Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 967
- Points
- 113
Even if the hacker is eaten, he will have at least two options left. But if the hacker was detained by harsh people in uniform, there may be fewer exits. Usually, in such cases, they advise you to hire an intelligent lawyer and hope for the best, and even while waiting for the denouement, you can take care of coming up with a couple of reliable excuses. Which of them can work, and which ones are better not to use at all, we will discuss today.
In foreign films, the trial is a battleground where an eloquent lawyer fights an inflexible public prosecutor in front of the public, and the judge looks down on everything. In fact, the trial is boring and monotonous. In most cases, it comes down to reading out a court order. The competition is conditional, and this is not surprising — the answers to all questions were obtained at the investigation stage, and judges who are well-versed in legal issues understand much less in computer technology and therefore do not distinguish well between the concepts of ransomware, bruteforce and pentest. In other words, they often rely on the conclusions of investigators in their decisions.
For this reason, the competition and struggle are transferred to the investigation stage. It is there that the evidence base is formed, which will then be presented as an accusation. And just at this stage, those accused of committing computer crimes are trying to justify themselves in every possible way and build a defense, sometimes showing enviable imagination and ingenuity.
The basis for recognizing the software as malicious is the expert opinion. In recent years, a large number of programs and utilities have been recognized as "malicious". Among none ScanSSH, Intercepter-NG, NLBrute, UBrute, RDP Brute, sqlmap, Netsparker, SQLi Dumper, Router Scan, Private Keeper, Havij, Metasploit, Armitage, DUBrute, Lamescan, Fast RDP Brute, njRAT, Acunetix. In the same pile, experts often dump phishing pages, activators, keygens, patches, and banking Trojans.
In addition to the obvious malware, the list includes legal tools for pentest: for example, Acunetix and Netsparker, which are considered malicious not quite correctly. No less questionable is the inclusion of sqlmap, Metasploit, and Armitage, which are part of Kali Linux. After that, all that remains is to ban the operating system itself.
The fact is that it is impossible to say unequivocally whether the software is malicious. The definition of harmfulness is given each time, depending on the circumstances of using this software. A simple example: the use of Acunetix Web Vulnerability Scanner 8 to detect vulnerabilities by the company's specialists on a resource owned by it does not constitute a crime. But the use of the same software by a cyber-villain to hack someone else's server makes it malicious. This is a legal conflict.
In general, the statement that the suspect did not have the slightest idea about the malicious properties of the programs he used does not impress the investigators and the court. And they don't help mitigate the punishment either.
Such statements are refuted as follows: a forensic examination is conducted, as a result of which it is established whether RDP access was opened to the computer when it was connected, whether there are signs of brute force in the logs.
Browser history and temporary files are also analyzed. The presence in the history of queries "how can I remotely hack an account?", "download NLBrute" and the like is unlikely to play into the hands of the accused. The expert examination will also determine the presence of malware, the time of its launch, the presence of encrypted container files, the anonymization tools used on the computer, and so on.
To top it all off, the accused's abilities and skills are evaluated based on their education, work, and interests. Information confirming that he has knowledge in the field of IT will be used to confirm the accusation.
Please specify here. Just the fact that the accused works as a system administrator and is interested in the pentest will not be enough to convict an innocent person, so all of the above is considered in aggregate.
When they appear in court, these guys try to prove that their job was only to find people and transfer money. They haven't heard of any criminal schemes or malware.
Such statements are easily refuted by the results of operational search activities and investigative actions. They interview witnesses, analyze phone conversations, correspondence with other members of a criminal group, raise bank transactions, and so on. As a rule, the totality of all this information makes it possible to prove that the accused knew how the money was received and why the drop bank cards were needed.
Among other things, these villains are also punished under Article 273 of the Criminal Code of the Russian Federation ("Use of malicious software"). And let them not be directly involved in the launch and installation of malware. It is enough for the investigation to prove that the money was stolen by an organized group of individuals. Participation in it automatically entails a penalty under this article of the Criminal Code.
Similar methods of protection are also used by those accused of hacking ATMs using malware such as Cutlet Maker. They easily agree with the accusations of stealing money, but they can't figure out what kind of malware they are talking about. At the same time, the accused refer to their lack of special knowledge in information technologies. This once again confirms that in our time, an ordinary thief with a drill, flash drive and USB cord in his hands can become a "cybercriminal".
Konstantin Kozlovsky, accused of stealing 1.7 billion rubles and attacking critical infrastructure of the Russian Federation, said that he committed crimes at the instigation of FSB officers. To give even greater significance to these words, he claimed responsibility for hacking the servers of the US Democratic Party and Hillary Clinton's email in 2016. The court was skeptical of such a statement. The US Department of Justice also never claimed that Kozlovsky was involved in these computer attacks.
The trial of the members of the Lurk group continues, and perhaps we are waiting for even more sensational and frank statements from their leader.
Nevertheless, compliance with this rule helped the extortionist from the Vologda region to avoid severe punishment. For encrypting about 2,000 foreign computers and receiving about four million rubles as a ransom, he was assigned a seven-month suspended sentence, with a probation period of one year and a fine of 100,000 rubles. Similar actions against Russian users would certainly have led to more severe penalties.
The activist received a sentence of restriction of freedom, but immediately in the courtroom was amnestied and released from the imposed sentence and criminal record in accordance with the decision of State Duma deputies.
Sometimes the accused did not even know that they had committed dangerous acts. After reading manuals on how to hack remote resources on the dark Web, these enthusiasts boldly rush into battle, without thinking about the consequences. Perhaps the state should conduct educational work among this category of users in order to warn them against wrong steps. And it would be great to do this not only in schools, universities and on the website of the "Safe Internet League".
But statements of loyalty and love for our country can help to avoid severe punishment or significantly reduce it. The main thing is to do it sincerely. It should be noted that the Criminal Code does not limit the list of circumstances that mitigate punishment.
But the best way to avoid it is to avoid committing crimes. And then you will definitely not have to fantasize about "How did it happen?" or get acquainted with the subtleties of the Russian judicial system.
In foreign films, the trial is a battleground where an eloquent lawyer fights an inflexible public prosecutor in front of the public, and the judge looks down on everything. In fact, the trial is boring and monotonous. In most cases, it comes down to reading out a court order. The competition is conditional, and this is not surprising — the answers to all questions were obtained at the investigation stage, and judges who are well-versed in legal issues understand much less in computer technology and therefore do not distinguish well between the concepts of ransomware, bruteforce and pentest. In other words, they often rely on the conclusions of investigators in their decisions.
For this reason, the competition and struggle are transferred to the investigation stage. It is there that the evidence base is formed, which will then be presented as an accusation. And just at this stage, those accused of committing computer crimes are trying to justify themselves in every possible way and build a defense, sometimes showing enviable imagination and ingenuity.
I didn't know the software was malicious
Since the appearance in the Criminal Code of the Russian Federation of Article 273 "Creation, use and distribution of malicious computer programs", disputes and discussions about what can still be recognized as malicious software do not subside for a minute. Let's leave the demagoguery to the lawyers and turn to practice.The basis for recognizing the software as malicious is the expert opinion. In recent years, a large number of programs and utilities have been recognized as "malicious". Among none ScanSSH, Intercepter-NG, NLBrute, UBrute, RDP Brute, sqlmap, Netsparker, SQLi Dumper, Router Scan, Private Keeper, Havij, Metasploit, Armitage, DUBrute, Lamescan, Fast RDP Brute, njRAT, Acunetix. In the same pile, experts often dump phishing pages, activators, keygens, patches, and banking Trojans.
In addition to the obvious malware, the list includes legal tools for pentest: for example, Acunetix and Netsparker, which are considered malicious not quite correctly. No less questionable is the inclusion of sqlmap, Metasploit, and Armitage, which are part of Kali Linux. After that, all that remains is to ban the operating system itself.
The fact is that it is impossible to say unequivocally whether the software is malicious. The definition of harmfulness is given each time, depending on the circumstances of using this software. A simple example: the use of Acunetix Web Vulnerability Scanner 8 to detect vulnerabilities by the company's specialists on a resource owned by it does not constitute a crime. But the use of the same software by a cyber-villain to hack someone else's server makes it malicious. This is a legal conflict.
In general, the statement that the suspect did not have the slightest idea about the malicious properties of the programs he used does not impress the investigators and the court. And they don't help mitigate the punishment either.
My computer was hacked, and I didn't do the attacks!
Not a bad attempt to evade responsibility. Remote access via RDP was allowed on the computer, an unknown cyber villain picked up a username and password and did dark things while the real user did not even know about it.Such statements are refuted as follows: a forensic examination is conducted, as a result of which it is established whether RDP access was opened to the computer when it was connected, whether there are signs of brute force in the logs.
Browser history and temporary files are also analyzed. The presence in the history of queries "how can I remotely hack an account?", "download NLBrute" and the like is unlikely to play into the hands of the accused. The expert examination will also determine the presence of malware, the time of its launch, the presence of encrypted container files, the anonymization tools used on the computer, and so on.
To top it all off, the accused's abilities and skills are evaluated based on their education, work, and interests. Information confirming that he has knowledge in the field of IT will be used to confirm the accusation.
Please specify here. Just the fact that the accused works as a system administrator and is interested in the pentest will not be enough to convict an innocent person, so all of the above is considered in aggregate.
This is not my IP address
Such claims can be easily refuted by asking the provider who owns the IP address from which the computer attacks were conducted. And it doesn't matter if a static or dynamic IP address was used-in accordance with the Spring law, the provider stores information about the IP address allocated to you for six months. Enough time to gather the necessary evidence.I didn't hack anything, I just checked how it works
This is how script kiddies are excused: "I downloaded the program, installed it, clicked start, and then everything turned out somehow..." And they can be quite sincere. But it doesn't do any good. By itself, the fact of using malware is already illegal and entails criminal penalties. And if the target of the attack "accidentally" turned out to be a resource classified as "Objects of critical information Infrastructure of the Russian Federation", then the punishment for such an act will be stricter, up to imprisonment for a term of two to five years.I only provided the material
The theft of money from bank accounts is carried out by a group of individuals whose roles are pre-allocated. In addition to coders, cryptographers, trappers, and fillers that interact directly with malware, it also includes dropers and cashiers. Their duties are limited to finding drops, working with them, and transferring funds to the provided bank details.When they appear in court, these guys try to prove that their job was only to find people and transfer money. They haven't heard of any criminal schemes or malware.
Such statements are easily refuted by the results of operational search activities and investigative actions. They interview witnesses, analyze phone conversations, correspondence with other members of a criminal group, raise bank transactions, and so on. As a rule, the totality of all this information makes it possible to prove that the accused knew how the money was received and why the drop bank cards were needed.
Among other things, these villains are also punished under Article 273 of the Criminal Code of the Russian Federation ("Use of malicious software"). And let them not be directly involved in the launch and installation of malware. It is enough for the investigation to prove that the money was stolen by an organized group of individuals. Participation in it automatically entails a penalty under this article of the Criminal Code.
Similar methods of protection are also used by those accused of hacking ATMs using malware such as Cutlet Maker. They easily agree with the accusations of stealing money, but they can't figure out what kind of malware they are talking about. At the same time, the accused refer to their lack of special knowledge in information technologies. This once again confirms that in our time, an ordinary thief with a drill, flash drive and USB cord in his hands can become a "cybercriminal".
I was following orders from the FSB
The head of the Lurk hacker group was probably not the first to resort to such an excuse for his activities. But it was his statement that received wide publicity. Let me remind you of what it was like.Konstantin Kozlovsky, accused of stealing 1.7 billion rubles and attacking critical infrastructure of the Russian Federation, said that he committed crimes at the instigation of FSB officers. To give even greater significance to these words, he claimed responsibility for hacking the servers of the US Democratic Party and Hillary Clinton's email in 2016. The court was skeptical of such a statement. The US Department of Justice also never claimed that Kozlovsky was involved in these computer attacks.
The trial of the members of the Lurk group continues, and perhaps we are waiting for even more sensational and frank statements from their leader.
What helps:
Active assistance in crime detection, confession, special procedure
In the vast majority of criminal cases, cybercriminals resort to such methods of mitigation of punishment, if the investigation has enough evidence of their guilt. This is not surprising — if the police have your hard drive with a collection of malware, a base for brutus and the received valid accounts, it would be strange to unlock. You can, of course, resort to the methods from the first part of the article, but there is a chance to spoil everything completely.Compensation for material and non-pecuniary damage
You have to pay for everything, and most often in cash. It is better to compensate for material damage at the stage of the investigation, then the court will consider this as a mitigating circumstance. If only one of the members of the criminal group can be caught, then he will be responsible for all of them by his own means. This is often the case when detaining drop-drivers, cashiers, and other low-skilled cyber villains.Apologizing to the affected party
Here everything is simple: the rules of good taste are welcomed by the court. You can apologize in any form-in person, by mail, or in public. The main thing is not to forget to fix it.Team's request
Positive characterization and intercession from the work team often help IT professionals who commit cybercrime when they learn the basics of cybersecurity and pentest.Lecture on the inadmissibility of illegal activities
A relatively new method of mitigating punishment, which is positively considered in court. It is often used by script kiddies who accidentally attack a state resource. Lectures are held at universities, schools, or at the workplace. It is believed that this helps other novice hackers not to embark on a slippery path of crime.It didn't work on Ru
For many years, following this principle allowed cyber villains to avoid punishment for their crimes. Recently, the picture is changing. Examples of cyber fraudsters and criminals who broke into the computers of foreign citizens and organizations and stole money began to appear in court.Nevertheless, compliance with this rule helped the extortionist from the Vologda region to avoid severe punishment. For encrypting about 2,000 foreign computers and receiving about four million rubles as a ransom, he was assigned a seven-month suspended sentence, with a probation period of one year and a fine of 100,000 rubles. Similar actions against Russian users would certainly have led to more severe penalties.
Out of love for the Motherland
An activist of the United Russia party from Sochi explained the reasons for cybercrime in these words. It was back in 2011. Feeling personal hostility to those who expressed dissatisfaction with the results of the State Duma elections, he blocked the phones of election commission members and opposition supporters using SkypePhoneKiller, SkypeX, Rings Skyper, Mobile Attacker, and SIP Unlock flooders. He also launched DDoS attacks on local news sites.The activist received a sentence of restriction of freedom, but immediately in the courtroom was amnestied and released from the imposed sentence and criminal record in accordance with the decision of State Duma deputies.
Conclusions
In an attempt to evade punishment for crimes committed, cyber villains resort to a variety of methods. Some of them sound very cynical, absurd and stupid. The result is natural.Sometimes the accused did not even know that they had committed dangerous acts. After reading manuals on how to hack remote resources on the dark Web, these enthusiasts boldly rush into battle, without thinking about the consequences. Perhaps the state should conduct educational work among this category of users in order to warn them against wrong steps. And it would be great to do this not only in schools, universities and on the website of the "Safe Internet League".
But statements of loyalty and love for our country can help to avoid severe punishment or significantly reduce it. The main thing is to do it sincerely. It should be noted that the Criminal Code does not limit the list of circumstances that mitigate punishment.
But the best way to avoid it is to avoid committing crimes. And then you will definitely not have to fantasize about "How did it happen?" or get acquainted with the subtleties of the Russian judicial system.