HOW THEY CATCH CARDERS: The operative of the cyberpolice told the truth about the work

[Mutt]

POLICE OPERATIVE.

Famous carder Sergey Pavlovich talked to a masked guest who is a cybercrime detective.

How he got into this position, what crimes he mainly works with, what methods are used, what services, mobile operators, social networks and messengers provide information about users - about this and much more in this topic.

Enjoy reading!

Contents:

• Work experience in the Ministry of Internal Affairs. Work of operatives.
• Case development. Duration and identification of the real culprit, distribution of cases by directions.
• Changes in the specifics of work on cybercrime.
• Call centers. SIM banks to third parties.
• The appropriateness of using physical force.
• Encryption and hacking of devices for investigative purposes. Methods used.
• Statistics of arrests at home and in the street. Witnesses, reclassification of witnesses as defendants.
• Paperwork.
• Identifying the culprits in cryptocurrency cases. Bitzlato.
• Teams on phishing links. Avito, Yula. Thematic groups. Operatives.
• The most difficult cases to investigate. International relations.
• SMS activators services. Interaction with mobile operators. MTS.
• Solving crimes involving fraud by telephone. Couriers.
• Call center traffic. Location.
• Targeted call center crimes and their detection rate.
• Law on liability for the transfer of a personal bank card for use.
• Peculiarities of conducting a search of a cybercriminal.
• Average profile of a cybercriminal.
• Telegram money-making schemes. Investigation of recurring and one-time crimes.
• Protecting yourself and your family from fraud.
• Traces of cybercrime.
• Investigation of murders and cybercrimes.
• TOP literate criminals.
• Crime detection rate.
• What do you like and dislike about your profession?
• The most striking crimes.
• Results.

Work experience in the Ministry of Internal Affairs. The work of operatives.
Pavlovich:
Friends, hello. And today you are an operative for cybercrimes. Hello. How many years have you been in the Ministry of Internal Affairs and here?

Operative:
In the Ministry of Internal Affairs for more than 10 years. I have been working in this line for about 6-7. A little, probably 5.5 years in this particular area.

Pavlovich:
Well, in my life I have mostly dealt with investigators, because all the subsequent work, when you are closed and so on, it goes with investigators specifically on cybercrimes. What can you tell us specifically about the work of operatives? Because I only saw operatives there for a day or two at the time of detention, searches, and some primary interrogations.

Operative:
Precisely regarding a day or two, that is all the work of an employee of the main investigation department, it goes on until the moment of detention. From the moment of detention, they are directly engaged in the investigation or even during the main investigation. Because these are serious crimes. We are looking for, uncovering, finding the person involved, or a group of people involved in such crimes. Subsequently, we detain them during searches and conduct a number of our own activities.
Including, of course, most of the secret ones.

Pavlovich:
I doubt that there is anyone among you who has never heard of the Eye of God. Navalny was the first to make this service for checking people famous, after which there were trials and Glazbog was removed from Telegram. Fortunately, there is a website, a link in the description, where access to the Eye of God is always available 24/7.
It gives access to Telegram bots, where you will immediately have access to checking a person by full name, by date of birth, by phone, by how he is listed in other people's phone books, for example, blogger Marginshtern, searching by car number, by his VIN code, searching any social networks of a person, checking by email, by IP address and even by bitcoin wallet. Also available, but for a limited time, so hurry up, search for all groups a person is a member of on Telegram, history of their nickname changes, how long ago they registered Telegram and much more.
Of course, there is also a search by SNILS, by passport, by driver's license, by legal entities, you can search for a person by their geolocation and even by a low-quality photo. In general, we can talk for a long time, but I will tell you a secret that everyone uses the eye of God, absolutely all employees of the Ministry of Internal Affairs, the FSB and other special services, as well as the VNCOM. Follow the link in the description and check others or yourself, and you will be able to find out exactly what law enforcement and any other government agencies know about you.
We agreed with Antipov, by the way, I was filmed for an interview, so that the first searches would be free for you. The site also has a manual on how to hide the issuance of information about yourself from the eye of God. I wonder who will be faster, you or your military commissar?

Case development. Duration and identification of the real culprit, distribution of cases by directions.
Pavlovich:
Well, how long does it take on average, depending on how the case, for example, well, not a case, but some suspect, or the elements of a crime were transferred to you, right? How long does it take on average to develop?

Operative:
Well, there are a lot of criminal cases there, there is someone, for example, in the Council transferred their bank card and how... Well, you can conditionally get an answer in a day, the next day get the OBSK and go to him. Or you can also where the cryptocurrency goes, where the transactions go, where people use in the house, well, and various services for buying numbers. That is, there is the longest, conditionally, you can do it for a year and a half.
If something significant, if there are a lot of facts, there will be consequences, you can do it that way.

Pavlovich:
That is, a year and a half, not fast enough. And what percentage then, when you find the suspect? For example, you were transferred 10 cases at the beginning of the year, right? And how many of them end with the establishment of the real culprit of what happened?

Operative:
Well, we work a little differently here. Our main task is to solve the crime. That's why we look at those crimes that are more promising for solving, and which are possible, which are interesting to work on, which are expedient. There are crimes where, for example, the same bank employees call from call centers, it is not so expedient, you won't even work on them.
But where you know how something works, you know how to understand people there, where to send a request, where to get an answer faster, who to call, where you can solve, you know, a person who clearly committed more than one fact, many, 50-60, these crimes are more promising, more interesting, we work on them. Well, each employee is also assigned to his own line. If you are assigned to a line, for example, in one direction, how would you work on it. Assigned to another, you will work differently. Basically, this is how we set it all up.

Pavlovich:
What do you mean, even within one department, figuratively speaking, you are assigned to, I don’t know, ransomware, someone to call centers, someone else to someone else?

Operative:
Yes, yes, that’s right. That’s exactly it. Someone is assigned purely to purchases and sales, someone is assigned to couriers, someone is assigned to bank employees, someone is assigned to extortion, and so on. Our list of crimes under criminal articles is large, huge. And therefore, everyone works mainly in their own areas.

Changes in the specifics of work on cybercrimes.
Pavlovich:
If you follow the dynamics of cybercrimes for 6 years, like 5-6, yes, quite a lot, that is, what was there when you came to Department “K” and what dominates the market now?

Operative:
Let me correct this a bit, Department K hasn't existed for over a year now, I think.
It was mostly buying and selling, Avito buying and selling, and calls from call centers, including from the zone. That was the most common. Now there's a lot going on. 40-50% of registered applications per day for a certain subject are all cybercrimes. There are also exchanges, not much extortion, but mostly buying and selling. Avito, Yula, Contact, various groups, Telegram - they all basically cheat when buying and selling.

Pavlovich:
We filmed Chubrik, a legendary guy, on this topic.

Operative:
He was in a certain topic.

Pavlovich:
So it's still the dominant percentage, as you say, 40, right?

Operative:
Well, about 40, and in each region it's just different, in some places it's a small percentage, in others it's a lot. Well, I mean few, there are places like Dagestan, where people generally don't cheat. I don't know why, but there's a small percentage of registered cases.

Call centers. SIM banks to third parties.
Pavlovich:
About call centers, the first zone, yes, but as far as I know, most of them worked with Ukraine, there's Dnepr, Kharkov, all these regions. And about the zones, well, I don't know, it seems to me...

Operative:
The zones were about 5 years ago, no, about 5 years ago there were zones. They caught, went to the zones, caught the zones, detained people, provided evidence, provided everything to the zone. Not now, now the zone is mainly about buying and selling and there's a performance, when they introduce themselves as relatives. Dad, Mom, lend me 10 thousand, I have a new number, send it to me, I'll send you a card now, send it there. That's basically it. There is no call center, a call center is basically, yes, it is...
No, they can be located on the territory of Russia, there is just a little... I wonder how it is all done, through special equipment. It is called GOIP. That is, it is impossible to track it precisely, because the connection goes through servers, all this conversion on the ATM tower. It is very difficult to determine the specific place where the call center is located.

Pavlovich:
Well, yes, IP telephony is in place, the usual one.

Operative:
Like an IP telephone. IP is more Internet and 4.9.5, 4.9.9, and GoIP converts Internet traffic to any SIM card. Well, to the SIM card that is also located somewhere, it can be located anywhere. Our operators usually block IP telephones, they have started blocking them recently. But this one cannot be blocked, because it is conducted as... Well, as the operator sees it, as if the telephone is coming, tied to a specific tower, that is, the telephone is located there, and it simply goes into communication.
But in reality there is specialized equipment with IMEI, with all of them, and the SIM card is in another place. Well, yes, it is a bit difficult to catch.

Pavlovich:
It is for this reason that it is difficult to catch, that is, you prefer not to investigate them particularly, right?

Operative:
No, as for them, who, for example, is assigned to this line, we still need to work, we need to catch the criminals. No, we confiscate this equipment of people who are the owners, we prove their knowledge of the commission of illegal actions, using for this turnover brought to criminal responsibility within the framework of the mesti with the established persons themselves.

Pavlovich:
We will not. But if suddenly you are not in the know, then know that the VPN service allows A. To get access to any sites and applications blocked in your country B. To replace your IP address so that comrade major, if anything, goes on the wrong track AND C. To encrypt traffic, which is especially important when connecting to public Wi-Fi networks And before we are all blocked, I hasten to tell you about the U-Fast VPN service, which we all use, me, the People PRO team, our relatives and friends.
Of course, it is paid, but free trial access will allow you to feel all its charms, and not the major's baton in the ass. Of course, it does not keep logs, so any request from any law enforcement agencies will remain unanswered. Of course, it is fast, like a punch from Mike Tyson, but in addition to this, it allows you to check your IP for purity.
Risk score, fraud score and how other sites and services see you. Also, uFast VPN uses Telegram to distribute VPN, so it cannot be blocked or removed from the App Store. UFast VPN is with you wherever there is Telegram. And finally. Roskomnadzor has been creating too many problems for VPN services in the last year. But uFast is always one step ahead, or even two.
You can pay with crypto and not worry about your safety, anonymity and access to Instagram and any other blocked resources. You will find a link to U-Fast VPN in the description. Take it quickly before it is deleted. And even if you don't need it right now, still log into the bot to save it for the future.
Can we conclude that it is not safe to place SIM banks in your home or office now and give someone else to manage the SIM cards?

Operative:
Yes, well, yes, no, in the sense that it is not safe if there is knowledge. That is, if you are a person who places, yes, I provide this equipment to third parties, so that third parties, completely illegal actions using this equipment, then yes, of course, this is not allowed. You are an accomplice. If you provide and do not know what this equipment is used for by third parties, then no. But basically, if you provide the equipment, you have a clear idea of what this equipment is used from.

Pavlovich:
But no one in their right mind would agree that I knew that I was providing it to commit a crime.

Operative:
This must be proven. This must be proven during searches, seizure of personal phones with correspondence, where it is discussed that we use this traffic for the purpose of counter-insurgency. Good. This will also be evidence. It is clear that a sane thinking person will never say that I knew. Everyone says that I do not know. Therefore, with the market, it is necessary to prove the awareness of this person.

The expediency of using physical force.
Pavlovich:
Well, or a couple of blows to the kidneys, right? Or is this not practiced now?

Operative:
No, and now it is precisely along this line that the entire evidence base is in the computer, in the phone. No need to beat anyone, do anything. If you went to the address of the search and seized all the equipment on this equipment, conditionally, it is turned on, you have access to it. There is evidence of illegal actions. What is the point of whom, even if he says that there is not. Because everything is there. Everything is seized, everything is seized, here, described and warned of an illegal act.

Encryption and hacking of devices for investigative purposes. Methods used.
Pavlovich:
Okay, but what about encryption? For example, I have a password on my phone, about 20 characters long. And it’s not just digital. For example, an iPhone, yes, the latest one. Or the same Mac, for example, with the wow file enabled. In general, long complex passwords, etc., etc. And we were just filming, I went to Singapore with Nikitin’s Group-IB, and we were filming specifically about how Celebrite is hacked, which phone models can be hacked or not.
He says that he wouldn’t risk an iPhone smaller than 12. Most Android models are hacked Celebrite, they banned their delivery to Russia especially since the start of the war. But a pirated copy appeared, and, in general, with the exception of the latest ones, I think Huawei, I don’t remember, and these Google Pixels, in principle, everything is hacked, including by Russian police officers. Really?

Operative:
Well, no, there is. We have a special EKC service, which deals, among other things, with the inspection of confiscated equipment. There they use their program, I don’t know, I saw how they do it. Special software, connects the phone, everything, even inspected what they did. Telegram, there was correspondence in Telegram with Alina, they restored some deleted files, I don’t know how they do it, but they restored only those files that the user deleted himself, not those that the second person with whom he communicated deleted, they were deleted by the user himself.
We restored these files. I don’t know how it’s done, but they explained to me that this information can be accessed from some root folder. The main thing is that the phone is open.

Pavlovich:
Well, you don’t do it yourself, right, that is, you give it to specialists?

Operative:
All specialists, yes, with computer education, I don’t know what to do, I’ve never done it. Our main task is to keep the phone open. Well, even if there is, say, an encrypted telegram, plus or minus to the memory, you can already go to the specialists.

Pavlovich:
Well, I’ve seen computer, not telephone arrests, but when a computer is needed, yes. In one American book, Kingpin, it is written about Max Ray Butler that everything was encrypted, everything is very cool there, but the RAM stored the password as if it was entered, and it was possible to suck it out and restore it with certain programs. And the task of the operatives, when they arrived to arrest him, was precisely to prevent him from turning off the computer, to reboot it.
That is, and that’s what happened, they didn’t let him turn it off, in my opinion, they introduced themselves there as some kind of Internet company, and then they got a dump of this password from the RAM. And what methods do you use?

Operative:
Just by not letting them turn it off. That is, if... Well, the most important thing for us is to detain the person so that he doesn't have time to delete anything from his phone or computer. That is, the detention should be unexpected, sudden and, like, without a doubt. So that, like, he doesn't have a moment when he could press a certain button, so that we don't get the information. That's why we just go to addresses or detain him on the street.
When we go on a business trip, specifically the pizza guy, that is, here we work through certain points, we know where he lives, who he lives with, when he leaves the house, where he enters, where he works, what he gets around in, all these points. We don't just go, we prepare, we know where to wait for him, where to stand out in order to, so to speak, detain him. We know how to do it. People who use iPhones are especially good. At the moment of detention, he looks, doesn't have time to block it.
If he manages to block it, he will accidentally look at the phone, and the phone will block. After that, airplane mode is set and instantly. And that's it, the phone is simply put away so that the screen does not go out. And he studies in this form.

Pavlovich:
Well, you know, when I lived in Russia, I always had FaceID disabled. Disabled, yes, it is convenient, no questions, but it is not safe. And the same thing on the computer, this fingerprint access is still disabled for me always and everywhere. Although I feel a little calmer now, but, nevertheless, it is always disabled. And for the most sensitive programs, like many use Telegram, Signal, all passwords are always enabled for the most sensitive components of the system.
And in the iPhone, yes, Face ID, there is no guarantee that the operatives will not then hold it up to your face. And there is also, you know, the point that your eyes must be open. That is, earlier, you could hold FaceID up there at night, and then they fixed it, and that’s it. And you must definitely look there with your eyes.

Statistics of arrests at home and in the street. Witnesses, reclassification of witnesses as defendants.
Pavlovich:
What percentage of arrests occur on the street, and how many at home? And if at home, then I know from my own experience that it’s 5-6 in the morning, 6-7 in the morning. Because, in my opinion, before 6, yes, you can’t really wander around other people’s apartments now.

Operative:
We try to go specifically with a search, already having a judge’s order in hand. That is, not with an emergency to go to the address from the judge’s order. And the judges' ruling, they determine the time when a search must be conducted. But usually we come in at 6 am, with serious, so-called. We just knocked, they opened the door, we came in. We did everything. At 6 am, people are still mostly asleep, especially in the car, they don't immediately understand what's what.
And it's easier to work that way.

Pavlovich:
Is your brain slowed down, do you perceive it inadequately?

Operative:
Yes, you can immediately take the necessary measures. Invite the person in handcuffs, well, naturally, with attesting witnesses. And start conducting a search. I don't remember that I didn't have time to turn it off or on.

Operative:
All groups are only on Telegram. There is a lot of information in any crime. There is no such thing as a crime and that's it. Do mobile operators respond to you quickly or not? Sokol was once such that they didn't bother you.

Pavlovich:
The top most competent in general in covering the tracks of fraudsters, whom we had to look for and catch.

Operative:
Eighty percent of crimes were solved with the help of VICLAT.

Pavlovich:
Why do witnesses often come with the police? Because, well, it's more logical, right? For example, they came to me there. It's more logical to take one of the neighbors, and that's it. And there some pre-prepared ones come, the devil knows what kind of Moscow region registration. I say, who are you anyway? So you constantly cooperate here? Now, well, if they plant something on me here, you'll say that's how it should be. And all the officers there were offended at me, that I straight up shoot these witnesses.
So you also go with your own?

Operative:
No, we take neighbors. Never. For us... What do you mean "ours"? For example, we go to another city 300 kilometers away, some will go with you, some will not. For us, it's like 99% - these are neighbors. Otherwise, there are cases when we know that, say, a person is not involved, that he is just a link, that he will now be a witness. But we have a search warrant at his address. We enter, politely explain that we will conduct a search anyway on the basis of a court order. And we need to call two witnesses, call friends, acquaintances, to be sure.
We need witnesses anyway. Don't go from house to house, from apartment to apartment, knocking there at 6 in the morning. Call friends, acquaintances, so that they come. Okay, we'll wait there for half an hour, 40 minutes, until they come. We'll conduct a search, interrogate the witness and move on.

Pavlovich:
And how often does it happen that you go to a witness, well, you don’t intend to do anything bad to him, but during the search something wrong is found. Some kind of gun, a cartridge, drugs, something else. And he is already a witness, immediately becomes a suspect, and then an accused.

Operative:
Such that he knows that he is a witness. No, on the contrary, we know that he is a criminal, and then it turns out that he is a witness, that he sold some kind of bank account for 2,000 rubles to unknown persons. It happens. That it is deliberate, knowing that he is a witness, that then we accuse, suspect. No, this has never happened.

Pavlovich:
And of all the detentions, how many percent are on the street, yes, and how many in home settings?

Operative:
Well, less on the street. I think that out of ten, there are one or two on the street. On the street, when we are already 100% sure that a person is involved, we know that it is some kind of high-profile crime, that there will be many facts, consequences, say, some Fourth, fifth participant that we need, then yes, then both the heavy and other services that help to uncover the BSTM, all sorts and the like, then yes, from the street.
Well, there are a lot of people involved, you can only prepare for a month, write out all the necessary papers.

Paperwork.
Pavlovich:
So papers are such an important, complicated thing in your work?

Operative:
Each conditional event is an assignment to write out heavy ones, this is an assignment to conduct various, well, also various secret enterprises, all paperwork. You can't just call, say, let's do this today, write out a piece of paper assignment, take it, that's it, they received it, we agree on the time.

Pavlovich:
But is it really impossible not to deliver, but somehow, well, electronically send to each other in the 21st century, after all?

Operative:
No, everything is secret. All the papers, they are secret. It is only mail, secret mail from hand to hand. We give our secretary, the Secretariat gives it directly to the people who accept it from the service we need to send it to. And when people have accepted it from that service, they just come to their place and release the work. There are a few different ones, for example, telegram codes, this is when you need to send something somewhere very, very urgently, then you can send it using such a system.
But it is not used very often and is not particularly necessary. The same BSTM accept, even if we want to hold an event in another region, they accept us in the region and send us themselves.

Establishing the culprits in cases with cryptocurrency. Bitzlato.
Pavlovich:
How do you establish cybercriminals using cryptocurrency? Blockchain - everything is hidden there. You can track incoming Bitcoin transactions, +/- where they went next. It's just a matter of time.

Operative:
I would like to express my deep gratitude to Bitzlato. 2022 is the year when, I don’t know, it seems to me, 80% of all crimes were solved with the help of Bitzlato. They just presented, well, it’s a cryptocurrency exchange platform. I don’t know why, but all the scammers were on Bitzlato, absolutely all of them. Everyone withdrew money to their cards, amelia, crypto, well, to P2P, or I don’t remember what they call it, and withdrew everything completely to their cards.
No, we are not some strangers there, everyone withdrew to their own. And just as we got to this a little bit, we understood, we just already solved a lot of crimes, a lot, a lot. Only now, thanks to Zlata’s offense, unfortunately, they closed it. The scammers are now using other services.

Pavlovich:
Well, yes, they closed it and planted the seams in the States, there, their founders.

Operative:
Well, yes, yes. I heard, I watched. Well, it seems like they even, I remember, are now paying out or previously paid out funds that were frozen there.

Teams for phishing links. Avito, Yula. Thematic groups. Operatives.
Pavlovich:
Well, there was something. And teams for phishing links, for example, for Avito, Yula and others, we have a rough idea of how this works. And for RenSomWay, for phishing?

Operative:
Well, I mean, I can conditionally distribute this into purchases and transactions, such as Avito, Yula, Contact. These are tickets to the cinema, theater, museum, stand-ups and trading, trading on the stock exchange. That is, more or less, everything is the same everywhere. There are certain groups, there are certain programs. For example, for tickets too. That is, conditionally, the fraudster contacts the victim. He says, let's go to the cinema, to the theater, to the museum.
Drops a personal link for booking a hotel. Naturally, by clicking on this link, the user enters the bank card number, confirmation record, and they know all this information in the machine, steal money. The same thing with trading. They have certain phishing sites, to which they bring the manufactory, the so-called, future victims. Conventionally, they lead them through trading, that you have just thrown 100 thousand, your personal account has been replenished by 10 thousand dollars.
And you simply enter these 10 thousand dollars into the bot, it is automatically shown to him that he has 10 thousand there. You indicate this entire list where to go down, up, what rates to place there, all this is written in the bot, all this is issued. Well, yes, cool, interesting. Well, that's also how it is developed, easy. Well, not that it is easy, they have everything more or less similar. All these phishing links, they are more or less similar. Only slightly different methods of committing illegal actions.

Pavlovich:
And are the groups for them, as a rule, large or not?

Operative:
Very. For example, there are groups where, I know, there are more than a thousand people. But of them, conditionally, only 100 can work, and 900 can just hang around as ballast and be in the group. In general, they say in numbers that I am the best scammer in the world, that I have earned millions, but in fact they do nothing. And there are groups of 50-60 people, where each one works and makes a cash register several times more than a group with a thousand people.

Pavlovich:
Well, how many of these thousand are operatives?

Operative:
About 5 percent, for sure.

Pavlovich:
Directly from different departments, different agencies, yes, from different cities, countries.

Operative:
Yes, the most important thing here during the investigation is not to come across yourself.

The most difficult cases to investigate. International relations.
Pavlovich:
Difficulties, these are the main difficulties in investigating cybercrimes, and what cybercrime, well, call centers, we already understand, yes, are the most difficult to investigate.

Operative:
The most difficult, probably, well, except for call centers, well, as if for me, conditionally. Purchases and sales are the easiest thing that interests me, what I like to investigate, what I do. The most tedious, so to speak, is waiting for an answer. There is a conditionally bank card, we assume that it was probably someone in crypto. Well, that is, money went to a person in crypto from the victim's card. And here's what to know about the card of some, say, Alfa Bank.
And so, in this Alfa Bank, the investigation, within the framework of which he did it, or I, within the framework of my operational accounting case, send requests there, wait for a response, and the responses come, say, two or three months. Only after two or three months you get to know the person, go, say, on a business trip to him or dedicate an assignment to that region so that they interrogate him. Or contact, if you understand that he is a crypto exchanger, contact him. He will say with whom he is, what on which crypto exchange he sold, a request to this crypto exchange, until he responds.
Waiting for responses is the most tedious, long and unpleasant all this in the hustle and bustle.

Pavlovich:
Especially if this is international interaction. Now, probably, they do not interact with Russia very much. And before, you could wait for all this for 2-3 years, give or take. Probably a little faster, I am exaggerating.

Operative:
Well, yes, we do not even almost connect international. If some Belarus, Kazakhstan, then something can be done. Well, and a couple of European countries that respond. They just have logs. In most countries, IP companies or something like that store logs for 3-4 months, and we will only reach them in six months, that we need to send this order.

SMS activator services. Interaction with mobile operators. MTS.
Pavlovich:
Well, with no malice, it is clear, SMS-Activate, here we also, Oleg, was at the interview, the owner of the service, many take SIM-Online, SMS-Activate and other anonymous SIM cards, what then, here you come across a number that was received there through SMS-Activate figuratively?

Operative:
Well, if the number, say, was used by Viber, WhatsApp, Telegram or Contact, we immediately automatically, everyone, even our investigation, sends a request within the framework of the criminal case. This number was not used for activation. They also cooperated well with them in 2022-2023 and responded quickly, and provided everything. Now they have changed it a little there. I don’t know, too much of something.
They ask for a copy of the electronic key to provide some file. It has become a little difficult with this. Previously, everyone also cooperated well. They provided, say, the logs of the person who bought this number. Well, in most cases, these logs are also taken by resellers. That is, you first have to find a reseller, and only through the reseller find the person who actually bought this number from the phone to activate WhatsApp.
But already in the last, say, 2025, all the scammers have already realized that all the information about them is being leaked, so they take participants.

Pavlovich:
Well, you say that banks take a long time, you can wait several months there, but do mobile operators respond to you quickly or not?

Operative:
Well, it also depends on which one, which operator. There are some that, well, with some of them, for example, communication is established with security officers. It is possible, if it is really urgent, for them to send me a request today, they will look there, and in 3-4 days they will send an answer. There is a connection with which it is not established at all, with the exposed MTS. Everything is very tight with them, they respond in 2-3 months, very badly.
Well, they can respond well, but for a very long time. And no matter how hard they try to kick them, there is no result. Yes, I will add a little about the banks. In the bank, we simply have an electronic document management system concluded with some. If this goes further in this regard, with all banks, an electronic document management system concluded, then within a day or two it will be possible to receive an answer.
It is just that now 5 or 6 efforts are concluded Specifically in our region I assume that somewhere there in the large regions Everyone has had everything connected for a long time And they receive answers there within half an hour On bank bots and cards.

Solving crimes with fraud by phone. Couriers.
Pavlovich:
And these crimes that you already said, like a relative got into an accident, right? They send a courier and so on. How are they even solved?

Operative:
Well, here the couriers are mainly to blame for catching couriers. That is, the calls also do not come from the territory of Russia. That is, all this is plus or minus how the courier's call centers are aware that they are taking money from grandmothers and transferring it to a controlled card, which they send. And they are part of a group of people, identified persons. And then the court obliges them to pay all the stolen funds.

Pavlovich:
That is, the courier is the most vulnerable link in this scheme?

Operative:
Well, yes, it seems to me that those who deceive are much better off that the courier was caught, he does not have to pay anything this time, they will find a new one.

Call center traffic. Location.
Pavlovich:
But as for call centers, we have already touched on it, yes, that they used to be in the zones, now, I thought, most of them are in Ukraine, but this happened before the war, well, historically, there are Dnepr, Kharkov. But you say that it is not necessary, like there are enough of them in Russia too.

Operative:
No, I cannot say for sure where the call center is located, at the end of the call center, it can be anywhere. It’s just that the traffic coming from this call center, it goes through some servers, the servers are located in some Holland, the Netherlands, and, conditionally, it comes to us, it comes to Russia from there. But from where, where, from what address, from what location it comes to these servers, we no longer know.
That is, we know that it comes, for example, from Holland. The traffic is large, there, say, by gigabytes of memory, that is, well, audio traffic, then converting the voice signal. Where from, how it got there, we cannot know by what means. We are no longer Russian territory, and they do not particularly contribute to the gift of information there.

Targeted crimes of call centers and the percentage of their detection.
Pavlovich:
For example, if they used to call me there often, yes, well, once a week someone there, once every two times for sure got to me, now it has practically stopped there. And I watch the news, I track that there are much more targeted works there. A former official of this or that, a former minister of that, they just take elderly people who were somewhere in government positions, starting from the times of the USSR, there are well-off grannies, they just selectively swindle them 20, if in Russian rubles, 20, 30, 15, 50 million rubles.
What is the percentage of detection in general for such pinpoint crimes, for example, through call centers?

Operative:
I think it’s very small. I can’t say for sure, but I think it’s practically very small. Well, you can work on such crimes, but we’ll run into something abroad again with that state, which we won’t be able to settle down if that’s all that’s left at the moment.

Pavlovich:
And there’s just, well, you can’t refuse, your boss says, this case needs to be investigated in a banking way, and then what?

Operative:
Well, that’s it, we’re trying. Conventionally, even, well, we’re catching people who are facilitating this crime. That is, in terms of, the money went, you can still track everything there. The money went to one card, from one to the other. The second one belongs to, you know, Pyotr Ivanovich. He says that I trade in cryptocurrency. Exchanged there, there. He exchanged with such-and-such an account. We look at who the account is. We go to that one. He will say, I sold it.
I sold it, say, for 2,000 rubles six months ago. That's it, I think that's where it all ends. Well, where next? What to do? Here I sold it on Telegram. The correspondence was not saved for 2,000 rubles. Well, we can see how he received money for it. Then we can continue with this scheme. But all this also takes a very long time. How long will the investigation take? Two months? Difficult. It's all very complicated.
And it's unlikely that we'll come directly to the people who are behind this. If we catch, catch the people who are more or less involved, some are drops or something, buying up cards, it's possible, bring them in as accomplices, but it seems to me that it's very difficult to do all this specifically. Somewhere we have minds who do all this, but definitely not me.

Law on liability for transfer of a personal bank card for use.
Pavlovich:
And the law that is being adopted or has been adopted, I have not closely followed it, about criminal liability for the fact that you transfer your card to another person. By the way, there is such a law in Belarus, I don’t know, it has existed since the existence of the post-Soviet banking system. What do you think about it?

Operative:
Excellent, excellent law. Many requests come to you to interrogate such-and-such. Here is how much money from the card went to his bank card. We call, come, yes, they offered me 2000 rubles, I gave the card. And it seems that nothing can be asked of him. And if they introduce a law, you can ask that you cannot transfer your bank cards to anyone. The bank card will write on your last name, which means that you are the only owner. If it is involved in crimes there, then you must answer for it.
I am fully responsible for this. So that people stop transferring their bank cards to anyone. It only complicates the investigation.

Features of conducting a search of a cybercriminal.
Pavlovich:
What should you pay attention to first during a search of a suspect?

Operative:
As I already said, everything should be turned on, all computers and phones should be turned on. This is the most important thing. That is, let's say we go to an address, and the first thing we do is check the computer to make sure it is turned on. If it is not turned on, we ask that it be turned on during the inspection, and we should look specifically at the information on the computer, as well as the mobile phone.

Pavlovich:
And if ION refuses, then what?

Operative:
Well, we just apologize, which means we can't force him.

An average portrait of a cybercriminal.
Pavlovich:
Friends, a life hack, in short, turn off the computer at night. I was so unlucky once, if I had turned it off at night, everything would have been fine, because TrueCrypt was there, a complex password, nothing would have happened. But I didn't turn off the computer and didn't even dismount this encrypted disk. And then he got 10 years later. Portrait of a fraudster, yes, a modern computer one in Russia, who is it, unfortunate drug addicts or nerds sitting there?

Operative:
An ordinary guy of 18-20 years old, who accidentally stumbled upon a scam. What is a scam? How can you easily earn some money? And usually, as it were, in most cases, well, yes, probably, in most cases these are ordinary guys from a prosperous family. There is a dad, mom, everything. They just decided to make a little money. Even like the main family, well-off. Just to try out what it is. One tried, the second tried, the third tried.
On the contrary, there it is precisely in the scam, plus or minus adequately, well, as it were, to participate with your head. You need to know how to entice your mother, what to write to him. If the person is not particularly gifted, it is unlikely to work. Basically, these are young people of 18-20 years old. A little with your head.

Pavlovich:
Cybercrime has become younger. Although you can't really call them cybercriminals. In my understanding, I'm shifting it to my generation, we had such serious guys. I just remember my day. You have from 10 to 30 different crimes in a day. Somewhere they sent someone a phishing mailing, collected PIN codes, somewhere they withdrew something from an ATM, somewhere they sold something, well, there you have at least 10 different ones.
But in fact, you don't need much intelligence to scam a mammoth on Avito.

Operative:
You still have to know somehow, well, at least find, more or less find this group, find it somehow, understand how it all works. I just got the impression that it's a little difficult, maybe now the youth assume that it's a very easy action, to scam all this. But when I was just diving into this area, to understand how it all works, it was a little problematic. I learned how it all works, what moms are, what links are, how they are generated, where they come from, who is responsible for what, tests, shareworkers, students, killers, who are they, what are they responsible for.
I just took my hand in order to understand how it all works in the system from A to Z. You need to immerse yourself in it, and in order to immerse yourself in it, you need to be more or less adequate, of course, but also want to understand it, so that you can act on it. That is, you just give it a try on the off chance, well, it’s unlikely that anything will work out. Maybe you’ll deceive someone once or twice and that’s it. An hourly constant to do this, say, every day or two, so that you have a good hit for a good amount, you need to be more or less adequate.
Because there, in the same plan, wait until the mammoth comes to a point where they are ready to transfer funds.

Money-making schemes from Telegram. Investigation of repeat and one-off crimes.
Pavlovich:
And all these schemes, I think, mainly come from Telegram.

Operative:
They are all on Telegram. All these schemes are only on Telegram. That is, all the groups are on Telegram. There are no groups on VKontakte. There are no groups on any third-party sites. All the groups are only on Telegram.

Pavlovich:
I once filmed Nikitin from Group-IB, and he said that if you once snatched even a really big jackpot, well, this is a one-off crime, then it is unlikely that anyone will ever find you. And everyone is taken, mainly when repeat crimes are committed. Is this true or not?

Operative:
No, we work from the crime. And during the investigation we find out whether the person committed it once or on a regular basis. No, we had such cases, we detained people who I tried once, and I didn't like it. Well, it happens, it happens, who constantly, yes, does all this action, talks. Who earns money on a regular basis. By fraud.
That is, everything is different everywhere.

Protecting yourself and your relatives from fraud.
Pavlovich:
I would recommend that banks give clients a brochure of 10 common scams. You see, that's it, signed, understood, accepted, get the card. No, well that's it. That is, I would shift this a little onto the shoulders of the banks, yes, more of an explanatory work. But from your point of view, how can you protect yourself and your relatives?

Operative:
In general, do not pick up from unknown numbers at all. Do not pick up a single phone from an unknown number. Only, say, my friend Vasya calls, you, Vasya, answer. Do not pick up an unknown number.

Pavlovich:
So FSB officers call me all the time, well, from unknown numbers.

Operative:
Do not pick up.

Pavlovich:
Good advice. But if I don't pick up, they will come to my house - a double-edged sword, I understand.

Operative:
Well, naturally, don't follow any links, there are links circulating there now like a scam, when a link came from a friend of these boys, as they said, go ahead, vote on VKontakte, there is a VKontakte link, they came, voted, left a number, left a password, then they hacked it, don't follow any links, don't meet any numbers, don't answer any unknown people, if only these two, two conditions are followed. It's unlikely that you will ever be deceived.

Pavlovich:
Is it possible to commit a cybercrime without leaving any traces at all?

Operative:
I don't think so. All the same, cybertheft is theft for obtaining money in any way. And money, they are all electronic, virtual, somewhere there is information about them, that they were transferred from one bank card to another. What if it's cryptocurrency, you can still take plus or minus with whom the exchange was made, while there is no platform, who the person involved is, where it all happened, where the communication was shared, in what messenger, where this number is from, what number was called.
Still a lot. There is a lot of information for any crime. It is not like here is a crime, and that's it. And it is not known where to move. No, you can move in all directions, and plus or minus somewhere should fire.

Investigation of murders and cybercrimes.
Pavlovich:
And can we continue the thought by saying that, for example, also a murder, committed somewhere in the forest, by its tracks and severity may be even more difficult to solve than a cybercrime, which is also kind of hidden and not in plain sight at all.

Operative:
There are various activities of the construction workers of operational units, including a number of activities that allow you to successfully determine who was at this point at a certain point in time.

Pavlovich:
Billing is evil. I saw a solved murder. A guy goes to kill someone in the forest on the edge, turns off his phone, but he turns it off at 2 am, actually in a field, about 500 meters before the murder site, but he turned it off at 2 am in the field and seemed to protect himself, and then he thinks, damn, how did they find me?

Operative:
Well, yeah, yeah, yeah, it's the same thing. That is, if those crimes, well, people who commit exactly these crimes, there, property crimes, or this one, they don't take their phone with them at all. It stays at home, turned on, and that's it, and you go without a phone. Not even the second phone, which we only used to commit the crime, there, we called a friend, all that, yeah, no. Any phone, any phone, like this one, any phone can be seen, where it was at what time.

Pavlovich:
And which one was nearby, and where it was turned off, and so on. Phones are really evil.

Operative:
That's all, all this information is stored there for a long time, it's all in specific places, all the information is there, you can look it all up upon request.

Pavlovich:
And according to Yarovaya's law, it's now stored there for years, almost decades, I just don't remember.

Operative:
I remember about three years, I don't remember exactly, I remember, it's stored there for three years for sure.

TOP competent criminals.
Pavlovich:
The top most competent in covering their tracks of fraudsters that we had to look for and catch?

Operative:
The case was just a phishing link. The phishing link was bought, the house was bought in April, well, no, well, usually a regroup, but there were third-party organizations for which the third-party person worked, in the end an agreement was reached, we came to this person, he said that yes, indeed, this house was bought, they paid in Kirishniks, such-and-such, such-and-such, such-and-such. We found out that these Kirishniks were bought on SMS-Activate, an online network or something like that.
We found out that whoever bought it, it turns out, bought a reseller, mostly a reseller. Who sold it? It turns out that this reseller sold it to some guy on Telegram, and that's where everything hung for us. That is, the person did a lot of manipulations to cover his tracks.

Crime detection.
Pavlovich:
It is believed that cybercrimes are not latent, but many people do not report them, for some, well, the database, for example, is large, they prefer to hide reputational risks, and these reputational risks are stronger, more serious, this is all over the world, so, in principle, and they are like that, probably 20 percent, maybe 30 percent of cybercrimes committed worldwide reach law enforcement, yes.
But out of all these cybercrimes, let's say 100 fall into your operational investigative department, let's take 100 crimes as 100% that come to you, and how many of them remain, remain secret, and how many are solved?

Operative:
A lot depends on what kind of crimes. If you lose your card, say, someone made a withdrawal from it, then this will most likely be solved. If there is a purchase and sale, then there is also a chance of solving it. If some bank employee or FSB employee calls the call center, then the cases will be solved. But so, if I'm not mistaken, 30-40 percent of all cybercrimes are solved.
That is, 30-40% is, conditionally, the percentage of solving a criminal case. That is, it also depends on the region, somewhere more, somewhere less.

Pavlovich:
And what percentage of traditional crimes, not computer ones, is interesting?

Operative:
In that sense, usually thefts, murders. No, there are many more. I think murders are hard to solve, only contract killings, and even then they are more or less solveable. And domestic violence, domestic crimes, all serious physical murders, domestic, they are all bright. Robbery, rubezhik, if some Pyaterochka, someone stole vodka, ran out, that’s it, it can be solved. If they broke into the house on purpose, in masks with bats, it will be difficult.
Well, more or less, it’s all alive. That is, a physical person was in this place. It can be traced by the route of retreat, by the use of motor transport, how they got there, what phone they used, what similar crimes are suitable, not suitable. What fingerprints, soles, soles, earrings, not earrings. Everything can be solved. I think that... I can't say for sure, since I haven't dealt with ordinary crimes for a long time, but I think that, in the centers, 80 such crimes are solved.

Pavlovich:
Yes, I dropped a hair somewhere. DNA already, hop.

Operative:
Hair, DNA, cigarette butt. A cigarette butt, yes, it was one that was provided.

Pavlovich:
A cigarette butt, did you isolate samples of saliva and DNA?

Operative:
Yes, yes, and so they found it.

What do you like and dislike about the profession.
Pavlovich:
And the last question. What do you like about the profession? Well, and, probably, what don't you like.

Operative:
I like finding the criminal. That is, he seemed to be trying to cover his tracks, did some right things, and you made it so that he was found. Somehow, you see, some kind of inner pride is formed. You have achieved that ideal, that is, you came to him for it, during the search, yes, indeed, he caught everything. Well done. Self-realization. I don't like this paper.
Too many paper blocks. Too many. If there was much less paper, it would even be a little easier.

The most notorious crimes.
Pavlovich:
The most notorious solved crimes?

Operative:
But when they detained, when one... I won't say how, where, how. There was a group of people who were deceiving. With unnecessary links. First they detained one person who worked, then they identified the people who created this group, and the people who were their assistants.
And they detained everyone in order, probably, how long? A year and a half, when all this was happening. All the manipulations, all the investigations, detentions.

Pavlovich:
Well, and they all, naturally, gave each other up to ease their lot and so on?

Operative:
At first, yes. At first, everyone gave each other up. Then already on episode 51.

Pavlovich:
But it's too late.

Operative:
It's too late, everyone's there.

Results.
Pavlovich:
And as far as I can draw conclusions from my life experience, it is better to keep quiet until you have at least written to your accomplices, somewhere you have a common lawyer, something else, somewhere you accidentally crossed paths in a pre-trial detention center. Then you can change your testimony or not, but I don’t know about the Russian justice system, but in the Belarusian system judges always don’t like it, they always ask why you changed it, and you are lying to us, and which version is still untrue, they understand that you are squirming like a prostitute and trying to avoid responsibility, and no one likes specific people.
And if you behave normally, with dignity, then in the eyes of the judge, it seems to me that this will also be counted, so here is your last life hack. That’s it, thank you very much, success on both sides, yes, success to you, the viewers, don’t get caught, and professional success to you, hugs, bye!