News about detentions of cybercriminals in Russia appears in the media with enviable regularity. The headlines are loud, but it is impossible to understand what exactly the detainees are accused of and what crimes they committed. This article will tell you about how cyber villains are judged in our country and how strict our judicial system is to them.
As you know, in Russia, the main fighters against cybercrime are specialized units of the FSB and the Ministry of internal Affairs. Based on their materials, criminal cases are initiated, which are subsequently transferred to the court, where a court decision is made. To assess the effectiveness of the fight against crimes in the field of computer technology, I analyzed court decisions for 2019 on hacker articles of the Criminal code based on open data. This information is posted online in accordance with Federal law No. 262-FZ of 22.12.2008 "on providing access to information on the activities of courts in the Russian Federation". In some cases, the texts of judicial acts were missing (without explanation) - I did not consider them in the study.
Attacks on state information infrastructure facilities
You could see news about these crimes in the media under the headline "Convicted hacker who tried to hack the website of the Government, Administration, Ministry...". A loud headline, the words "hacker" and "hacked" give the average reader the impression that a seasoned criminal has been detained. But this is not always the case.
The scheme of committing a crime is as follows: an attacker installs hacker software on his computer and breaks with it remote servers, among which a resource belonging to a state body is found. In such cases, there are three types of computer attacks: SQL injection, Bruteforce, and DDoS. According to court decisions, cybercriminals use the following programs recognized as malicious when performing computer attacks: ScanSSH, Intercepter-NG, NLBrute 1.2, RDP Brute, Ultra RDP2, sqlmap, Netsparker, SQLi Dumper.
At the same time, many texts of court decisions indicate that computer attacks were carried out from real IP addresses. That is, law enforcement agencies easily identify the villains and prove their involvement in illegal activities.
Such computer attacks rarely lead to real hacking of the system, and most often they are committed by "novice hackers". This explains the relatively "lenient" sentences of the courts: out of 27 cases, only three were given real terms-for repeat offenders previously convicted under various articles of the Criminal code. In thirteen cases, the defendants were subjected to other types of punishment not related to deprivation of liberty. In ten cases, the criminal case was dismissed.
A very interesting case is when a citizen who is already serving a sentence in a correctional colony appeared before the court. Employees of the correctional institution gave him access to a computer in the security Department for processing reference and documentary materials, as well as creating a 3D model of the colony. The defendant found a file of prisoners on the Internet and copied it for further study. Then, using the IPScan program received from the automation group engineer, he found a proxy server on the local network. After connecting to it, the villain downloaded the Intercepter-NG and NLBrute 1.2 malware from the Internet, with which he tried to hack another computer. All this sounds funny, but this level of information security in the security Department of the correctional colony is still surprising.
Embezzlement of money
In the XXI century, money is stored not only in the savings Bank, but also in the accounts of electronic payment systems. It is believed that cybercrimes related to money theft carry a high degree of public danger, which is why the punishment for them is more severe.
Hacking ATMs
In 2019, three court decisions were made on this type of crime. You probably heard about the first one thanks to the loud media headlines: "hackers from the international criminal group Cobalt were sentenced in Russia". Under this name, a well-known news site published an article about the conviction of two "mules" involved in the theft of 21.7 million rubles in 2017 from the Yakut Bank Almazergienbank.
It was like this. Representatives of the cobalt hacker group hacked the work computer of a Bank employee by sending fake emails allegedly from the Microsoft support service. Having gained a foothold in the network, hackers increased their privileges to the level of domain administrator, connected to ATMs via RDP and used malware to send commands to issue banknotes. The two brothers who appeared before the court were engaged in collecting funds. For their work, they received 10% of the stolen amount.
The court sentenced them to six and a half and five and a half years in prison. It is noteworthy that they have already managed to transfer the stolen money to the organizers, keeping two million rubles for themselves. They used this money to pay off the material damage caused to the Bank. The remaining part of the claim was also repaid, including at the expense of the apartment of one of the brothers.
In the second case, a group of four people appeared before the court. Criminals opened ATMs and connected to USB ports, and then used the cutlet Maker malware to start issuing banknotes. At the same time, an unidentified group member who received 30% of the stolen amount for his "services" remotely activated the program.
Criminals made several attempts to break into ATMs, but only one was successful. The amount from 250 thousand to 1 million rubles was stolen. The villains were detained during another attempt to open an ATM. The court imposed sentences ranging from one year and seven months to four years in prison.
The third case is similar to the second. The same Cutlet Maker, the same 30% for remote activation. The perpetrator acted alone. He unloaded about four million rubles from the ATM of PJSC "Minbank" and was caught during the second attempt to break into the ATM. The court did not accept the defense's arguments about the defendant's difficult financial situation and imposed a sentence of four years in prison.
All these cases have one thing in common: low-skilled members of criminal groups were brought to trial, and the definition of "thieves" is more suitable for them than "hackers". "Think tanks" and real organizers were beyond the reach of law enforcement officers.
Trojans for Android
Two episodes deserve special attention in this section. In one of them, an attacker who committed a crime while already in a penal colony was sentenced to a real term. Using a smartphone, he compiled and distributed an Android Trojan that was installed on mobile devices of Russian citizens. After that, the villain transferred money from their Bank cards through a remote banking system. We can only guess how he got the smartphone while already serving his sentence, as well as how he acquired the necessary skills and knowledge after all, at the time of the crime, he had been in prison for more than ten years.
The episode with the detention in the Chuvash Republic of a member of the TipTop hacker group also received wide publicity in the Russian media. For several years, hackers distributed banking Trojans Hqwar, Honli, Asacub. g, Cron and CatsElite under the guise of various applications and installed them on users ' Android smartphones. They used malware to intercept information, steal Bank card details, and steal money from citizens. And once again, an ordinary member of the group who played the role of a cashier appeared before the court. According to the totality of crimes, he was sentenced to two years of probation.
In other cases, only low skilled participants of criminal groups-cashiers and drop-movers who found an offer of illegal earnings on shadow forums and responded to it-also fell under the punishing hand of justice.
Phishing
With the help of phishing messages, a certain cyber-villain took over the accounts from the mailboxes of auto shops. After that, he issued invoices to store customers with fake Bank details. At the trial, 80 episodes were considered, in total, the defendant stole about 3.5 million rubles. It is noteworthy that the expert recognized phishing pages that mimic the authorization window in mail services as malicious software. The attacker was sentenced to four and a half years in prison.
In another case of money theft using phishing, the case was limited to a suspended sentence. The criminal forged the login pages of the banking application, so he took possession of the client's authorization data and transferred 14,800 rubles to a personal account under his control.
A Voronezh resident also received a sentence unrelated to actual imprisonment. He offered hacking services for email and social media accounts for a modest fee of 2-5 thousand rubles. He stole account data by sending phishing messages on behalf of the service administration. He did this for two years, until he was caught by law enforcement officers.
Duffel carding
The defendant hacked the accounts of store users amazon.com, pharmacy.kmart.com, pccomponentes.com and some others and bought goods. Things he resold on hacker forums wwh-club.net and exploit.in for 60-70 % of the face value. It worked through a virtual server purchased from a Russian-registered hosting provider. The villain was sentenced to restriction of freedom.
Ransomware
In practice, IT specialists often have to deal with the consequences of this type of crime. Nevertheless, there are only three court decisions for 2019.
In the first case, the attacker brute-forced the servers of Russian companies and encrypted the 1C databases on the hacked systems. For the decryptor program, he demanded to transfer 3000 rubles to a mobile phone number. A suspended sentence was imposed.
In the second case, the case of encryption of 1,835 computers (all foreign) was considered. The RDP Brute and mimicatz programs were used to hack and get accounts. For the purpose of anonymization, the attacker rented foreign servers, and stored the malware in cryptographic containers. I went online using a MegaFon USB modem, using various SIM cards (I changed them several times a month). Computers located in Russia, did not hack because of their "moral beliefs". Having received the required amount in bitcoins, the criminal sent keys to the victims. In total, according to the court, he earned 3,936,091 rubles.
Despite all the conspiracy measures taken, the criminal was detained by law enforcement agencies. He was given a suspended sentence of seven months of imprisonment with a probationary period of one year and a fine of 100 thousand rubles. No civil claims were filed in the case.
As a result, the cybercriminal remained at large, almost four million rubles remained from the stolen funds, and the state received a fine of 100 thousand. If he had been in the United States, he would probably have received a harsher sentence, supported by a larger fine. Plus, if you go abroad, you can count on one of the principles of international law — Non bis in idem ("a Person is not responsible for one offense more than once"). A real happy ending for the hacker!
Another case of file encryption and ransom demands is notable for the fact that the criminals were convicted under the relatively new article of the Criminal code 274.1 — "Illegal influence on the critical information infrastructure of the Russian Federation". Servers of Vostochnaya Verf JSC, which are considered an object of critical information infrastructure, turned out to be encrypted. Not the best target to attack in terms of potential punishment. The criminals received two years of probation.
Bughunter
An unfortunate case of baghunting occurred in the city of Balakovo, Saratov region. A local hacker hacked the accounts of online stores and online services using Private Keeper. He threatened to distribute the received data and demanded a monetary reward from the service owners for information about the alleged vulnerability. The required amount was up to 250 thousand rubles. He asked to transfer the money to a QIWI wallet and Bank card registered to his mother. Among the victims, there were those who agreed to pay the required amount. I'm sure you guessed it yourself that after the payment of funds, the victims did not receive any report on the identified bugs.
The villain also transferred bonuses from hacked personal accounts of users of the utility payment site in the amount of 2,100 rubles. Apparently, he did not adhere to high moral principles and was ready to steal from everywhere. Given the young age and state of health, the villain was sentenced to three years and three months of probation.
Here, once again, we see an example when a cybercriminal becomes a user who does not have deep hacker knowledge, but has a computer and Internet access.
You've probably seen ads about the sale of malicious software on hacker forums and Telegram channels. Experienced malware vendors and developers use various methods of anonymization or work through intermediaries, which allows them to avoid criminal liability. As a rule, novice hackers are brought before the court. The damage caused by their actions is insignificant, so the punishment is not strict.
Among the court cases reviewed last year, hidden miners, a software activator, and brute-forcing programs were distributed using the Telegram messenger in five cases. In another case, an attacker created a RAT and used it to sell Skype for 1,600 rubles. In all cases, a sentence was imposed that is not related to actual deprivation of liberty.
But to the administrator of the telegram channel "Dark Side / Manuals / Schemes " were not so lucky. At the time of the crime, he had a suspended sentence under article 159.1 of the criminal code of the Russian Federation ("Fraud in the field of lending») with a non-expired probationary period. In his channel, the admin distributed the programs AntiCaptcha Brute and Checker, BigStockPhotos, eBay Checker and PayPal Brute & Checker, for which he was detained by the police. Taking into account the unserved part of the sentence, he was sentenced to three years in prison.
Stealers
The attacker used a Stealer to illegally copy at least 42,371 archives with passwords, credit card details, and Steam accounts. He planned to sell the information for at least 4,563,000 rubles, but did not have time. The court gave him a suspended sentence of two years in prison.
In the second case, a resident of Chelyabinsk posted a video on YouTube about the passage of computer games and immediately posted a link to download the Stealer under the guise of a patch. The criminal stole credentials from the Internet services of several users. He received a sentence of restriction of liberty.
Web shells
One of the convicts sold web shells and bruteforce software. Caught selling malware to an FSB employee who was performing a test purchase. The hapless merchant was sentenced to restriction of freedom.
Selling credentials
Criminals brutalized accounts from popular Internet services and checked their validity, and then sold them. In two cases, a sentence of restriction of freedom was imposed, in one case the criminal case was dismissed and a fine of 10 thousand rubles was imposed.
Copyright infringement
This is the most popular article on which law enforcement agencies bring it specialists to justice. The guilt of the accused is easily provable, in most cases the collection of evidence was limited to a test purchase.
Neutralization of licensed SOFTWARE protection tools
The scheme for collecting the evidence base is as follows: a verification purchase is carried out - an attacker is ordered to install expensive SOFTWARE. Most often" purchased "Compass-3D, ArchiCAD, Autodesk AutoCAD, Microsoft Office, Microsoft Windows, Profstroy. Malefactors received a reward from 700 to 5000 rubles for installing unlicensed SOFTWARE.
I am glad that in half of the cases, the defendants were released from criminal punishment, which was replaced by a court fine. But it is not always possible to apply this procedural norm — in some cases, operatives "purchased" SOFTWARE, the total cost of which exceeded one million rubles (especially large damage), so the defendants were given a more severe sentence, up to probation.
Video game consoles and online games
In some cases, the defendants neutralized the protection system of Sony PlayStation video game consoles in order to sell them later. One violator was sentenced to restriction of liberty, the second received a suspended sentence of one year. In the case of a computer game, the defendant blocked R2 Online's technical security features. The criminal case was dismissed and a fine of 100 thousand rubles was imposed.
Mining operations
Two employees of the state enterprise "Russian Federal nuclear center - all-Russian research Institute of experimental physics" decided to use the organization's computers for cryptocurrency mining. They tried to hide their activities, but were caught nonetheless. The damage to the enterprise was estimated at 1,087,448 rubles. One of the miners received three years and three months of imprisonment with a fine of 200 thousand rubles, the second - four years of probation with a fine of 250 thousand rubles.
Conclusions
The Russian judicial system is known for its leniency and leniency towards cybercriminals. Real terms are given to those who are involved in the Commission of socially dangerous crimes related to embezzlement of money, or repeat offenders. Quite often, a criminal case is dismissed and a court fine is imposed. This saves novice hackers from the lifelong stigma of a criminal record and subsequent employment problems.
As for the capture of serious cybercriminals, mules, drops and cashiers are most often brought to court, and the real organizers avoid punishment. A successful example of eliminating the activities of a hacker group can only be considered the detention of members of the Lurk group, whose trial is still ongoing.
Often, IT specialists are brought to criminal responsibility for installing unlicensed SOFTWARE. Given the low degree of danger of the crime, it would be fairer to terminate the criminal case with a fine.
Tools for hacking and designing malware are becoming more accessible, so we are probably waiting for even more high-profile headlines in the media about the capture and exposure of cool and formidable hackers, who in most cases turn out to be ordinary performers and script kiddies far from IT.
As you know, in Russia, the main fighters against cybercrime are specialized units of the FSB and the Ministry of internal Affairs. Based on their materials, criminal cases are initiated, which are subsequently transferred to the court, where a court decision is made. To assess the effectiveness of the fight against crimes in the field of computer technology, I analyzed court decisions for 2019 on hacker articles of the Criminal code based on open data. This information is posted online in accordance with Federal law No. 262-FZ of 22.12.2008 "on providing access to information on the activities of courts in the Russian Federation". In some cases, the texts of judicial acts were missing (without explanation) - I did not consider them in the study.
Attacks on state information infrastructure facilities
You could see news about these crimes in the media under the headline "Convicted hacker who tried to hack the website of the Government, Administration, Ministry...". A loud headline, the words "hacker" and "hacked" give the average reader the impression that a seasoned criminal has been detained. But this is not always the case.
The scheme of committing a crime is as follows: an attacker installs hacker software on his computer and breaks with it remote servers, among which a resource belonging to a state body is found. In such cases, there are three types of computer attacks: SQL injection, Bruteforce, and DDoS. According to court decisions, cybercriminals use the following programs recognized as malicious when performing computer attacks: ScanSSH, Intercepter-NG, NLBrute 1.2, RDP Brute, Ultra RDP2, sqlmap, Netsparker, SQLi Dumper.
At the same time, many texts of court decisions indicate that computer attacks were carried out from real IP addresses. That is, law enforcement agencies easily identify the villains and prove their involvement in illegal activities.
- The real term is imprisonment for a certain period of time.
- Other types of punishment - anything that does not entail actual deprivation of liberty.
- The criminal case was dismissed in connection with the reconciliation of the parties, the imposition of a court fine, or active remorse. The fundamental difference from other types of punishments is that a person is not considered to be convicted.
Such computer attacks rarely lead to real hacking of the system, and most often they are committed by "novice hackers". This explains the relatively "lenient" sentences of the courts: out of 27 cases, only three were given real terms-for repeat offenders previously convicted under various articles of the Criminal code. In thirteen cases, the defendants were subjected to other types of punishment not related to deprivation of liberty. In ten cases, the criminal case was dismissed.
A very interesting case is when a citizen who is already serving a sentence in a correctional colony appeared before the court. Employees of the correctional institution gave him access to a computer in the security Department for processing reference and documentary materials, as well as creating a 3D model of the colony. The defendant found a file of prisoners on the Internet and copied it for further study. Then, using the IPScan program received from the automation group engineer, he found a proxy server on the local network. After connecting to it, the villain downloaded the Intercepter-NG and NLBrute 1.2 malware from the Internet, with which he tried to hack another computer. All this sounds funny, but this level of information security in the security Department of the correctional colony is still surprising.
Embezzlement of money
In the XXI century, money is stored not only in the savings Bank, but also in the accounts of electronic payment systems. It is believed that cybercrimes related to money theft carry a high degree of public danger, which is why the punishment for them is more severe.
Hacking ATMs
In 2019, three court decisions were made on this type of crime. You probably heard about the first one thanks to the loud media headlines: "hackers from the international criminal group Cobalt were sentenced in Russia". Under this name, a well-known news site published an article about the conviction of two "mules" involved in the theft of 21.7 million rubles in 2017 from the Yakut Bank Almazergienbank.
It was like this. Representatives of the cobalt hacker group hacked the work computer of a Bank employee by sending fake emails allegedly from the Microsoft support service. Having gained a foothold in the network, hackers increased their privileges to the level of domain administrator, connected to ATMs via RDP and used malware to send commands to issue banknotes. The two brothers who appeared before the court were engaged in collecting funds. For their work, they received 10% of the stolen amount.
The court sentenced them to six and a half and five and a half years in prison. It is noteworthy that they have already managed to transfer the stolen money to the organizers, keeping two million rubles for themselves. They used this money to pay off the material damage caused to the Bank. The remaining part of the claim was also repaid, including at the expense of the apartment of one of the brothers.
In the second case, a group of four people appeared before the court. Criminals opened ATMs and connected to USB ports, and then used the cutlet Maker malware to start issuing banknotes. At the same time, an unidentified group member who received 30% of the stolen amount for his "services" remotely activated the program.
Criminals made several attempts to break into ATMs, but only one was successful. The amount from 250 thousand to 1 million rubles was stolen. The villains were detained during another attempt to open an ATM. The court imposed sentences ranging from one year and seven months to four years in prison.
The third case is similar to the second. The same Cutlet Maker, the same 30% for remote activation. The perpetrator acted alone. He unloaded about four million rubles from the ATM of PJSC "Minbank" and was caught during the second attempt to break into the ATM. The court did not accept the defense's arguments about the defendant's difficult financial situation and imposed a sentence of four years in prison.
All these cases have one thing in common: low-skilled members of criminal groups were brought to trial, and the definition of "thieves" is more suitable for them than "hackers". "Think tanks" and real organizers were beyond the reach of law enforcement officers.
Trojans for Android
Two episodes deserve special attention in this section. In one of them, an attacker who committed a crime while already in a penal colony was sentenced to a real term. Using a smartphone, he compiled and distributed an Android Trojan that was installed on mobile devices of Russian citizens. After that, the villain transferred money from their Bank cards through a remote banking system. We can only guess how he got the smartphone while already serving his sentence, as well as how he acquired the necessary skills and knowledge after all, at the time of the crime, he had been in prison for more than ten years.
The episode with the detention in the Chuvash Republic of a member of the TipTop hacker group also received wide publicity in the Russian media. For several years, hackers distributed banking Trojans Hqwar, Honli, Asacub. g, Cron and CatsElite under the guise of various applications and installed them on users ' Android smartphones. They used malware to intercept information, steal Bank card details, and steal money from citizens. And once again, an ordinary member of the group who played the role of a cashier appeared before the court. According to the totality of crimes, he was sentenced to two years of probation.
In other cases, only low skilled participants of criminal groups-cashiers and drop-movers who found an offer of illegal earnings on shadow forums and responded to it-also fell under the punishing hand of justice.
Phishing
With the help of phishing messages, a certain cyber-villain took over the accounts from the mailboxes of auto shops. After that, he issued invoices to store customers with fake Bank details. At the trial, 80 episodes were considered, in total, the defendant stole about 3.5 million rubles. It is noteworthy that the expert recognized phishing pages that mimic the authorization window in mail services as malicious software. The attacker was sentenced to four and a half years in prison.
In another case of money theft using phishing, the case was limited to a suspended sentence. The criminal forged the login pages of the banking application, so he took possession of the client's authorization data and transferred 14,800 rubles to a personal account under his control.
A Voronezh resident also received a sentence unrelated to actual imprisonment. He offered hacking services for email and social media accounts for a modest fee of 2-5 thousand rubles. He stole account data by sending phishing messages on behalf of the service administration. He did this for two years, until he was caught by law enforcement officers.
Duffel carding
The defendant hacked the accounts of store users amazon.com, pharmacy.kmart.com, pccomponentes.com and some others and bought goods. Things he resold on hacker forums wwh-club.net and exploit.in for 60-70 % of the face value. It worked through a virtual server purchased from a Russian-registered hosting provider. The villain was sentenced to restriction of freedom.
Ransomware
In practice, IT specialists often have to deal with the consequences of this type of crime. Nevertheless, there are only three court decisions for 2019.
In the first case, the attacker brute-forced the servers of Russian companies and encrypted the 1C databases on the hacked systems. For the decryptor program, he demanded to transfer 3000 rubles to a mobile phone number. A suspended sentence was imposed.
In the second case, the case of encryption of 1,835 computers (all foreign) was considered. The RDP Brute and mimicatz programs were used to hack and get accounts. For the purpose of anonymization, the attacker rented foreign servers, and stored the malware in cryptographic containers. I went online using a MegaFon USB modem, using various SIM cards (I changed them several times a month). Computers located in Russia, did not hack because of their "moral beliefs". Having received the required amount in bitcoins, the criminal sent keys to the victims. In total, according to the court, he earned 3,936,091 rubles.
Despite all the conspiracy measures taken, the criminal was detained by law enforcement agencies. He was given a suspended sentence of seven months of imprisonment with a probationary period of one year and a fine of 100 thousand rubles. No civil claims were filed in the case.
As a result, the cybercriminal remained at large, almost four million rubles remained from the stolen funds, and the state received a fine of 100 thousand. If he had been in the United States, he would probably have received a harsher sentence, supported by a larger fine. Plus, if you go abroad, you can count on one of the principles of international law — Non bis in idem ("a Person is not responsible for one offense more than once"). A real happy ending for the hacker!
Another case of file encryption and ransom demands is notable for the fact that the criminals were convicted under the relatively new article of the Criminal code 274.1 — "Illegal influence on the critical information infrastructure of the Russian Federation". Servers of Vostochnaya Verf JSC, which are considered an object of critical information infrastructure, turned out to be encrypted. Not the best target to attack in terms of potential punishment. The criminals received two years of probation.
Bughunter
An unfortunate case of baghunting occurred in the city of Balakovo, Saratov region. A local hacker hacked the accounts of online stores and online services using Private Keeper. He threatened to distribute the received data and demanded a monetary reward from the service owners for information about the alleged vulnerability. The required amount was up to 250 thousand rubles. He asked to transfer the money to a QIWI wallet and Bank card registered to his mother. Among the victims, there were those who agreed to pay the required amount. I'm sure you guessed it yourself that after the payment of funds, the victims did not receive any report on the identified bugs.
The villain also transferred bonuses from hacked personal accounts of users of the utility payment site in the amount of 2,100 rubles. Apparently, he did not adhere to high moral principles and was ready to steal from everywhere. Given the young age and state of health, the villain was sentenced to three years and three months of probation.
Here, once again, we see an example when a cybercriminal becomes a user who does not have deep hacker knowledge, but has a computer and Internet access.
Services
Distribution of malware carriersYou've probably seen ads about the sale of malicious software on hacker forums and Telegram channels. Experienced malware vendors and developers use various methods of anonymization or work through intermediaries, which allows them to avoid criminal liability. As a rule, novice hackers are brought before the court. The damage caused by their actions is insignificant, so the punishment is not strict.
Among the court cases reviewed last year, hidden miners, a software activator, and brute-forcing programs were distributed using the Telegram messenger in five cases. In another case, an attacker created a RAT and used it to sell Skype for 1,600 rubles. In all cases, a sentence was imposed that is not related to actual deprivation of liberty.
But to the administrator of the telegram channel "Dark Side / Manuals / Schemes " were not so lucky. At the time of the crime, he had a suspended sentence under article 159.1 of the criminal code of the Russian Federation ("Fraud in the field of lending») with a non-expired probationary period. In his channel, the admin distributed the programs AntiCaptcha Brute and Checker, BigStockPhotos, eBay Checker and PayPal Brute & Checker, for which he was detained by the police. Taking into account the unserved part of the sentence, he was sentenced to three years in prison.
Stealers
The attacker used a Stealer to illegally copy at least 42,371 archives with passwords, credit card details, and Steam accounts. He planned to sell the information for at least 4,563,000 rubles, but did not have time. The court gave him a suspended sentence of two years in prison.
In the second case, a resident of Chelyabinsk posted a video on YouTube about the passage of computer games and immediately posted a link to download the Stealer under the guise of a patch. The criminal stole credentials from the Internet services of several users. He received a sentence of restriction of liberty.
Web shells
One of the convicts sold web shells and bruteforce software. Caught selling malware to an FSB employee who was performing a test purchase. The hapless merchant was sentenced to restriction of freedom.
Selling credentials
Criminals brutalized accounts from popular Internet services and checked their validity, and then sold them. In two cases, a sentence of restriction of freedom was imposed, in one case the criminal case was dismissed and a fine of 10 thousand rubles was imposed.
Copyright infringement
This is the most popular article on which law enforcement agencies bring it specialists to justice. The guilt of the accused is easily provable, in most cases the collection of evidence was limited to a test purchase.
Neutralization of licensed SOFTWARE protection tools
The scheme for collecting the evidence base is as follows: a verification purchase is carried out - an attacker is ordered to install expensive SOFTWARE. Most often" purchased "Compass-3D, ArchiCAD, Autodesk AutoCAD, Microsoft Office, Microsoft Windows, Profstroy. Malefactors received a reward from 700 to 5000 rubles for installing unlicensed SOFTWARE.
I am glad that in half of the cases, the defendants were released from criminal punishment, which was replaced by a court fine. But it is not always possible to apply this procedural norm — in some cases, operatives "purchased" SOFTWARE, the total cost of which exceeded one million rubles (especially large damage), so the defendants were given a more severe sentence, up to probation.
Video game consoles and online games
In some cases, the defendants neutralized the protection system of Sony PlayStation video game consoles in order to sell them later. One violator was sentenced to restriction of liberty, the second received a suspended sentence of one year. In the case of a computer game, the defendant blocked R2 Online's technical security features. The criminal case was dismissed and a fine of 100 thousand rubles was imposed.
Mining operations
Two employees of the state enterprise "Russian Federal nuclear center - all-Russian research Institute of experimental physics" decided to use the organization's computers for cryptocurrency mining. They tried to hide their activities, but were caught nonetheless. The damage to the enterprise was estimated at 1,087,448 rubles. One of the miners received three years and three months of imprisonment with a fine of 200 thousand rubles, the second - four years of probation with a fine of 250 thousand rubles.
Conclusions
The Russian judicial system is known for its leniency and leniency towards cybercriminals. Real terms are given to those who are involved in the Commission of socially dangerous crimes related to embezzlement of money, or repeat offenders. Quite often, a criminal case is dismissed and a court fine is imposed. This saves novice hackers from the lifelong stigma of a criminal record and subsequent employment problems.
As for the capture of serious cybercriminals, mules, drops and cashiers are most often brought to court, and the real organizers avoid punishment. A successful example of eliminating the activities of a hacker group can only be considered the detention of members of the Lurk group, whose trial is still ongoing.
Often, IT specialists are brought to criminal responsibility for installing unlicensed SOFTWARE. Given the low degree of danger of the crime, it would be fairer to terminate the criminal case with a fine.
Tools for hacking and designing malware are becoming more accessible, so we are probably waiting for even more high-profile headlines in the media about the capture and exposure of cool and formidable hackers, who in most cases turn out to be ordinary performers and script kiddies far from IT.
Last edited by a moderator:
