange, that it is some exchange that is really real,
Dmitry:
Read reviews of satisfied customers, what they comply with.
Roman:
There are laws related to this jurisdiction and so on. Well, again, cryptocurrency fraud is very often the same as fraud with any other currency and with credit cards and so on. Again, you have to be very careful what you click on, what links you click on, where you enter your passwords and so on, so that you include some
additional identification, 2FA as it is called, just make this process as difficult as possible, because scammers, criminals, they basically try as much as possible, as quickly as possible, So everything that creates some obstacles, yes, they can probably overcome all these obstacles, but if they see that it takes too much
time, they will go to the next one, who may not have this second, third and so on.
How many hackers return to criminal activity after prison and to what extent does an American prison reform a criminal
Dmitry:
Such a question, in your opinion, how many hackers after they have served time in prison return to criminal activity, if we are talking specifically about an American prison?
Roman:
Well, it's hard for me to say, but I know many who haven't returned to it, it seems to me that, again, these are people who, for the most part, it seems to me, are not bandits, and they don't like sitting in jail, and they are people who, in principle, are not stupid, educated, and they try, it seems to me, just, in my opinion, experience of communicating with people, they try to somehow build a different life for themselves, a different way of life.
Those who did it for the thrill of it, they grow up, they become mature people, and again, they don't want to put themselves in a situation where they can end up in jail again, and so on. So it seems to me that most of the people I've talked to, either they started working in a positive direction specifically with cybersecurity, or they simply moved away from this topic completely and did something completely different.
And have you had any cases when you knew that this...
Dmitry:
The person served time in prison and it was he who returned to criminal activity?
Roman:
Personally, it's hard for me to remember now. I know that some people, not after they served their sentences, but during their cooperation with the authorities, that they returned to this situation, sometimes because of the need for money, sometimes because of other thoughts, and so on, but usually it was during this period of time after the arrest, but before they were convicted, and so on, that this cooperation fell through.
Well, I also know from forums where people wrote that they returned, served some time, and so on, and returned to the topic. So this also happened sometimes.
Dmitry:
If you served time, for example, in America, and you were deported to Russia, then this can provoke more active activity in some people, as if to take revenge for the pain caused in prison.
Roman:
I remember that there were a couple of people who were in prison, who talked about this, but I don’t remember that they particularly took revenge on the States and so on. They loved to talk about what they were like there, how they were sitting, how they were, what different adventures they had and so on.
There were, I think, 2 or 3 people who, I remember, sat on forums and talked about this, but I don’t remember that they had any particular hatred for America in general because of this.
Dmitry:
And were there any comments, or what is your opinion about whether the US correctional system is effective?
Roman:
This is a difficult question, you know, I can say purely my personal opinion, simply because I am interested in this, I would not say that it seems to me that it is far from ideal, because people are punished, but they try quite minimally to somehow correct or help people get back on their feet.
It seems to me that there are many countries in Europe where this is done much more effectively, where they understand that a person will get out at some point and that they need to be helped somehow, get back on their feet or give them some education so that they can then be some kind of positive member of society and so that they are not drawn back into the same sphere because of which they ended up in prison in the first place.
What is the role of a lawyer in cases of Russian hackers
Dmitry:
Roman, what role do you think a lawyer plays in the success of investigations and in general in the cases of so-called Russian hackers in the future life of these people as well?
Roman:
Well, that's another five-day question, because on the one hand, the role of a lawyer is to warn their client, and not specifically to help in the consideration of the case.
On the other hand, if the client cooperates, the fact that many, most people cooperate with the prosecutor's office and the prosecutor, and in this case it turns out that the lawyer, indeed, his role changes a little, because in order to help his client, he needs to do something so that the client can help the prosecutor, because, again, to what extent they can mitigate the term or reduce the term, or in general, like, the punishment of the client or the convicted person, depends on how much the person can help the prosecutor,
help the investigation, so it seems to me that the role of a good lawyer is to correctly assess the situation, assess the evidence that the prosecutor has, assess the value of the client in the overall case that the prosecutor is considering, because, again, very often their client is not the only person who participates in this case, there may be
others who provide information to the prosecutor, so on the one hand, it is necessary to put pressure on the prosecutor so that he gives the most positive opportunities or proposals to the client, on the other hand, if you give such a concept to the prosecutor, it seems to me that if the client is too difficult to work with, the prosecutor can say yes,
I already have information I have other defendants there who are involved in this case, I can just contact them and I don’t need your client as an employee. Therefore, again, this is a rather delicate role and you just need to understand well what the prosecutor has, the common
cause and what the client has, what the client can give, how he can help the prosecutor, the value of the client, the value of the defendant to the prosecutor in this case.
Can an American lawyer represent a Russian hacker?
Dmitry:
And have you seen examples of successful representation of the interests of a Russian hacker, but by an American lawyer who did not even speak Russian at all.
Roman:
Yes, of course, but again it depended on the defendant, because some spoke, in principle, quite good English.
Usually, of course, they invited translators who worked with the defendant, so I would not say that it is necessary for the person to be, for the lawyer to be Russian-speaking, on the other hand, of course, it may be easier for a person who understands the mentality of a person from the former Soviet Union, so a lawyer who can sort of explain American culture.
Dmitry:
That is exactly what I wanted to ask, that if you take a Russian-speaking hacker who is in the American judicial system, and the judicial system in America is very different from, for example, the Russian one. And also FBI agents, or secret service, are also different from Russian police officers, judges, that is, can an American lawyer explain the cultural difference?
Roman:
I think that the question may differ from your previous question, you said whether he can successfully, I think the business desk and can successfully represent interests, I have seen this many times. But I would say that on average, it seems to me that a person who is not only Russian-speaking, but who understands again the culture and system of the former Soviet Union, that it will be easier for him to explain this to a Russian-speaking defendant, than to a person who does not understand that it is even necessary to explain these differences.
Again, I myself very often, when I was an interpreter, I translated in such situations, and it was difficult, because I translated purely word for word, as an interpreter, but I saw that the client did not understand what the lawyer was telling him, because it is not that he does not understand the words, but that he simply does not understand the ideas, does not understand the system, yes, that's exactly it.
And sometimes it was like that, that I had to kind of distance myself a little bit, say, I beg your pardon, can I pause for a second and say that, but again, it had to be done very delicately, because sometimes the lawyers would get offended, that's why I somehow butt in, because
as an interpreter I basically have to be neutral, I always tried to be neutral, but sometimes, again, purely morally, if you understand that a person is suffering because they don't understand each other.
Dmitry:
With the aim of improving the situation.
Roman:
Yes, I tried to somehow simply explain that maybe it is necessary to explain the system a little bit before starting to talk about the facts of the case.
On the Russian-speaking mentality among cybersecurity workers
Dmitry:
We have a mutual friend, thanks to whom we met, this is Dmitry Smilyanets, from a cultural point of view, he is a person from Moscow, from the Russian Federation, he works in your company, the fact that he is a Russian person, is this an advantage or a disadvantage, is it harder for him to work?
Roman:
I think that the advantage, again, I don’t advertise my company, but one of the things I really like about Recorded Future is that it’s a global company, we have offices in many different countries around the world and it seems to me that this global culture, that it helps the company, that of course there are frequent misunderstandings between each other, but there is an opportunity
to sit down, discuss, talk and so on, and it seems to me that again, there are no such restrictions, that we are Americans, we grew up in America and we have such strict concepts, and the fact that there are people from other European countries, that there are people, Dmitry, there are several people who work with me from the former USSR, there are people from Latin America who work with me.
And it seems to me that this greatly enriches our, my team and our organization, in general, and for us, in my opinion, again, I’m not trying to advertise advertising, but I just like it myself. We have, in my opinion, more than 50 languages spoken by the company's employees and it is nice, it is nice to work with people from different countries of the world.
Dmitry:
Does your company have any awards, or a certificate of honor, in Russian, for activities and if so, were Russian-speaking employees somehow distinguished in comparison with others?
Roman:
We have, every year our employees vote for, I think, about 12 people, all together and you vote for those who work with you in your, as if in your industry, in your body, and you also vote for those who, I think, there are three people all together, for whom you can vote, who work in completely different industries, for example, in advertising or sales and so on.
That's why it doesn't work out that everyone is just for their own people. And there, yes, there were, I think, if I remember correctly, there were two times people from the former Soviet Union who were leaders, who came out in these 12.
Dmitry:
Now after you there will be another leader, Dmitry Smelyanets, I am sure that he is trying very hard.
Roman:
Of course, he is trying very hard, yes, he has already written many interesting articles, conducted interviews, so it is very interesting to work with him, very pleasant.
Dmitry:
I am sure that he is a new person, he brings new ideas in general.
Roman:
Well, and he is an expert on many issues specifically in cybersecurity. And he, again, understands very well how this underground activity occurs. So this is a huge plus.
Advice to young talents in the field of cybersecurity
Dmitry:
Tell me, Roman, if some young guy with talents in the field of cybersecurity is watching us now, what area would you advise us to go into, instead of not committing cybercrimes?
Roman:
Well, specifically in cybersecurity, because at the moment there is a shortage, there is a real shortage of people who understand this well, who are versed in this. Recently, well, I will not lie, so I will not give figures there, but I just read that there is a shortage of literally a million people in this specialty, because in fact every business needs a person who can somehow warn, who can protect this person.
It is not a person, but a business. Therefore, there are many companies that are engaged both from a technical point of view and from a more intelligence point of view and more humanitarian or investigation of people who are engaged in this, the motivation of people who are engaged in this.
Therefore, it seems to me that there are, in principle, many opportunities for people who are interested in this area, which they can go into and then not be afraid that they cannot travel to certain countries and so on.
Dmitry:
You say a million is all over the planet or in America?
Roman:
If I remember correctly, I think about a year ago, an article came out where, again, as far as I remember, I think it was the military, some kind of American military service, where they estimated that the United States lacks a million people who would be engaged in information technology and cybersecurity,
the implementation of cybersecurity.
Dmitry:
And so if you advise getting involved in cybersecurity in this particular area, at what stage of life should you start doing this? During college?
Roman:
Well, yes, of course, during college it is easiest, but then again there are people who are technical or there are people who have an interest in this, I myself started doing this much after graduating from college, I think I was about 30 when I started doing this, as I said in our previous meeting, it was a little bit like a given in advance, but here I would not even say that it is necessary for people who are only
interested in programmers or programming, there are many topics here that are indirectly related to information technology and cybersecurity, so I hope that I will be my son, even if he does not do programming or anything else, but I would like him to understand how it is all built and how it all happens.
Dmitry:
As you saw, the biggest, fastest transformation occurred for a person from one industry to cybersecurity, For example, it took him two months, he independently studied everything and he began to work for a salary and was useful.
Roman:
You know, I can't say honestly, because again it depends a lot on the person and a lot on the field he ended up in. I know, for example, we hired people in the companies where I worked who had nothing to do with cybersecurity, they were, say, analysts, analysts who were involved in examining political issues or some other.
And I was able to teach them quite successfully in a couple of months so that they could examine, immerse themselves in different forms.
Dmitry:
And these people, were they from the humanities, or slightly technical professions?
Roman:
Both. There were humanitarian people who, again, were actually engaged in political issues, sometimes financial issues and so on. And they could, if the person was basically resourceful and versed, then we made a pretty good analyst out of him.
Dmitry:
Okay, Roman, thank you very much for your answers, a very interesting conversation. Please write comments and your questions, we will definitely pass them on to Roman. And thank you for reading this interview.
