Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
In total, four credit institutions suffered at the hands of hackers and their bot.
As it turned out, the leader of the hacker gang who robbed four banks for 1 billion rubles was an athlete from Ukraine. He turned out to be a 29-year-old boxer from the city of Sumy, Yuriy Lysenko. After moving to Moscow, he gathered programmers around him and organized a gang of hackers who robbed four banks worth a billion rubles.
The special services uncovered a group of hackers who deceived Promsvyazbank, Trust, Uralsib and Zenit Bank for a billion rubles.
16 young people in Moscow formed a gang and engaged in fraud on the Internet. The choice of criminals fell on the banking sector and online transactions. In just four months, programmers robbed banks for a billion rubles. The scam was a success thanks to a special program that they came up with.
"A group of Internet fraudsters with knowledge in the field of programming and technology developed a bot that at a certain point in time after conducting transactions from account to account canceled transactions," said a source in law enforcement agencies. "However, by this time, funds were already being sent by payment order through Internet banking, and the team came to the bank late. Basically, transfers were from dollar to ruble accounts, or from dollar to euro.
The leader of the hacker gang studied the order, organization and system of functioning of banking processing systems that process financial transactions on the Internet in real time, and then found "like-minded people" - from the driver to cashiers, with whom he carried out Internet fraud.
Fraudsters acted according to the following scheme: they opened bank cards in other people's names, went to the terminal, replenished the account, moving to another terminal, withdrew a small amount and took a receipt, after which, having received a receipt from the ATM with authorization data of a direct legal card ATM withdrawal operation, they used its details and canceled cash withdrawals through a forged electronic order.
As a result of such actions, the balance of the bank card account was restored and replenished with the specified amount. Thus, a gang of hackers-programmers was able to cause damage to four banks in the amount of over 1 billion rubles. Interestingly, the group began to "work" with the amount of a million rubles, gradually increasing the amount to a billion with similar operations.
The alarm was sounded by the security service of one of the banks, after which they turned to the "K" department of the Ministry of Internal Affairs of the Russian Federation. After the investigation, all members of the group were identified and detained. A criminal case has been initiated under the articles "Fraud" and "Organization of a criminal community".
• Source: https://life.ru/t/новости/924580/bo...hruppirovku_khakierov_ukravshikh_1_mlrd_rubli ei_u_bankov
Today's news about the arrest of a gang specializing in cyber bank robberies does not contain a detailed description of the scheme used by the criminals. However, people who are versed in information security will see enough in it, to identify, if not the group itself, then the methods it uses. Apparently, we are talking about the detention of the Metel group, or their "collay down."
Last year, Kaspersky Lab and Group-IB, which conducted investigations on behalf of various banks, briefly described the activities of Metel, aka Corkow. The group is responsible for an attack on the exchange terminals of the Kazan Energobank, which caused a significant fluctuation in the ruble exchange rate against the dollar, as well as a series of clever bank robberies using an "inexhaustible" debit card. It should be borne in mind that the term "Metel group" refers to all criminals using Metel, a Trojan program specialized in gaining access to banking information systems. Therefore, it is likely that we are talking about several groups that have purchased and mastered the same Trojan, and are not related in any other way.
The scheme with inexhaustible debit is very elegantly arranged. Criminals massively send so-called phishing emails, the content of which is written in such a way as to deceive the recipient and force him to open the attached file. Almost everyone gets something like this from time to time, and sometimes the sender is your real acquaintance (for example, if his computer is infected). In the event of an attack on a bank, hackers can act through the HR department, sending a letter supposedly with a resume, through the accounting department, offering to open a scan of a payment document, or through any employee, offering him to see someone's intimate photos. The email always contains a disguised Trojan file that is infected when launched. There are other methods of primary infection, but this one is the easiest to perform and is the most widely practiced.
After the initial infection, the Trojan determines whose computer it has and what powers the victim has, then contacts its server to receive additional commands and downloads the necessary modules. If it manages to infect the computer of the bank's network administrator, it begins to spread further through the network — the Trojan searches for the computers of credit institution employees who have the right to cancel transactions carried out at ATMs by bank customers.
Having received a signal that the Trojan has hit the right place, the attackers go to the attacked bank to receive a debit card using fake or stolen documents. A substantial amount of money is deposited on the card. Then the criminals take this card to different ATMs in different cities where the bank operates and withdraw this amount everywhere. At the same time, one of the gang members controls an embedded Trojan that cancels ATM transactions on the card immediately after the money is issued, so it becomes inexhaustible.
The key point here is that the card is issued by the same bank that owns the "issued" ATMs. In this case, the transaction does not go through the Visa/MasterCard/MIR payment system, but is processed exclusively within the bank's processing center. The bank can cancel such a transaction, which is used by criminals. Technically, there is nothing new in Metel's attack and, it would seem, banks could easily protect themselves from this - there are enough funds. In practice, criminals are favored by a number of circumstances:
— Most banks protect themselves from malware with the help of ordinary antiviruses. Anti-virus control on the mail server and on the attacked computer is effective only when the anti-virus "knows" this particular version of the Trojan. New versions that have not yet come across by researchers are almost invisible. More advanced technologies are whitelists, anbehavior of programs, and so on, create a lot of inconvenience in work and are used by banks only in the most critical areas, for example, to protect the automated workstations of the Bank of Russia client (AWP KBR). Metel's attack was carried out through ordinary vehicles.
— Physical separation of the corporate network and the processing center network is also not practiced by many banks. In addition to maintaining the smooth circulation of transactions and solving operational tasks, the center's employees also need to receive and send e-mail, use the bank's internal portals, and access the Internet. Keeping two computers connected to different network segments at your workplace is not only costly, but also inconvenient for the user. As a result, the Trojan sent by mail gets access to managing transactions on the same computer.
— Information security trainings have a limited effect: for ten employees who have learned the basic rules, there is always one goofball, and he will be the weak link. Large numbers will work here: if you send, for example, 10 thousand phishing emails (and this is only 100 employees in 100 banks), there are bound to be several people who are inclined to thoughtlessly open attachments.
Given the scale of the stolen, incidents of this kind are extremely dangerous for the financial stability of banks - this is no longer the theft of 10 thousand rubles from a pensioner's card, such losses cannot be included in the budget. This means that measures will be taken, otherwise someone will lose their banks, and someone will lose their deposits.
• Source: https://life.ru/t/мнения/924766/kak_ukrast_u_banka_milliard
---------------
The case of the theft of more than 1 billion rubles from banks by hackers was sent to court
Deputy Prosecutor General of the Russian Federation Viktor Grin approved the indictment in the criminal case against Yuri Lysenko, Yevgeny Vorobyov, Ivan Krylov, Artem Mazurenko, Mikhail Vorobyov, Anton Ekimenko, Denis Grinev, Maxim Usatov, Sergey Makhnichev, Nikolai Milovidov, Mikhail Oreshkin, Oleg Rodin, Nikita Khadzhibekyan and Sergey Chistov. Depending on their role and degree of participation, they are accused of committing crimes provided for in Parts 1, 2 of Article 210 of the Criminal Code of the Russian Federation, Part 4 of Article 159.6 of the Criminal Code of the Russian Federation, Part 3 of Article 30, paragraphs "a, b" of Part 4 of Article 158 of the Criminal Code of the Russian Federation, paragraphs "a, b" of Part 4 of Article 158 of the Criminal Code of the Russian Federation (organization of a criminal community and participation in it, fraud in the field of computer information and theft).
According to the investigation, from July to November 2014, Lysenko organized a criminal community to commit theft of funds from a number of commercial banks, in which he involved more than 17 accomplices. Funds of financial institutions were stolen by entering and modifying computer information using the Internet, performing transactions for transferring and withdrawing funds on bank cards with their cancellation and restoration of the balance on accounts.
As a result of these actions, members of the criminal community stole more than 1 billion rubles from credit and financial institutions.
In addition, from March to July 2015, these persons stole more than 5.7 million rubles by installing special devices in various ATMs to manage the process of issuing banknotes.
A guilty verdict has already been issued against one of the members of the criminal community, Anton Testov.
The investigation against other accomplices in the crimes put on the international wanted list continues.
The criminal case, investigated by the Investigative Department of the Ministry of Internal Affairs of Russia, was sent to the Meshchansky District Court of Moscow for consideration on the merits.
• Source: www.genproc.gov.ru/smi/news/news-1181546/
------------------
Three members of an organized criminal group (OCG), accused of embezzling one billion rubles from banks via the Internet, plead guilty, a RAPSI correspondent reports from the hall of the Meshchansky District Court of Moscow.
On Friday, the court began hearings on the merits of the criminal case.
There are 14 alleged members of the organized crime group in the dock: Yuri Lysenko, Evgeny Vorobyov, Ivan Krylov, Artem Mazurenko, Mikhail Vorobyov, Anton Ekimenko, Denis Grinev, Maxim Usatov, Sergey Makhnichev, Nikolai Milovidov, Mikhail Oreshkin, Oleg Rodin, Nikita Khadzhibekyan and Sergey Chistov. Depending on the role and degree of participation, they are accused of committing crimes under parts 1 and 2 of article 210 of the Criminal Code of the Russian Federation, part 4 of article 159.6 of the Criminal Code of the Russian Federation, part 3 of article 30, paragraphs "a" and "b" of part 4 of article 158 of the Criminal Code of the Russian Federation, paragraphs "a", "b" of part 4 of article 158 of the Criminal Code of the Russian Federation (organization of a criminal community and participation in it, fraud in the field of computer information and theft).
Thus, Khadzhibekyan, Oreshkin and Makhnichev partially admit their guilt in the acts incriminated to them; The rest of the defendants did not.
According to the investigation, in the period from July to November 2014, Lysenko organized a criminal community, in which he involved 17 accomplices, in order to steal funds from a number of commercial banks. Funds of financial institutions were stolen by entering and modifying computer information using the Internet, performing transactions for transferring and withdrawing funds on bank cards with their cancellation and restoration of the balance on accounts.
As a result of these actions, members of the organized crime group stole over one billion rubles. In addition, the defendants managed to steal more than 5.7 million rubles in the period from March to July 2015 by installing devices in various ATMs that allow managing the processes of issuing banknotes.
The Prosecutor General's Office of the Russian Federation notes that a guilty verdict has already been issued against one of the members of the criminal community - Anton Testov.
-----------------------
The Moscow City Court reviewed the case of hacker Anton Testov, who, cooperating with the investigation, helped law enforcement agencies uncover an organized criminal community led by a citizen of Ukraine Yuri Lysenko, who stole more than 1 billion rubles from banks. This became known to the newspaper "Kommersant".
As the newspaper reminds, Anton Testov, whose case was considered by the Meshchansky District Court of Moscow in a special order, was sentenced for participation in a criminal community (Part 2 of Article 210 of the Criminal Code of the Russian Federation) to five years, for fraud in the field of computer information (Article 159.6 of the Criminal Code) - for another four years, and in addition, received three terms from three to four years for theft (Article 158 of the Criminal Code of the Russian Federation). By partial addition of terms, the court sentenced him to seven years in a general regime colony, restricting his freedom after serving his sentence for another six months. For six months, as the court decided, Testov must not leave his apartment after 22:00, participate in mass events or attend them, and once a month he is obliged to report to the police. At the same time, the court satisfied the claims of the injured banks, according to which about 200 million rubles were recovered from the convict. However, the hacker could not execute the sentence in this part: according to the newspaper, the 2010 BMW car turned in favor of the victims, as well as the 165 thousand rubles and 4.6 thousand dollars seized from Testov during the searches, "became only a light consolation for them."
The convicted hacker and his defense could not appeal the verdict under the law. But they appealed to the court, indicating that they did not agree with the size of the punishment, which, according to them, was excessively harsh. Asking for leniency, Testov, in particular, indicated that he had a minor child, suffered from a number of serious diseases, pleaded guilty in full, repented, and fulfilled the terms of the pre-trial cooperation agreement. In addition, the court of first instance, in his opinion, did not take into account that he had been held in a pre-trial detention center for a long time, and this did not correspond to the conditions for serving a sentence in a general regime penal colony. In this regard, Testov asked to count the time of detention in the sentence at the rate of one day for one and a half days, and the total punishment to be reduced to four years and six months. His defenders, in turn, noted that the Meshchansky District Court did not take into account the hacker's active assistance to the investigation in the disclosure and investigation of crimes, namely, that Testov "possessed unique information necessary for the correct and quick investigation of the criminal case, and provided this information to the investigating authorities."
The state prosecution, considering the verdict legal, suggested that the Moscow City Court reject the complaints of the convict and his defense, and leave the punishment the same.
The court of appeal found that the Meshchansky Court correctly qualified the actions of Anton Testov under Articles 210, 159.6 and 158 of the Criminal Code; Taking into account the nature and degree of public danger of the deed, the type of punishment imposed on the hacker was also correctly determined. However, the appeal decided, the term imposed on Testov can be reduced, since there are no aggravating circumstances in his main crime - participation in an organized criminal community. As a result, the hacker was shaved off two years, but he was nevertheless left under supervision for six months after his release.
The case of Anton Testov, who made a deal with the Prosecutor General's Office, was singled out by the Investigative Department of the Ministry of Internal Affairs from a large investigation in relation to theand an organized criminal community of hackers, consisting of a dozen and a half people. According to the investigation, the organizer of the organized crime group was a citizen of Ukraine Yuriy Lysenko, who did not work anywhere. In the period from July to November 2014, he involved 14 Russians in the community, with whom he subsequently committed theft of funds from commercial banks. The thefts were carried out with the help of a special program that made it possible to withdraw money from the accounts of bank customers, and then restore the balance at the expense of the financial structures themselves. In total, more than 1 billion rubles were stolen in this way. In addition, according to the prosecution, from March to July 2015, the attackers stole more than 5.7 million rubles by installing special devices in various ATMs that allow them to control the process of issuing banknotes. Promsvyazbank, Zenit, Trust, Uralsib, as well as small credit institutions were recognized as victims of the actions of the organized crime group.
As the representative of Yuri Lysenko, who does not admit his guilt, told Kommersant, the case of the organized crime group is being considered by the Meshchansky District Court. Now, according to him, during the judicial investigation, the evidence presented by the prosecution is being examined. Due to the huge amount of materials, the verdict in the case will at best be passed only in a year.
--------------------
15 years in a maximum security colony was requested by the prosecution for a native of Ukraine, Yuri Lysenko, accused of creating a criminal community of hackers who stole more than 1 billion rubles from a number of large Russian banks via the Internet. However, the lawyers insist on the innocence of the defendants, claiming that they were the victim of the slander of their former accomplice, who testified against the others as part of a pre-trial agreement.
According to the investigation, the organizer of the organized crime group is a non-working citizen of Ukraine Yuriy Lysenko. According to the case file, in the period from July to November 2014, he involved about two dozen Russians in the activities of the organized crime group for the joint embezzlement of funds from commercial banks. The investigation believes that the money was stolen with the help of a special program that allowed them to be withdrawn from the accounts of bank customers, and then restored the balance at the expense of the financial structures themselves.
As the prosecutor explained in court, the defendants could put 200 thousand rubles on the bank's card, and then transfer them to another card. Then a Trojan program was launched, canceling the transaction. Considering that the transfer failed, the banks returned this money to the sender's account, but from their own funds. As a result, the hackers had twice as much money in their hands. In addition, according to the case, from March to July 2015, hackers embezzled more than 5.7 million rubles by installing special devices in various ATMs to control the process of issuing banknotes. As it was established by the investigation, in general, Promsvyazbank, Zenit, Trust, Uralsib banks and a number of small credit institutions, now recognized as victims in the case, suffered from the actions of the organized crime group.
In the end, in addition to Yuri Lysenko, 13 people appeared before the court: Evgeny Vorobyov, Ivan Krylov, Artem Mazurenko, Mikhail Vorobyov, Anton Ekimenko, Denis Grinev, Maxim Usatov, Sergey Makhnichev, Nikolai Milovidov, Mikhail Oreshkin, Oleg Rodin, Nikita Khadzhibekyan and Sergey Chistov. Depending on the role of each, the prosecutor asked to find them guilty under Parts 1 and 2 of Article 210, Part 4 of Article 159.6, Part 3 of Article 30 and Part 4 of Article 158 of the Criminal Code of the Russian Federation (organization of a criminal community and participation in it; fraud in the field of computer information; theft). For the alleged organizer of the organized crime group Lysenko, the state prosecutor demanded 15 years in a maximum security colony, Khadzhibekyan, Milovidov and Oreshkin, who were held, like Lysenko, in custody, to imprisonment for terms of 7 to 12 years. For the remaining ten defendants, who are under recognizance not to leave and come to the process on their own, the state prosecution requested from 6.5 years to 10 years in a general regime colony.
Now lawyers must appear in court. Since most of the defendants did not admit their guilt, the defense will try to prove the non-involvement of the defendants in the crimes. At the same time, the lawyers will refer to the contradictions in the forensic examination, which claims that the hackers created their own on the basis of Montero and Software programs, which made it possible to cancel a transaction when transferring money from card to card. At the same time, according to the defense, the manufacturers of the Montero and Software programs themselves, in response to lawyers' requests, argued that such a hacker program could not exist in principle. Moreover, this thesis was allegedly confirmed by Russian experts in court. On the other hand, the author of the examination appointed by the court, for theAn explanation for the process did not appear.
The defense also intends to refute the accusation of Lysenko of creating an organized crime group, since it follows from the case materials that its alleged participants did not know each other before their arrest in 2015. And they did not find any money, despite the fact that the investigation claims that Yuri Lysenko alone embezzled at least 800 million rubles.
Meanwhile, the lawyers, denying the participation of their clients in the organized crime group, claim that all this data was reported to the investigation only by Anton Testov, who was cooperating, who had already been sentenced to a seven-year term. But he, according to the defense, could deliberately incriminate former accomplices in order to ease his fate.
---------------------
On January 29, the Meshchansky Court of Moscow plans to put an end to the high-profile case of a global hacker attack on Russian banks, as a result of which, according to the prosecution, more than a billion rubles were stolen. The leader of the group of "hackers", which included 13 people, the investigation considers Yuri Lysenko, for whom the prosecutor's office demanded 15 years in prison.
According
to the investigation, more than 1 billion rubles were stolen from banks, the victims in the case are Promsvyazbank, Uralsib Bank, Bank Trust and Bank Zenit.
The investigation considers the organizer of the criminal community to be a citizen of Ukraine Yuriy Lysenko.
According to the prosecution, in the period from June 1 to July 18, 2014, he created a criminal community in Moscow. Having rented a living space, he purchased and placed in it the means of computer technology and mobile communications necessary to organize the access of the accomplices in the crime to the Internet, as well as the prompt transfer of information by the rest of the members of the organized group. Lysenko also allegedly rented remote servers on foreign network resources to host a program created by him, with the help of which he formed and sent forged electronic payment orders to credit and financial institutions.
The prosecution claims that Lysenko created a third on the basis of two computer programs, and with the help of it carried out reverse operations of canceling the withdrawal and transfer of funds.
The money was stolen with the help of this special program, which made it possible to withdraw funds from the accounts of bank customers, and then restore the balance at the expense of the financial structures themselves, law enforcement agencies believe.
The state prosecutor demanded that the defendants in the case be sentenced to imprisonment for a term of 6.5 to 15 years, the prosecutor's office requested the longest term for Lysenko.
For Nikolai Milovidov, Mikhail Oreshkin and Nikita Khadzhibekyan held in the pre-trial detention center, the prosecutor asked for 7 to 12 years in a general regime colony.
For the rest of the defendants in the case, who are on their own recognizance, the state prosecution requested from 6.5 to 10 years in a general regime colony.
According to the case file, the damage to PJSC Promsvyazbank amounted to 39.5 million rubles, PJSC Bank Uralsib - 45 million, PJSC Bank Trust - 106 million and PJSC Bank Zenit - 883.5 million rubles.
Lysenko's
defense completely rejects the arguments of the prosecution and insists on his innocence, and considers the charge against him to be entirely unfounded and refuted.
"The plots set forth in the indictment are not supported by any evidence. The state prosecution did not prove the existence of a criminal association and its qualifying features. Neither the amount of damage, nor the method of committing the crime, nor the fact that Lysenko received any income from the embezzlement incriminated to him was established," said the defendant's lawyer Ivan Mironov.
Moreover, the lawyer points out that during the judicial investigation it was established that Lysenko had an alibi: at that time, whenYes, according to the investigation, he allegedly created a criminal community, rented imaginary apartments, and also embezzled money and divided criminal proceeds, he was generally in another country.
"The prosecution did not even provide any evidence of Lysenko's special computer knowledge, and the defense denied this as well," Mironov said.
According to him, the rest of the defendants in the case had never seen Lysenko before the arrest and had not heard of him.
"The defendant Anton Testov, with whom a pre-trial cooperation agreement was concluded, said that all the operations of which Lysenko is accused were carried out by him, and not by Lysenko, he has never heard of Lysenko and does not know who he is, He was always free in his actions and never obeyed anyone," the lawyer said.
He added that at the initiative of the defense, 20 conclusions were prepared by leading Russian experts in the field of computer information, authorship and linguistics, which refuted the possibility of the existence of a mechanism of theft imputed by the investigation.
"Numerous responses to lawyers' requests from domestic and foreign companies and organizations, attached by the court to the case, show the fantasy of the investigation's version: there is no evidence that Lysenko rented any servers, as well as confirmation that he used the Internet at all during this period, moreover, numerous responses from hosting companies and Internet providers completely refute the charge brought against our client.
The investigation claims that the cancellation of transactions took place remotely through POS terminals in the United States, but in the log files from the processing centers submitted by the affected banks, it is indicated that the cancellation of transactions took place from ATMs with the physical presence of some attackers in the United States and Europe, which was also confirmed by international payment systems and numerous examinations. And our client has never been to the United States, and was not in Europe at the time of the incriminated transactions," the lawyer said.
He also added that one of the examinations established an excess of damage imputed to the defendants by almost 900 million rubles.
The defense of all the defendants in the criminal case asked the court to issue an acquittal.
----------------
The Meshchansky Court of Moscow sentenced to imprisonment for terms ranging from five years of general regime to 13 years of strict regime hackers, who were found guilty of creating a criminal community and embezzling about 1 billion rubles from various Russian banks - a total of 12 people. Two more received six-year suspended sentences. This decision was made by Judge Elena Gudoshnikova, Ivan Mironov, the lawyer of Yuri Lysenko, the main defendant in the case, told RBC.
The state prosecution requested terms for the accused from 6.5 years of general to 15 years of strict regime. The prosecutor claimed that the defendants stole about 883.7 million rubles from Zenit Bank, 106.3 million rubles from Trust Bank, 45.1 million rubles from Uralsib Bank and 39.5 million rubles from Promsvyazbank. The court decided to send one of the episodes of the case related to the theft from Promsvyazbank for further investigation.
The verdict was announced for more than a week. The defendants, led by 32-year-old Lysenko, depending on their role, were charged with creating a criminal community and participating in it (Article 210 of the Criminal Code), as well as up to four episodes of fraud in the field of computer information (Part 4 of Article 159.6 of the Criminal Code) and up to eight episodes of especially large-scale theft (Part 4 of Article 158 of the Criminal Code).
How the theft
scheme worked The hacker group has been working since July 2014, follows from the 600-page indictment in the case. Hackers have written a malicious program based on software designed to conduct bank payment orders on the Internet. By installing the program on rented servers outside Russia, they were able to send fake requests to banks for reverse transactions, that is, for the cancellation of previously conducted operations for withdrawing and transferring money.
Hackers bought bank cards from the so-called card sellers, issued to real people who did not actually use them and did not know anything about the activities of fraudsters. Small amounts were credited to these cards, which were subsequently withdrawn from ATMs or transferred. Then the fraudsters copied the details of these transactions from the receipts, formed fake requests for their cancellation with the help of a malicious program and sent them to banks. They canceled, the balance of the card was restored, while the withdrawn cash remained in the hands of the fraudsters.
For every card charge, there were many reverse transaction requests. Thus, the hackers repeatedly "returned" the withdrawn money to the card. For example, they robbed Zenit Bank for 883 million rubles, withdrawing only 22 thousand rubles from ATMs, the state prosecution claimed.
According to the state prosecution, the group was a complex criminal community: it consisted of three "functionally and territorially separate groups."Lysenko strictly limited the contacts of members of the community among themselves for conspiratorial purposes. Especially for the needs of the group, Lysenko rented an apartment in Moscow - the necessary equipment was placed there and information was exchanged. Lysenko took 80% of the stolen goods, another 20% was received by accomplices in each operation, the state prosecution claimed.
The scheme used by the Lysenko group is called "ATM-reverse" by experts, Valery Baulin, head of the Group-IB computer forensics laboratory, told RBC. He clarified that the fraudsters used access to compromised POS terminals in stores and cafes outside of Russia - fake requests to cancel the operationradios were sent through these terminals, and it looked like a return of goods or a refusal of a service.
The thefts became possible due to the fact that banks did not carefully check internal transactions, Baulin said. Thus, the processing systems did not take into account that cash was withdrawn from an ATM in Russia, and the cancellation request came from a terminal abroad.A few months later, the threat was noticed by the payment system - it began to block reverse transactions if the request for them did not come from the original ATM. But the attackers learned to bypass this block: they first began to transfer money to a card of another bank, withdraw money from an ATM of another bank, and then cancel the transfer operation.
Now the vulnerability has been closed by processing systems - transaction authorization includes checking for the coincidence of the point where the original operation was made and the point of the cancellation request, Baulin said.
Impossible mechanism
The investigation allowed falsifications in the case, says lawyer Mironov, who defends Lysenko. The accounting examination, which was carried out at the request of the defense, concluded that the damage from the alleged fraud was overstated by the investigation by about 900 million rubles, that is, ten times. And Lysenko was credited with creating software that "even hypothetically could not and could not have the functionality that investigator Dmitry Aleksashin came up with," Mironov said. According to him, now the defense is preparing statements demanding to check the alleged falsifications on the part of Aleksashin, who resigned from the investigative authorities.
The lawyers turned to the manufacturers of the source programs, from which, according to the state prosecution, Lysenko made fraudulent software. In their written responses, they stated that it was impossible to make changes to them. Investigators did not find traces of malware on the equipment seized during the searches, Mironov pointed out.
In addition, the defense submitted to the court 20 conclusions of Russian IT security specialists, who "excluded the very possibility of the existence of this theft mechanism, recognizing the version of the investigation as fantastic," Mironov said. At the same time, Group-IB expert Maxim Antipov, whose conclusion formed the basis of the prosecution's version, was not interrogated in the process - the court could not establish his whereabouts, the lawyer emphasized.
Antipov resigned from Group-IB more than four years ago and now lives in another city, Baulin told RBC. According to him, former colleagues provided the court with his contacts and notified the cyber criminologist about the request from the court. He was ready to speak in court, but asked to pay for the trip. "Apparently, such fairly ordinary conditions for the delivery to Moscow of the expert, whose conclusion formed the basis of the charges, could not be fulfilled," Baulin says.
-----------------
Ukrainian hacker avoided a new term in Russia
The sentence to Yuriy Lysenko was overturned for violations of the law.
As it became known to Kommersant, the Moscow City Court overturned the sentence of a group of hackers who in the middle of the last decade stole about 1 billion rubles from several large banks and their depositors. According to the decision of the appellate instance, this episode will be considered in court again. However, almost half of the defendants, with the exception of the organizer of the criminal community, a hacker with Ukrainian citizenship, and his main accomplices, have already managed to be released.
Trials in the cases of the organized criminal community (OCG), which was put together by a citizen of Ukraine Yuriy Lysenko for almost ten years, have been going on with short breaks since April 2017. As Kommersant told, then the Meshchansky District Court received a criminal case numbering almost 100 volumes against the hacker and 13 of his accomplices. According to investigators of the Ministry of Internal Affairs, whose arguments were later confirmed by the courts, in 2014 the Ukrainian created an organized crime group, which was initially engaged in "cleaning" the accounts of ordinary bank customers.
They put a certain amount on the card of a credit institution, then transferred it to another card. Then a virus program was launched, canceling the transaction. Considering that the transfer failed, the banks returned this money to the sender's account, but from their own funds. As a result, the hackers had twice the amount.
In this way, according to the investigation, more than 1 billion rubles were stolen, of which about 800 million rubles were received by the leader of the organized crime group. The second source of income for hackers was the installation of special devices on ATMs that allow them to control the process of issuing banknotes. As it was established by the investigation, Promsvyazbank, Zenit, Trust, Uralsib banks and a number of other credit institutions recognized as victims in the case suffered from the actions of the organized crime group. At the end of July 2015, the arrests of fraudsters began. However, only a few of them were taken into custody, including Yuriy Lysenko himself, and the rest, despite the severity of the charges, were left on their own recognizance. The alleged leader was accused of creating an organized crime group (Part 1 of Article 210 of the Criminal Code of the Russian Federation), and the rest were accused of participating in it (Part 2 of Article 210 of the Criminal Code of the Russian Federation) and committing a number of especially large frauds in the field of computer information (Part 4 of Article 159.6 of the Criminal Code of the Russian Federation), as well as especially large-scale thefts (Part 4 of Article 158 of the Criminal Code of the Russian Federation). During the preliminary investigation, only one participant in cyber fraud, Anton Testov, fully admitted his guilt, having received a seven-year sentence thanks to a deal with justice. The rest either completely denied involvement in the crimes, or agreed with individual charges.
In 2018, in the midst of hearings, the defendants co-founders of Smart Solutions Group of Companies Artem Mazurenko and Anton Ekimenko, who were at large, unexpectedly disappeared and were put on the wanted list. The rest came to the verdict, announced in February 2019, with trunks of things. During the debate of the parties, the prosecutor asked for 15 years of strict regime for Yuriy Lysenko as the leader of the organized crime group and its think tank, and for the rest - from 7 to 12 years in total. As expected, the court sentenced the main hacker to 13 years in prison, and sentenced the rest to 5 to 10 years, leaving only two at large with a suspended sentence.
Appealing the verdicts, the defendants pointed out that there was no organized crime group at all,Its participants did not know each other, no money was found in the ringleader's possession, and the examinations in the case do not stand up to criticism. However, the appellate instance mitigated the punishment of only a few convicts. At the same time, materials on several cases of embezzlement of money from banks were sent for additional investigation to eliminate violations. Yuriy Lysenko and six other previously convicted hackers were again accused of them.
The start of the trial was repeatedly postponed. In the summer of this year, the Lefortovo court increased the term of Yuri Lysenko to 16 years, and the rest - by 1-2 years. However, the appeal of the Moscow City Court canceled this "aggravation" due to violations, sending the case for a new trial.
It is worth noting that some of the group of hackers who did not get to the retrial have already served their sentence at the moment.
Meanwhile, this did not affect the fate of the defendants who fled in 2018. Artem Mazurenko was caught in May last year, and the court resumed proceedings in his case. Anton Ekimenko, who was captured later, is preparing for the trial. The claims of banks against the defendants are to be considered in civil proceedings.
• Source: https://www.kommersant.ru/doc/5594752
-----------------
As it became known to Kommersant, the Basmanny District Court of Moscow sentenced hacker Artem Mazurenko to six years in prison. At one time, he was a member of an organized crime community that stole about 1 billion rubles from several large banks and their depositors. Without waiting for the verdict, they disappeared. They were detained only recently, and the accomplices were tried separately. Mr. Mazurenko, although he did not consider himself involved in the community and spoke about his insignificant role, fully admitted his guilt, still received a rather harsh sentence, taking into account the escape. His lawyer, who, by the way, signed up as a volunteer for the defense of Donbass, appealed the decision as too harsh before being sent to the special operation zone.
The verdict to Artem Mazurenko was announced the other day by the judge of the Basmanny Court of the capital, Valentina Levashova, after a trial that had been going on since February this year. She found the defendant guilty of committing especially large-scale fraud in the field of computer information (Part 4 of Article 159.6 of the Criminal Code of the Russian Federation), as well as participation in an organized criminal community (Part 2 of Article 210 of the Criminal Code of the Russian Federation). According to Kommersant, during the debate of the parties, representatives of the state prosecution asked to sentence the accused to eight years in prison in a general regime colony, a fine of 250 thousand rubles and restriction of freedom for a period of ten months after serving the sentence.
Taking into account mitigating circumstances and a full admission of guilt by Artem Mazurenko himself, he was eventually sentenced to six years in a general regime colony.
It should be noted that the case of Mr. Mazurenko was singled out from several others related to the activities of a group of hackers who literally thundered throughout Russia about ten years ago, and the processes on them have been going on almost continuously since April 2017. As Kommersant told, then the Meshchansky District Court received a criminal case numbering almost 100 volumes against the capital's hacker of Ukrainian origin Yuri Lysenko and 13 of his accomplices.
According to the investigators of the Ministry of Internal Affairs, whose arguments were later confirmed by the courts, in 2014 the Ukrainian created an organized crime group, which was initially engaged in "cleaning" the accounts of ordinary bank customers. They put a certain amount on the card of a credit institution, then transferred it to another card. Then a virus program was launched, canceling the transaction. Considering that the transfer failed, the banks returned this money to the sender's account, but from their own funds. As a result, the hackers had twice the amount.
In this way, according to the investigation, more than 1 billion rubles were stolen, of which about 800 million rubles were received by the leader of the organized crime group Lysenko.
The second source of income for hackers was the installation of special devices on ATMs that allow them to control the process of issuing banknotes. As it was established by the investigation, Promsvyazbank, Zenit, Trust, Uralsib banks and a number of other credit institutions recognized as victims in the case suffered from the actions of the organized crime group. At the end of July 2015, the arrests of fraudsters began. However, only a few of them were taken into custody, including Yuriy Lysenko himself, and the rest, despite the severity of the charges, were left on their own recognizance. Among the latter were the co-founders of Smart Solutions Group of Companies LLC Artem Mazurenko and Anton Ekimenko. In 2018, in the midst of the hearings, they unexpectedly stoppedto go to them, anticipating a harsh sentence.
As expected, the court sentenced the leader of the organized crime group to 13 years of strict regime, sending the rest to general regime colonies for terms of five to ten years. Only two of the defendants got off with suspended sentences. In turn, Messrs. Mazurenko and Ekimenko were put on the wanted list. The first was caught and placed in pre-trial detention center-4 "Medved" in May last year, and his accomplice a little later. It should be noted that during this time, another case of seven previously convicted hackers on a number of embezzlements separated from a large investigation managed to reach the court.
As Kommersant told, in the summer of this year, the Lefortovo court increased Yuri Lysenko's term to 16 years, and the rest - by one to two years. However, the appeal of the Moscow City Court canceled this "aggravation" due to violations, sending the case for a new trial. However, this event is unlikely to somehow affect the fate of both Artem Mazurenko and Anton Ekimenko, whose trial should begin in the Basmanny Court only in mid-November.
Mr. Mazurenko's lawyer Tair Rzayev explained to Kommersant that his client denied participation in the organized crime group, and the accusations of involvement in the embezzlement were limited to one episode.
According to him, even during the investigation many years ago, he could well count on requalification as a witness due to the insignificance of his role. "However, in connection with the verdict already passed in 2019, approved by the appeal, our ability to deny participation in the organized crime group was limited," the lawyer said. According to him, the "decision to escape" in 2018 "was fundamentally wrong" and "aggravated the situation." And it was because of this that "the opportunities for defense were small," and therefore he recommended that Artem Mazurenko agree with the charge in full.
According to Mr. Rzayev, the verdict was appealed in terms of its "excessive severity." Taking into account the fact that the court counted as a day and a half the time spent in the pre-trial detention center, as well as the possible additional leniency from the appellate instance, Artem Mazurenko will soon be able to ask for parole. However, he may also have to participate in the civil process, where the claim of the banks as aggrieved parties for compensation for the damage caused to them is directed.
However, as the lawyer noted, in the future, the interests of the convict will be represented by his colleague, since Tahir Rzayev himself signed up as a volunteer to participate in the special military operation to protect Donbass. As the lawyer clarified, he recently turned 50 years old and the military registration and enlistment office officially refused him. Meanwhile, the defender, who decided to go to the front "out of conviction", joined one of the volunteer formations. He noted that at the same time he is not listed as a military serviceman, and therefore he does not need to suspend his lawyer status in the chamber and, if necessary, he can participate in any process in the territory of new regions.
• Source: https://www.kommersant.ru/doc/5667803
-------------
The Basmanny District Court of Moscow sentenced hacker Anton Ekimenko to six years in prison in the case of fraud with bank accounts for 168 million rubles. According to the investigation, Ekimenko was a member of a group led by Ukrainian Yuri Lysenko - in 2014-2015, members of this organized crime group, using special software, stole 1 billion rubles from Promsvyazbank, Zenit, Uralsib and Trust. In 2019, Lysenko and his accomplices received long prison terms, Banks are still being attacked by fraudsters, but security services manage to prevent thousands of such crimes, experts explained to Izvestia.
Double profit
On August 27, the Basmanny District Court of Moscow completed the case of a member of a hacker group that stole 1 billion from several Russian banks. Anton Ekimenko received six years in a general regime colony. It was he who was charged with stealing 168 million rubles from Promsvyazbank, Uralsib and Trust in 2014-2015.
Ekimenko was a member of the organized criminal community (OCG), which was headed by a citizen of Ukraine Yuriy Lysenko. In 2014, he created an organized crime group of 17 people and developed a scheme for embezzlement of funds from credit institutions.
To do this, the accomplices rented foreign servers, on which they placed special fraudulent software. He interfered with the banking systems and informed the bank about the cancellation of the transaction, which was actually carried out. Thanks to this malware, the attackers transferred money from one bank account to another, and in return received double the amount. Banking systems believed that the transfer did not go through, and returned the money from their own funds.
In addition to Promsvyazbank, Uralsib and Trust, the victims in the case were Zenit Bank and several other credit institutions.
Detentions of members of the organized crime group began back in 2015, and they were sentenced in 2019.
The rest of the defendants in the case received from 5 to 10 years in prison and suspended sentences. But Ekimenko managed to escape at the stage of the investigation of the case - he violated the chosen measure of restraint and was put on the federal wanted list. His case was separated into a separate proceeding and detained only in 2022.
Ekimenko was charged under articles on participation in a criminal community (Part 2 of Article 210 of the Criminal Code of the Russian Federation) and fraud in the field of computer information committed by an organized group on an especially large scale (Part 4 of Article 159.6 of the Criminal Code of the Russian Federation). In addition to Ekimenko, another defendant in the case, Artem Mazurenko, managed to hide from the preliminary investigation. He was also detained in 2022 and sentenced to six years in prison.
• Video: https://iz.ru/video/embed/1749504
• Source: https://epp.genproc.gov.ru/web/proc_77/mass-media/news?item=97361011
• Source: https://iz.ru/1749581/stanislav-kuc...luchil-6-let-za-krazhu-168-millionov-u-bankov
As it turned out, the leader of the hacker gang who robbed four banks for 1 billion rubles was an athlete from Ukraine. He turned out to be a 29-year-old boxer from the city of Sumy, Yuriy Lysenko. After moving to Moscow, he gathered programmers around him and organized a gang of hackers who robbed four banks worth a billion rubles.
The special services uncovered a group of hackers who deceived Promsvyazbank, Trust, Uralsib and Zenit Bank for a billion rubles.
16 young people in Moscow formed a gang and engaged in fraud on the Internet. The choice of criminals fell on the banking sector and online transactions. In just four months, programmers robbed banks for a billion rubles. The scam was a success thanks to a special program that they came up with.
"A group of Internet fraudsters with knowledge in the field of programming and technology developed a bot that at a certain point in time after conducting transactions from account to account canceled transactions," said a source in law enforcement agencies. "However, by this time, funds were already being sent by payment order through Internet banking, and the team came to the bank late. Basically, transfers were from dollar to ruble accounts, or from dollar to euro.
The leader of the hacker gang studied the order, organization and system of functioning of banking processing systems that process financial transactions on the Internet in real time, and then found "like-minded people" - from the driver to cashiers, with whom he carried out Internet fraud.
Fraudsters acted according to the following scheme: they opened bank cards in other people's names, went to the terminal, replenished the account, moving to another terminal, withdrew a small amount and took a receipt, after which, having received a receipt from the ATM with authorization data of a direct legal card ATM withdrawal operation, they used its details and canceled cash withdrawals through a forged electronic order.
As a result of such actions, the balance of the bank card account was restored and replenished with the specified amount. Thus, a gang of hackers-programmers was able to cause damage to four banks in the amount of over 1 billion rubles. Interestingly, the group began to "work" with the amount of a million rubles, gradually increasing the amount to a billion with similar operations.
The alarm was sounded by the security service of one of the banks, after which they turned to the "K" department of the Ministry of Internal Affairs of the Russian Federation. After the investigation, all members of the group were identified and detained. A criminal case has been initiated under the articles "Fraud" and "Organization of a criminal community".
• Source: https://life.ru/t/новости/924580/bo...hruppirovku_khakierov_ukravshikh_1_mlrd_rubli ei_u_bankov
Today's news about the arrest of a gang specializing in cyber bank robberies does not contain a detailed description of the scheme used by the criminals. However, people who are versed in information security will see enough in it, to identify, if not the group itself, then the methods it uses. Apparently, we are talking about the detention of the Metel group, or their "collay down."
Last year, Kaspersky Lab and Group-IB, which conducted investigations on behalf of various banks, briefly described the activities of Metel, aka Corkow. The group is responsible for an attack on the exchange terminals of the Kazan Energobank, which caused a significant fluctuation in the ruble exchange rate against the dollar, as well as a series of clever bank robberies using an "inexhaustible" debit card. It should be borne in mind that the term "Metel group" refers to all criminals using Metel, a Trojan program specialized in gaining access to banking information systems. Therefore, it is likely that we are talking about several groups that have purchased and mastered the same Trojan, and are not related in any other way.
The scheme with inexhaustible debit is very elegantly arranged. Criminals massively send so-called phishing emails, the content of which is written in such a way as to deceive the recipient and force him to open the attached file. Almost everyone gets something like this from time to time, and sometimes the sender is your real acquaintance (for example, if his computer is infected). In the event of an attack on a bank, hackers can act through the HR department, sending a letter supposedly with a resume, through the accounting department, offering to open a scan of a payment document, or through any employee, offering him to see someone's intimate photos. The email always contains a disguised Trojan file that is infected when launched. There are other methods of primary infection, but this one is the easiest to perform and is the most widely practiced.
After the initial infection, the Trojan determines whose computer it has and what powers the victim has, then contacts its server to receive additional commands and downloads the necessary modules. If it manages to infect the computer of the bank's network administrator, it begins to spread further through the network — the Trojan searches for the computers of credit institution employees who have the right to cancel transactions carried out at ATMs by bank customers.
Having received a signal that the Trojan has hit the right place, the attackers go to the attacked bank to receive a debit card using fake or stolen documents. A substantial amount of money is deposited on the card. Then the criminals take this card to different ATMs in different cities where the bank operates and withdraw this amount everywhere. At the same time, one of the gang members controls an embedded Trojan that cancels ATM transactions on the card immediately after the money is issued, so it becomes inexhaustible.
The key point here is that the card is issued by the same bank that owns the "issued" ATMs. In this case, the transaction does not go through the Visa/MasterCard/MIR payment system, but is processed exclusively within the bank's processing center. The bank can cancel such a transaction, which is used by criminals. Technically, there is nothing new in Metel's attack and, it would seem, banks could easily protect themselves from this - there are enough funds. In practice, criminals are favored by a number of circumstances:
— Most banks protect themselves from malware with the help of ordinary antiviruses. Anti-virus control on the mail server and on the attacked computer is effective only when the anti-virus "knows" this particular version of the Trojan. New versions that have not yet come across by researchers are almost invisible. More advanced technologies are whitelists, anbehavior of programs, and so on, create a lot of inconvenience in work and are used by banks only in the most critical areas, for example, to protect the automated workstations of the Bank of Russia client (AWP KBR). Metel's attack was carried out through ordinary vehicles.
— Physical separation of the corporate network and the processing center network is also not practiced by many banks. In addition to maintaining the smooth circulation of transactions and solving operational tasks, the center's employees also need to receive and send e-mail, use the bank's internal portals, and access the Internet. Keeping two computers connected to different network segments at your workplace is not only costly, but also inconvenient for the user. As a result, the Trojan sent by mail gets access to managing transactions on the same computer.
— Information security trainings have a limited effect: for ten employees who have learned the basic rules, there is always one goofball, and he will be the weak link. Large numbers will work here: if you send, for example, 10 thousand phishing emails (and this is only 100 employees in 100 banks), there are bound to be several people who are inclined to thoughtlessly open attachments.
Given the scale of the stolen, incidents of this kind are extremely dangerous for the financial stability of banks - this is no longer the theft of 10 thousand rubles from a pensioner's card, such losses cannot be included in the budget. This means that measures will be taken, otherwise someone will lose their banks, and someone will lose their deposits.
• Source: https://life.ru/t/мнения/924766/kak_ukrast_u_banka_milliard
---------------
The case of the theft of more than 1 billion rubles from banks by hackers was sent to court
Deputy Prosecutor General of the Russian Federation Viktor Grin approved the indictment in the criminal case against Yuri Lysenko, Yevgeny Vorobyov, Ivan Krylov, Artem Mazurenko, Mikhail Vorobyov, Anton Ekimenko, Denis Grinev, Maxim Usatov, Sergey Makhnichev, Nikolai Milovidov, Mikhail Oreshkin, Oleg Rodin, Nikita Khadzhibekyan and Sergey Chistov. Depending on their role and degree of participation, they are accused of committing crimes provided for in Parts 1, 2 of Article 210 of the Criminal Code of the Russian Federation, Part 4 of Article 159.6 of the Criminal Code of the Russian Federation, Part 3 of Article 30, paragraphs "a, b" of Part 4 of Article 158 of the Criminal Code of the Russian Federation, paragraphs "a, b" of Part 4 of Article 158 of the Criminal Code of the Russian Federation (organization of a criminal community and participation in it, fraud in the field of computer information and theft).
According to the investigation, from July to November 2014, Lysenko organized a criminal community to commit theft of funds from a number of commercial banks, in which he involved more than 17 accomplices. Funds of financial institutions were stolen by entering and modifying computer information using the Internet, performing transactions for transferring and withdrawing funds on bank cards with their cancellation and restoration of the balance on accounts.
As a result of these actions, members of the criminal community stole more than 1 billion rubles from credit and financial institutions.
In addition, from March to July 2015, these persons stole more than 5.7 million rubles by installing special devices in various ATMs to manage the process of issuing banknotes.
A guilty verdict has already been issued against one of the members of the criminal community, Anton Testov.
The investigation against other accomplices in the crimes put on the international wanted list continues.
The criminal case, investigated by the Investigative Department of the Ministry of Internal Affairs of Russia, was sent to the Meshchansky District Court of Moscow for consideration on the merits.
• Source: www.genproc.gov.ru/smi/news/news-1181546/
------------------
Three members of an organized criminal group (OCG), accused of embezzling one billion rubles from banks via the Internet, plead guilty, a RAPSI correspondent reports from the hall of the Meshchansky District Court of Moscow.
On Friday, the court began hearings on the merits of the criminal case.
There are 14 alleged members of the organized crime group in the dock: Yuri Lysenko, Evgeny Vorobyov, Ivan Krylov, Artem Mazurenko, Mikhail Vorobyov, Anton Ekimenko, Denis Grinev, Maxim Usatov, Sergey Makhnichev, Nikolai Milovidov, Mikhail Oreshkin, Oleg Rodin, Nikita Khadzhibekyan and Sergey Chistov. Depending on the role and degree of participation, they are accused of committing crimes under parts 1 and 2 of article 210 of the Criminal Code of the Russian Federation, part 4 of article 159.6 of the Criminal Code of the Russian Federation, part 3 of article 30, paragraphs "a" and "b" of part 4 of article 158 of the Criminal Code of the Russian Federation, paragraphs "a", "b" of part 4 of article 158 of the Criminal Code of the Russian Federation (organization of a criminal community and participation in it, fraud in the field of computer information and theft).
Thus, Khadzhibekyan, Oreshkin and Makhnichev partially admit their guilt in the acts incriminated to them; The rest of the defendants did not.
According to the investigation, in the period from July to November 2014, Lysenko organized a criminal community, in which he involved 17 accomplices, in order to steal funds from a number of commercial banks. Funds of financial institutions were stolen by entering and modifying computer information using the Internet, performing transactions for transferring and withdrawing funds on bank cards with their cancellation and restoration of the balance on accounts.
As a result of these actions, members of the organized crime group stole over one billion rubles. In addition, the defendants managed to steal more than 5.7 million rubles in the period from March to July 2015 by installing devices in various ATMs that allow managing the processes of issuing banknotes.
The Prosecutor General's Office of the Russian Federation notes that a guilty verdict has already been issued against one of the members of the criminal community - Anton Testov.
-----------------------
The Moscow City Court reviewed the case of hacker Anton Testov, who, cooperating with the investigation, helped law enforcement agencies uncover an organized criminal community led by a citizen of Ukraine Yuri Lysenko, who stole more than 1 billion rubles from banks. This became known to the newspaper "Kommersant".
As the newspaper reminds, Anton Testov, whose case was considered by the Meshchansky District Court of Moscow in a special order, was sentenced for participation in a criminal community (Part 2 of Article 210 of the Criminal Code of the Russian Federation) to five years, for fraud in the field of computer information (Article 159.6 of the Criminal Code) - for another four years, and in addition, received three terms from three to four years for theft (Article 158 of the Criminal Code of the Russian Federation). By partial addition of terms, the court sentenced him to seven years in a general regime colony, restricting his freedom after serving his sentence for another six months. For six months, as the court decided, Testov must not leave his apartment after 22:00, participate in mass events or attend them, and once a month he is obliged to report to the police. At the same time, the court satisfied the claims of the injured banks, according to which about 200 million rubles were recovered from the convict. However, the hacker could not execute the sentence in this part: according to the newspaper, the 2010 BMW car turned in favor of the victims, as well as the 165 thousand rubles and 4.6 thousand dollars seized from Testov during the searches, "became only a light consolation for them."
The convicted hacker and his defense could not appeal the verdict under the law. But they appealed to the court, indicating that they did not agree with the size of the punishment, which, according to them, was excessively harsh. Asking for leniency, Testov, in particular, indicated that he had a minor child, suffered from a number of serious diseases, pleaded guilty in full, repented, and fulfilled the terms of the pre-trial cooperation agreement. In addition, the court of first instance, in his opinion, did not take into account that he had been held in a pre-trial detention center for a long time, and this did not correspond to the conditions for serving a sentence in a general regime penal colony. In this regard, Testov asked to count the time of detention in the sentence at the rate of one day for one and a half days, and the total punishment to be reduced to four years and six months. His defenders, in turn, noted that the Meshchansky District Court did not take into account the hacker's active assistance to the investigation in the disclosure and investigation of crimes, namely, that Testov "possessed unique information necessary for the correct and quick investigation of the criminal case, and provided this information to the investigating authorities."
The state prosecution, considering the verdict legal, suggested that the Moscow City Court reject the complaints of the convict and his defense, and leave the punishment the same.
The court of appeal found that the Meshchansky Court correctly qualified the actions of Anton Testov under Articles 210, 159.6 and 158 of the Criminal Code; Taking into account the nature and degree of public danger of the deed, the type of punishment imposed on the hacker was also correctly determined. However, the appeal decided, the term imposed on Testov can be reduced, since there are no aggravating circumstances in his main crime - participation in an organized criminal community. As a result, the hacker was shaved off two years, but he was nevertheless left under supervision for six months after his release.
The case of Anton Testov, who made a deal with the Prosecutor General's Office, was singled out by the Investigative Department of the Ministry of Internal Affairs from a large investigation in relation to theand an organized criminal community of hackers, consisting of a dozen and a half people. According to the investigation, the organizer of the organized crime group was a citizen of Ukraine Yuriy Lysenko, who did not work anywhere. In the period from July to November 2014, he involved 14 Russians in the community, with whom he subsequently committed theft of funds from commercial banks. The thefts were carried out with the help of a special program that made it possible to withdraw money from the accounts of bank customers, and then restore the balance at the expense of the financial structures themselves. In total, more than 1 billion rubles were stolen in this way. In addition, according to the prosecution, from March to July 2015, the attackers stole more than 5.7 million rubles by installing special devices in various ATMs that allow them to control the process of issuing banknotes. Promsvyazbank, Zenit, Trust, Uralsib, as well as small credit institutions were recognized as victims of the actions of the organized crime group.
As the representative of Yuri Lysenko, who does not admit his guilt, told Kommersant, the case of the organized crime group is being considered by the Meshchansky District Court. Now, according to him, during the judicial investigation, the evidence presented by the prosecution is being examined. Due to the huge amount of materials, the verdict in the case will at best be passed only in a year.
--------------------
15 years in a maximum security colony was requested by the prosecution for a native of Ukraine, Yuri Lysenko, accused of creating a criminal community of hackers who stole more than 1 billion rubles from a number of large Russian banks via the Internet. However, the lawyers insist on the innocence of the defendants, claiming that they were the victim of the slander of their former accomplice, who testified against the others as part of a pre-trial agreement.
According to the investigation, the organizer of the organized crime group is a non-working citizen of Ukraine Yuriy Lysenko. According to the case file, in the period from July to November 2014, he involved about two dozen Russians in the activities of the organized crime group for the joint embezzlement of funds from commercial banks. The investigation believes that the money was stolen with the help of a special program that allowed them to be withdrawn from the accounts of bank customers, and then restored the balance at the expense of the financial structures themselves.
As the prosecutor explained in court, the defendants could put 200 thousand rubles on the bank's card, and then transfer them to another card. Then a Trojan program was launched, canceling the transaction. Considering that the transfer failed, the banks returned this money to the sender's account, but from their own funds. As a result, the hackers had twice as much money in their hands. In addition, according to the case, from March to July 2015, hackers embezzled more than 5.7 million rubles by installing special devices in various ATMs to control the process of issuing banknotes. As it was established by the investigation, in general, Promsvyazbank, Zenit, Trust, Uralsib banks and a number of small credit institutions, now recognized as victims in the case, suffered from the actions of the organized crime group.
In the end, in addition to Yuri Lysenko, 13 people appeared before the court: Evgeny Vorobyov, Ivan Krylov, Artem Mazurenko, Mikhail Vorobyov, Anton Ekimenko, Denis Grinev, Maxim Usatov, Sergey Makhnichev, Nikolai Milovidov, Mikhail Oreshkin, Oleg Rodin, Nikita Khadzhibekyan and Sergey Chistov. Depending on the role of each, the prosecutor asked to find them guilty under Parts 1 and 2 of Article 210, Part 4 of Article 159.6, Part 3 of Article 30 and Part 4 of Article 158 of the Criminal Code of the Russian Federation (organization of a criminal community and participation in it; fraud in the field of computer information; theft). For the alleged organizer of the organized crime group Lysenko, the state prosecutor demanded 15 years in a maximum security colony, Khadzhibekyan, Milovidov and Oreshkin, who were held, like Lysenko, in custody, to imprisonment for terms of 7 to 12 years. For the remaining ten defendants, who are under recognizance not to leave and come to the process on their own, the state prosecution requested from 6.5 years to 10 years in a general regime colony.
Now lawyers must appear in court. Since most of the defendants did not admit their guilt, the defense will try to prove the non-involvement of the defendants in the crimes. At the same time, the lawyers will refer to the contradictions in the forensic examination, which claims that the hackers created their own on the basis of Montero and Software programs, which made it possible to cancel a transaction when transferring money from card to card. At the same time, according to the defense, the manufacturers of the Montero and Software programs themselves, in response to lawyers' requests, argued that such a hacker program could not exist in principle. Moreover, this thesis was allegedly confirmed by Russian experts in court. On the other hand, the author of the examination appointed by the court, for theAn explanation for the process did not appear.
The defense also intends to refute the accusation of Lysenko of creating an organized crime group, since it follows from the case materials that its alleged participants did not know each other before their arrest in 2015. And they did not find any money, despite the fact that the investigation claims that Yuri Lysenko alone embezzled at least 800 million rubles.
Meanwhile, the lawyers, denying the participation of their clients in the organized crime group, claim that all this data was reported to the investigation only by Anton Testov, who was cooperating, who had already been sentenced to a seven-year term. But he, according to the defense, could deliberately incriminate former accomplices in order to ease his fate.
---------------------
On January 29, the Meshchansky Court of Moscow plans to put an end to the high-profile case of a global hacker attack on Russian banks, as a result of which, according to the prosecution, more than a billion rubles were stolen. The leader of the group of "hackers", which included 13 people, the investigation considers Yuri Lysenko, for whom the prosecutor's office demanded 15 years in prison.
According
to the investigation, more than 1 billion rubles were stolen from banks, the victims in the case are Promsvyazbank, Uralsib Bank, Bank Trust and Bank Zenit.
The investigation considers the organizer of the criminal community to be a citizen of Ukraine Yuriy Lysenko.
According to the prosecution, in the period from June 1 to July 18, 2014, he created a criminal community in Moscow. Having rented a living space, he purchased and placed in it the means of computer technology and mobile communications necessary to organize the access of the accomplices in the crime to the Internet, as well as the prompt transfer of information by the rest of the members of the organized group. Lysenko also allegedly rented remote servers on foreign network resources to host a program created by him, with the help of which he formed and sent forged electronic payment orders to credit and financial institutions.
The prosecution claims that Lysenko created a third on the basis of two computer programs, and with the help of it carried out reverse operations of canceling the withdrawal and transfer of funds.
The money was stolen with the help of this special program, which made it possible to withdraw funds from the accounts of bank customers, and then restore the balance at the expense of the financial structures themselves, law enforcement agencies believe.
The state prosecutor demanded that the defendants in the case be sentenced to imprisonment for a term of 6.5 to 15 years, the prosecutor's office requested the longest term for Lysenko.
For Nikolai Milovidov, Mikhail Oreshkin and Nikita Khadzhibekyan held in the pre-trial detention center, the prosecutor asked for 7 to 12 years in a general regime colony.
For the rest of the defendants in the case, who are on their own recognizance, the state prosecution requested from 6.5 to 10 years in a general regime colony.
According to the case file, the damage to PJSC Promsvyazbank amounted to 39.5 million rubles, PJSC Bank Uralsib - 45 million, PJSC Bank Trust - 106 million and PJSC Bank Zenit - 883.5 million rubles.
Lysenko's
defense completely rejects the arguments of the prosecution and insists on his innocence, and considers the charge against him to be entirely unfounded and refuted.
"The plots set forth in the indictment are not supported by any evidence. The state prosecution did not prove the existence of a criminal association and its qualifying features. Neither the amount of damage, nor the method of committing the crime, nor the fact that Lysenko received any income from the embezzlement incriminated to him was established," said the defendant's lawyer Ivan Mironov.
Moreover, the lawyer points out that during the judicial investigation it was established that Lysenko had an alibi: at that time, whenYes, according to the investigation, he allegedly created a criminal community, rented imaginary apartments, and also embezzled money and divided criminal proceeds, he was generally in another country.
"The prosecution did not even provide any evidence of Lysenko's special computer knowledge, and the defense denied this as well," Mironov said.
According to him, the rest of the defendants in the case had never seen Lysenko before the arrest and had not heard of him.
"The defendant Anton Testov, with whom a pre-trial cooperation agreement was concluded, said that all the operations of which Lysenko is accused were carried out by him, and not by Lysenko, he has never heard of Lysenko and does not know who he is, He was always free in his actions and never obeyed anyone," the lawyer said.
He added that at the initiative of the defense, 20 conclusions were prepared by leading Russian experts in the field of computer information, authorship and linguistics, which refuted the possibility of the existence of a mechanism of theft imputed by the investigation.
"Numerous responses to lawyers' requests from domestic and foreign companies and organizations, attached by the court to the case, show the fantasy of the investigation's version: there is no evidence that Lysenko rented any servers, as well as confirmation that he used the Internet at all during this period, moreover, numerous responses from hosting companies and Internet providers completely refute the charge brought against our client.
The investigation claims that the cancellation of transactions took place remotely through POS terminals in the United States, but in the log files from the processing centers submitted by the affected banks, it is indicated that the cancellation of transactions took place from ATMs with the physical presence of some attackers in the United States and Europe, which was also confirmed by international payment systems and numerous examinations. And our client has never been to the United States, and was not in Europe at the time of the incriminated transactions," the lawyer said.
He also added that one of the examinations established an excess of damage imputed to the defendants by almost 900 million rubles.
The defense of all the defendants in the criminal case asked the court to issue an acquittal.
----------------
The Meshchansky Court of Moscow sentenced to imprisonment for terms ranging from five years of general regime to 13 years of strict regime hackers, who were found guilty of creating a criminal community and embezzling about 1 billion rubles from various Russian banks - a total of 12 people. Two more received six-year suspended sentences. This decision was made by Judge Elena Gudoshnikova, Ivan Mironov, the lawyer of Yuri Lysenko, the main defendant in the case, told RBC.
The state prosecution requested terms for the accused from 6.5 years of general to 15 years of strict regime. The prosecutor claimed that the defendants stole about 883.7 million rubles from Zenit Bank, 106.3 million rubles from Trust Bank, 45.1 million rubles from Uralsib Bank and 39.5 million rubles from Promsvyazbank. The court decided to send one of the episodes of the case related to the theft from Promsvyazbank for further investigation.
The verdict was announced for more than a week. The defendants, led by 32-year-old Lysenko, depending on their role, were charged with creating a criminal community and participating in it (Article 210 of the Criminal Code), as well as up to four episodes of fraud in the field of computer information (Part 4 of Article 159.6 of the Criminal Code) and up to eight episodes of especially large-scale theft (Part 4 of Article 158 of the Criminal Code).
How the theft
scheme worked The hacker group has been working since July 2014, follows from the 600-page indictment in the case. Hackers have written a malicious program based on software designed to conduct bank payment orders on the Internet. By installing the program on rented servers outside Russia, they were able to send fake requests to banks for reverse transactions, that is, for the cancellation of previously conducted operations for withdrawing and transferring money.
Hackers bought bank cards from the so-called card sellers, issued to real people who did not actually use them and did not know anything about the activities of fraudsters. Small amounts were credited to these cards, which were subsequently withdrawn from ATMs or transferred. Then the fraudsters copied the details of these transactions from the receipts, formed fake requests for their cancellation with the help of a malicious program and sent them to banks. They canceled, the balance of the card was restored, while the withdrawn cash remained in the hands of the fraudsters.
For every card charge, there were many reverse transaction requests. Thus, the hackers repeatedly "returned" the withdrawn money to the card. For example, they robbed Zenit Bank for 883 million rubles, withdrawing only 22 thousand rubles from ATMs, the state prosecution claimed.
According to the state prosecution, the group was a complex criminal community: it consisted of three "functionally and territorially separate groups."Lysenko strictly limited the contacts of members of the community among themselves for conspiratorial purposes. Especially for the needs of the group, Lysenko rented an apartment in Moscow - the necessary equipment was placed there and information was exchanged. Lysenko took 80% of the stolen goods, another 20% was received by accomplices in each operation, the state prosecution claimed.
The scheme used by the Lysenko group is called "ATM-reverse" by experts, Valery Baulin, head of the Group-IB computer forensics laboratory, told RBC. He clarified that the fraudsters used access to compromised POS terminals in stores and cafes outside of Russia - fake requests to cancel the operationradios were sent through these terminals, and it looked like a return of goods or a refusal of a service.
The thefts became possible due to the fact that banks did not carefully check internal transactions, Baulin said. Thus, the processing systems did not take into account that cash was withdrawn from an ATM in Russia, and the cancellation request came from a terminal abroad.A few months later, the threat was noticed by the payment system - it began to block reverse transactions if the request for them did not come from the original ATM. But the attackers learned to bypass this block: they first began to transfer money to a card of another bank, withdraw money from an ATM of another bank, and then cancel the transfer operation.
Now the vulnerability has been closed by processing systems - transaction authorization includes checking for the coincidence of the point where the original operation was made and the point of the cancellation request, Baulin said.
Impossible mechanism
The investigation allowed falsifications in the case, says lawyer Mironov, who defends Lysenko. The accounting examination, which was carried out at the request of the defense, concluded that the damage from the alleged fraud was overstated by the investigation by about 900 million rubles, that is, ten times. And Lysenko was credited with creating software that "even hypothetically could not and could not have the functionality that investigator Dmitry Aleksashin came up with," Mironov said. According to him, now the defense is preparing statements demanding to check the alleged falsifications on the part of Aleksashin, who resigned from the investigative authorities.
The lawyers turned to the manufacturers of the source programs, from which, according to the state prosecution, Lysenko made fraudulent software. In their written responses, they stated that it was impossible to make changes to them. Investigators did not find traces of malware on the equipment seized during the searches, Mironov pointed out.
In addition, the defense submitted to the court 20 conclusions of Russian IT security specialists, who "excluded the very possibility of the existence of this theft mechanism, recognizing the version of the investigation as fantastic," Mironov said. At the same time, Group-IB expert Maxim Antipov, whose conclusion formed the basis of the prosecution's version, was not interrogated in the process - the court could not establish his whereabouts, the lawyer emphasized.
Antipov resigned from Group-IB more than four years ago and now lives in another city, Baulin told RBC. According to him, former colleagues provided the court with his contacts and notified the cyber criminologist about the request from the court. He was ready to speak in court, but asked to pay for the trip. "Apparently, such fairly ordinary conditions for the delivery to Moscow of the expert, whose conclusion formed the basis of the charges, could not be fulfilled," Baulin says.
-----------------
Ukrainian hacker avoided a new term in Russia
The sentence to Yuriy Lysenko was overturned for violations of the law.
As it became known to Kommersant, the Moscow City Court overturned the sentence of a group of hackers who in the middle of the last decade stole about 1 billion rubles from several large banks and their depositors. According to the decision of the appellate instance, this episode will be considered in court again. However, almost half of the defendants, with the exception of the organizer of the criminal community, a hacker with Ukrainian citizenship, and his main accomplices, have already managed to be released.
Trials in the cases of the organized criminal community (OCG), which was put together by a citizen of Ukraine Yuriy Lysenko for almost ten years, have been going on with short breaks since April 2017. As Kommersant told, then the Meshchansky District Court received a criminal case numbering almost 100 volumes against the hacker and 13 of his accomplices. According to investigators of the Ministry of Internal Affairs, whose arguments were later confirmed by the courts, in 2014 the Ukrainian created an organized crime group, which was initially engaged in "cleaning" the accounts of ordinary bank customers.
They put a certain amount on the card of a credit institution, then transferred it to another card. Then a virus program was launched, canceling the transaction. Considering that the transfer failed, the banks returned this money to the sender's account, but from their own funds. As a result, the hackers had twice the amount.
In this way, according to the investigation, more than 1 billion rubles were stolen, of which about 800 million rubles were received by the leader of the organized crime group. The second source of income for hackers was the installation of special devices on ATMs that allow them to control the process of issuing banknotes. As it was established by the investigation, Promsvyazbank, Zenit, Trust, Uralsib banks and a number of other credit institutions recognized as victims in the case suffered from the actions of the organized crime group. At the end of July 2015, the arrests of fraudsters began. However, only a few of them were taken into custody, including Yuriy Lysenko himself, and the rest, despite the severity of the charges, were left on their own recognizance. The alleged leader was accused of creating an organized crime group (Part 1 of Article 210 of the Criminal Code of the Russian Federation), and the rest were accused of participating in it (Part 2 of Article 210 of the Criminal Code of the Russian Federation) and committing a number of especially large frauds in the field of computer information (Part 4 of Article 159.6 of the Criminal Code of the Russian Federation), as well as especially large-scale thefts (Part 4 of Article 158 of the Criminal Code of the Russian Federation). During the preliminary investigation, only one participant in cyber fraud, Anton Testov, fully admitted his guilt, having received a seven-year sentence thanks to a deal with justice. The rest either completely denied involvement in the crimes, or agreed with individual charges.
In 2018, in the midst of hearings, the defendants co-founders of Smart Solutions Group of Companies Artem Mazurenko and Anton Ekimenko, who were at large, unexpectedly disappeared and were put on the wanted list. The rest came to the verdict, announced in February 2019, with trunks of things. During the debate of the parties, the prosecutor asked for 15 years of strict regime for Yuriy Lysenko as the leader of the organized crime group and its think tank, and for the rest - from 7 to 12 years in total. As expected, the court sentenced the main hacker to 13 years in prison, and sentenced the rest to 5 to 10 years, leaving only two at large with a suspended sentence.
Appealing the verdicts, the defendants pointed out that there was no organized crime group at all,Its participants did not know each other, no money was found in the ringleader's possession, and the examinations in the case do not stand up to criticism. However, the appellate instance mitigated the punishment of only a few convicts. At the same time, materials on several cases of embezzlement of money from banks were sent for additional investigation to eliminate violations. Yuriy Lysenko and six other previously convicted hackers were again accused of them.
The start of the trial was repeatedly postponed. In the summer of this year, the Lefortovo court increased the term of Yuri Lysenko to 16 years, and the rest - by 1-2 years. However, the appeal of the Moscow City Court canceled this "aggravation" due to violations, sending the case for a new trial.
It is worth noting that some of the group of hackers who did not get to the retrial have already served their sentence at the moment.
Meanwhile, this did not affect the fate of the defendants who fled in 2018. Artem Mazurenko was caught in May last year, and the court resumed proceedings in his case. Anton Ekimenko, who was captured later, is preparing for the trial. The claims of banks against the defendants are to be considered in civil proceedings.
• Source: https://www.kommersant.ru/doc/5594752
-----------------
As it became known to Kommersant, the Basmanny District Court of Moscow sentenced hacker Artem Mazurenko to six years in prison. At one time, he was a member of an organized crime community that stole about 1 billion rubles from several large banks and their depositors. Without waiting for the verdict, they disappeared. They were detained only recently, and the accomplices were tried separately. Mr. Mazurenko, although he did not consider himself involved in the community and spoke about his insignificant role, fully admitted his guilt, still received a rather harsh sentence, taking into account the escape. His lawyer, who, by the way, signed up as a volunteer for the defense of Donbass, appealed the decision as too harsh before being sent to the special operation zone.
The verdict to Artem Mazurenko was announced the other day by the judge of the Basmanny Court of the capital, Valentina Levashova, after a trial that had been going on since February this year. She found the defendant guilty of committing especially large-scale fraud in the field of computer information (Part 4 of Article 159.6 of the Criminal Code of the Russian Federation), as well as participation in an organized criminal community (Part 2 of Article 210 of the Criminal Code of the Russian Federation). According to Kommersant, during the debate of the parties, representatives of the state prosecution asked to sentence the accused to eight years in prison in a general regime colony, a fine of 250 thousand rubles and restriction of freedom for a period of ten months after serving the sentence.
Taking into account mitigating circumstances and a full admission of guilt by Artem Mazurenko himself, he was eventually sentenced to six years in a general regime colony.
It should be noted that the case of Mr. Mazurenko was singled out from several others related to the activities of a group of hackers who literally thundered throughout Russia about ten years ago, and the processes on them have been going on almost continuously since April 2017. As Kommersant told, then the Meshchansky District Court received a criminal case numbering almost 100 volumes against the capital's hacker of Ukrainian origin Yuri Lysenko and 13 of his accomplices.
According to the investigators of the Ministry of Internal Affairs, whose arguments were later confirmed by the courts, in 2014 the Ukrainian created an organized crime group, which was initially engaged in "cleaning" the accounts of ordinary bank customers. They put a certain amount on the card of a credit institution, then transferred it to another card. Then a virus program was launched, canceling the transaction. Considering that the transfer failed, the banks returned this money to the sender's account, but from their own funds. As a result, the hackers had twice the amount.
In this way, according to the investigation, more than 1 billion rubles were stolen, of which about 800 million rubles were received by the leader of the organized crime group Lysenko.
The second source of income for hackers was the installation of special devices on ATMs that allow them to control the process of issuing banknotes. As it was established by the investigation, Promsvyazbank, Zenit, Trust, Uralsib banks and a number of other credit institutions recognized as victims in the case suffered from the actions of the organized crime group. At the end of July 2015, the arrests of fraudsters began. However, only a few of them were taken into custody, including Yuriy Lysenko himself, and the rest, despite the severity of the charges, were left on their own recognizance. Among the latter were the co-founders of Smart Solutions Group of Companies LLC Artem Mazurenko and Anton Ekimenko. In 2018, in the midst of the hearings, they unexpectedly stoppedto go to them, anticipating a harsh sentence.
As expected, the court sentenced the leader of the organized crime group to 13 years of strict regime, sending the rest to general regime colonies for terms of five to ten years. Only two of the defendants got off with suspended sentences. In turn, Messrs. Mazurenko and Ekimenko were put on the wanted list. The first was caught and placed in pre-trial detention center-4 "Medved" in May last year, and his accomplice a little later. It should be noted that during this time, another case of seven previously convicted hackers on a number of embezzlements separated from a large investigation managed to reach the court.
As Kommersant told, in the summer of this year, the Lefortovo court increased Yuri Lysenko's term to 16 years, and the rest - by one to two years. However, the appeal of the Moscow City Court canceled this "aggravation" due to violations, sending the case for a new trial. However, this event is unlikely to somehow affect the fate of both Artem Mazurenko and Anton Ekimenko, whose trial should begin in the Basmanny Court only in mid-November.
Mr. Mazurenko's lawyer Tair Rzayev explained to Kommersant that his client denied participation in the organized crime group, and the accusations of involvement in the embezzlement were limited to one episode.
According to him, even during the investigation many years ago, he could well count on requalification as a witness due to the insignificance of his role. "However, in connection with the verdict already passed in 2019, approved by the appeal, our ability to deny participation in the organized crime group was limited," the lawyer said. According to him, the "decision to escape" in 2018 "was fundamentally wrong" and "aggravated the situation." And it was because of this that "the opportunities for defense were small," and therefore he recommended that Artem Mazurenko agree with the charge in full.
According to Mr. Rzayev, the verdict was appealed in terms of its "excessive severity." Taking into account the fact that the court counted as a day and a half the time spent in the pre-trial detention center, as well as the possible additional leniency from the appellate instance, Artem Mazurenko will soon be able to ask for parole. However, he may also have to participate in the civil process, where the claim of the banks as aggrieved parties for compensation for the damage caused to them is directed.
However, as the lawyer noted, in the future, the interests of the convict will be represented by his colleague, since Tahir Rzayev himself signed up as a volunteer to participate in the special military operation to protect Donbass. As the lawyer clarified, he recently turned 50 years old and the military registration and enlistment office officially refused him. Meanwhile, the defender, who decided to go to the front "out of conviction", joined one of the volunteer formations. He noted that at the same time he is not listed as a military serviceman, and therefore he does not need to suspend his lawyer status in the chamber and, if necessary, he can participate in any process in the territory of new regions.
• Source: https://www.kommersant.ru/doc/5667803
-------------
The Basmanny District Court of Moscow sentenced hacker Anton Ekimenko to six years in prison in the case of fraud with bank accounts for 168 million rubles. According to the investigation, Ekimenko was a member of a group led by Ukrainian Yuri Lysenko - in 2014-2015, members of this organized crime group, using special software, stole 1 billion rubles from Promsvyazbank, Zenit, Uralsib and Trust. In 2019, Lysenko and his accomplices received long prison terms, Banks are still being attacked by fraudsters, but security services manage to prevent thousands of such crimes, experts explained to Izvestia.
Double profit
On August 27, the Basmanny District Court of Moscow completed the case of a member of a hacker group that stole 1 billion from several Russian banks. Anton Ekimenko received six years in a general regime colony. It was he who was charged with stealing 168 million rubles from Promsvyazbank, Uralsib and Trust in 2014-2015.
Ekimenko was a member of the organized criminal community (OCG), which was headed by a citizen of Ukraine Yuriy Lysenko. In 2014, he created an organized crime group of 17 people and developed a scheme for embezzlement of funds from credit institutions.
To do this, the accomplices rented foreign servers, on which they placed special fraudulent software. He interfered with the banking systems and informed the bank about the cancellation of the transaction, which was actually carried out. Thanks to this malware, the attackers transferred money from one bank account to another, and in return received double the amount. Banking systems believed that the transfer did not go through, and returned the money from their own funds.
In addition to Promsvyazbank, Uralsib and Trust, the victims in the case were Zenit Bank and several other credit institutions.
Detentions of members of the organized crime group began back in 2015, and they were sentenced in 2019.
The rest of the defendants in the case received from 5 to 10 years in prison and suspended sentences. But Ekimenko managed to escape at the stage of the investigation of the case - he violated the chosen measure of restraint and was put on the federal wanted list. His case was separated into a separate proceeding and detained only in 2022.
Ekimenko was charged under articles on participation in a criminal community (Part 2 of Article 210 of the Criminal Code of the Russian Federation) and fraud in the field of computer information committed by an organized group on an especially large scale (Part 4 of Article 159.6 of the Criminal Code of the Russian Federation). In addition to Ekimenko, another defendant in the case, Artem Mazurenko, managed to hide from the preliminary investigation. He was also detained in 2022 and sentenced to six years in prison.
• Video: https://iz.ru/video/embed/1749504
• Source: https://epp.genproc.gov.ru/web/proc_77/mass-media/news?item=97361011
• Source: https://iz.ru/1749581/stanislav-kuc...luchil-6-let-za-krazhu-168-millionov-u-bankov
