Cloned Boy
Professional
- Messages
- 1,160
- Reaction score
- 883
- Points
- 113
SEARCHES OF HACKERS.
Famous carder Sergey Pavlovich continues his conversation with employees of Group-IB, the main Russian private fighter against hackers, carders and other cybercriminals, and in the eighteenth episode of the series we met in the company's office to see everything live, and we talk with a specialist of the Group-IB computer forensics laboratory, Simonyan Alexander Arshutovich.
Enjoy reading!
Contents:
Alexander Simonyan – forensic scientist
Pavlovich:
Friends, we caught another Group-IB employee. More precisely, he probably caught us, because he is a former major of the Ministry of Internal Affairs, if I may say so, right? We caught him. We caught him. Tell us what you do, introduce yourself and what is your main function in the department.
Specialist:
My name is Alexander, computer forensics laboratory. I am a forensic scientist of the laboratory. This is a specialist who conducts examinations, research with information carriers, with any. Accordingly, we restore data, look for some digital traces and, accordingly, answer the questions posed by the customer.
Reference:
Simonyan Alexander Arshutovich (specialist of the computer forensics laboratory of Group-IB).
Pavlovich:
Well, in general, about the same as Nikitin, right?
Specialist:
Well, yes, yes, yes. That is, we have a specialized lab, since forensics, yes, this is common. That's it. Well, and, as a matter of fact, this laboratory where we do all this, and our specialists, as is no secret to you, often participate in various investigative and operational activities.
Pavlovich:
Well, Nikitin told me, there, he is cruel, he says, in general, there, he likes explosions.
A funny incident: the arrest of an undercover hacker
Specialist:
Seryoga is always furious. He is for coming in suddenly, with effect, well, as a rule, it brings certain results, that's it. Well, there are such funny incidents. By the way, I can remember one incident. We had one such important hacker arrested in one of the provincial cities of Russia. We knew from cyber intelligence that he had a working laptop, where all the facts, all the evidence we need were stored, it was encrypted.
And it was fundamentally important at the moment of entering the apartment, when the special forces enter, it is very important that the computer is open, and preferably a password is entered to decrypt the system, because we knew that his password is strong, and even if we seize this equipment, we will not be able to do anything with it, because we will not be able to decrypt it. Pick a password.
That's it. And we came up with this story that we also knew from intelligence that his Internet provider was in the neighboring building. That's how it happened. It's just a small provincial town, his Internet provider was in the neighboring building, and his Internet periodically went down. And he always called in repairmen to fix it, because for him, having the Internet is a critical situation. It must always work stably.
Pavlovich:
Well, how did you find out, figuratively speaking, from the Nephili, let's say, Messengers read the correspondence?
Specialist:
No, all the operatives did it using their own methods. Wiretapping, of course. Standard reconnaissance that they conduct. And it was decided that we would dress up as craftsmen, we contacted the provider, they allocated us outfits of craftsmen, what they wear, logos, all the stuff with these boxes. And who was there? You were there? Me and an operative. Did we come together?
We came together, well, we cut off his internet, naturally, he immediately calls back 5 minutes later, urgently fix my internet. That's it. Ten in the morning, I think it was or nine, so we go to the floor, he calls, naturally, he looks at the cameras there, his security was set up terribly, there were, in general, two iron doors and so on, but he looks at the cameras, what it is, yes, employees and providers are there, we introduce ourselves.
Well, he's used to this.
Pavlovich:
Yes, yes, this is a standard situation for him, absolutely.
Specialist:
And he was very cautious. He himself has always been in this mood, so he treated security directly.
Pavlovich:
Friends, I want to tell you about the proven and first regulated crypto exchange in the CIS Currency.Com. The company is audited annually by one of the audit companies, the so-called "Big Four". On the Currency platform, you can easily buy and sell cryptocurrencies using fiat funds. Currency.Com has a direct account with Sberbank, which allows clients, that is, you, to save on commissions. It also provides one of the most favorable rates when purchasing or selling cryptocurrency through fiat.
Currency.Com offers cryptocurrencies such as Bitcoin, Ethereum, Bitcoin Cash, Ripple, Litecoin, USDT and others for exchange and trading. The platform also offers more than 2,000 tokenized assets for investment and trading. And if you suddenly do not know what a tokenized asset is, then it is any asset, security, raw material, index, like in traditional funds on exchanges, but expressed in tokens.
And I want to say that this is probably the only, at least I don’t know any other, crypto exchange where you can buy tokens of oil, coffee, or stocks, which is very convenient. The platform also offers the opportunity to trade on a demo account with the full functionality of a real account. And Currency.Com constantly holds public competitions for traders, the winners of which receive significant rewards. Currency.Com, I will leave the link in the description, register, deposit at least $20, make at least one leveraged transaction and receive a $50 bonus from Currency.Com.
Link in the description.
Specialist:
Well, and actually, he opens the door, we're there in caps, in these outfits, hello there, well, show us where your router is, we'll look at the router now, we looked at the router for show, well, we don't see anything here, but show us your workstation, like you need to go into the settings, yeah, on this laptop, and right in front of us he enters the password to unlock the system, accordingly, and at that moment something happens that he didn't expect, accordingly,
we...
Pavlovich:
So, did you show your ID or take out a gun or what?
Specialist:
No-no-no, at that moment the special forces just come in, well, that's not my job, we naturally interact with the heavy ones, but they put him on the floor already. And he didn't rush to turn off the laptop? And there we are just standing, we blocked everything. Oh, near the laptop. Of course, of course. And, actually, on the laptop we found the invoice that we needed. Accordingly, there was evidence and all the correspondence with all the members of the group with whom he interacted.
That is, there, along the chain, they have already rolled out a lot of how many years 10-15 received yes, listen, no, in my opinion, the process is still ongoing, he is not even under arrest, our legislation, you know, yes, it is very difficult for now for a cybercrime, your participation, I do not know, the Belarusian one is tough, but everything is in the process, well, listen.
Working with investigators, protecting lawyers
Specialist:
We generally take part in many high-profile cases to catch hackers, criminal groups in Russia, international, so we have experience. The most important thing here is when you, we in our area always consult the investigator, because investigators are operatives, as a rule, they do not know, do not understand the nuances of all this, and we always
consult them so that during the arrest, during the seizure, there, I don’t know, the search, in addition to the departmental expert, there is also a specialist at a level who is much higher in competence, and so that during the search the equipment is correctly seized. Because it often happens that serial numbers are described incorrectly.
This is very important, and it is important to get the necessary information there in the moment, which can be quickly, efficiently analyzed and put into action. And sometimes it happens that mobile phones, a trivial example, a lot of cases when he arrives, confiscates an iPhone, does not switch to airplane mode, does not put it in a Faraday cage, and, accordingly, the villain simply erases, zeroes out the data a day later, when he is released, through iCloud, through Apple ID, this is a complete disaster.
Therefore, it is very important to correctly and professionally formalize everything at the search site, to do everything.
Pavlovich:
Yes, because if you write the wrong serial number, he will say that this is none of my business at all. That's it, the lawyer will ruin it. Right?
Specialist:
Any lawyer who has some understanding of such events, there are already quite a few of them, because they know...
Pavlovich:
I have advised some, Mironov for example. I defended a group, the guy drove a Lamborghini, maybe you remember the case. And the son of the Ukrainian who drove the Lamborghini ordered a pizza from some old mobile phone. I think he got 13 years.
Sergey Nikitin was recognized during interrogation
Specialist:
Lawyers ask for a lot of money for such cases, because there are relatively few of them. Therefore, it is very important to conduct a search correctly and consult the investigation and interrogate.
It is very important to interrogate correctly. We had a case when your beloved Sergey Nikitin during interrogation... Seryozha, hi! During interrogation, the hacker recognized him, like I saw you on People, no questions.
What functions does Alexander
Pavlovich perform:
Give me a 10 percent cashback. You are a fierce beast, in general, I give you the whole layout and so on. And who, what other functions are you doing now besides these?
Specialist:
Well, a presell manager, an employee, a person who connects the technical staff with specialists, with our customers, with our managers AND the client. That is, a person who can explain to both of them, in general, in business language, what the client needs, what happened, and so on.
Pavlovich:
And who? An important question. Your services, as far as I have reviewed the investigation of, for example, who is behind the DOS attack, are some kind of astronomical money. And who pays in this case for your participation in catching this hacker, as you said? And now, well, through Prolander employees.
Specialist:
There is always an interested party, that is, the end client, the customer.
Working with the Ministry of Internal Affairs, the FSB and the Investigative Committee
Pavlovich:
There was some kind of, as I understand it, international investigation here, or what was it?
Specialist:
That is, catching these hackers? Well, yes. Well, we constantly have such events.
Pavlovich:
But it wasn’t the Ministry of Internal Affairs that paid you, right?
Specialist:
No, no, no. The Ministry of Internal Affairs can officially pay. They have limits on certain events.
Pavlovich:
Well, with your prices, they are exhausted for a year in advance for one case.
Specialist:
Here the situation is as follows, that we work with the Ministry of Internal Affairs for free, because we are interested in getting data, enriching our knowledge base, because there are new cases, which, for example, no one is aware of yet, and the malware may be new, or some tactics, methods, and, accordingly, we actively help the Ministry of Internal Affairs to enrich our knowledge base. This is valuable for us.
Pavlovich:
And with whom, for example, from the security agencies do we have to interact more often? Is it the Ministry of Internal Affairs, the FSB?
Specialist:
In the FSB, very rarely, practically none. This is the Ministry of Internal Affairs and the Investigative Committee. That is, the main high-profile cases, of course, are investigated by the Ministry of Internal Affairs, BSTM, Department K. In Belarus, I don’t remember what they are called, by the way.
Pavlovich:
In my opinion, they are not in the Ministry of Internal Affairs, but in the KGB.
Specialist:
On the cyber line.
Pavlovich:
Well, somehow it’s all there now, it’s just all mixed up now. They also singled out the Investigative Committee. I don’t know what it’s called anymore.
Specialist:
Well, the Investigative Committee is purely investigators, partly lawyers, for the most part, yes, and the operational services are the Ministry of Internal Affairs. That is, the Ministry of Internal Affairs provides support, operatives from the Ministry of Internal Affairs provide support to the Investigative Committee.
Pavlovich:
For example, the level of these Belarusian law enforcement officers from Department K, I just encountered them twice and I know firsthand, it is really very high, but if you take, you also work in the regions and so on, just regardless of regalia and so on, yes, that is, if you really assess the level of Russian law enforcement officers in the area of combating computer crime, there, on a scale of, say, one hundred percent, that is, what is it like for them, that is, there?
Conferences for advanced training
Specialist:
Listen, well, on a one hundred percent scale, I would probably give sixty. That is, well, that is quite a lot. I will tell you that it is gradually growing, we actively interact with them, that is, we periodically conduct training, explain, that is, we have some conferences there, where we gather the main investigators or operatives who are in these areas. Accordingly, we tell them the trends there, what is relevant now, how all this is investigated.
Pavlovich:
These are the key ones, right? That is, the heads of the department, figuratively speaking, who will then convey this to their subordinates?
"We train Europol and Interpol"
Specialist:
Well, not even the heads, but the actual executors themselves, that is, the investigators who will directly investigate the case. It is really important for them to understand and know this. Often you encounter situations when there is resonance, some kind of criminal case, and the investigator absolutely does not understand what is wanted from him. And so we conduct training in such situations. Well, we also train Interpol, Europol, for example.
Pavlovich:
That is, you, a Russian company, train Interpol and Europol. By all logic, yes, as in connection with the West, they should you, in theory.
Specialist:
Yes, I am an official partner of Europol, Interpol. Accordingly, we interact with them along the line, again, of any investigations along the cyber line, detentions, arrests. That is, we know them.
The most interesting thing about the work of a forensic scientist
Pavlovich:
Our conversation is coming to an end. What is the most interesting thing about your work?
Specialist:
Listen, the most interesting thing is that, look, any crime, today, or practically any crime, already leaves digital traces. And be it a financial crime...
Pavlovich:
Do you mean in the computer world? Yes, yes, yes, in the digital world. Murders, car thefts as well?
Specialist:
Well, even car thefts and murders, in any case, you correspond there, or call someone, and so on. All this ends up with us in any case. And the most interesting thing is when you actually find digital evidence that ultimately leads to a result, that is, to the actual capture of the villain. You understand, this is not some kind of fanaticism that you really enjoy, that your work bears fruit. That is, you should simply live by this.
Expansion of Group-IB
Pavlovich:
And as a person connected with sales, what needs to be done to make the services of your company and similar ones cheaper and available to a wider range of, for example, companies?
Expert:
Yeah, listen, you can't really give any recommendations here, we just know our level of competence, we know who we are, we know how long we've been on the market, and we know our competitors, so the prices that are there now, well, roughly speaking, our price list, in our opinion, it's adequate.
Pavlovich:
No, I'm not saying it's inadequate, it's just possible to do it, expand the staff there, open hundreds of offices there.
Expert:
Well, we're moving in that direction. You see, we're slowly taking over the world. An office is opening in Amsterdam, Singapore, and now in Dubai. It's just that foreign countries see potential in this. That's why our services and products sell much better abroad than in Russia. But the main cash flow, let's say, still comes from the West, right? Well, not the main one yet, but everything is moving in that direction.
Everything is moving in that direction, because in the West the information security culture is much higher than in Russia, unfortunately. Because in Russia, until you get a shock, you won't come to your senses, you won't start to protect yourself in some specific way, so that you will never be protected not 100%, but 100%. But in the West, for example, if you are a large company, you can buy one service from five different vendors.
And for them, this is just normal. But in Russia, for one to buy five different vendors, some solution or product, I can't imagine what kind of company it should be.
"The future is digital"
Pavlovich:
You just reminded me of a situation, my company recently had one, we had an OVH data center in France, it recently burned down, 3 million of these sites went down around the world, across Europe. And we had the main database on one machine, a backup on the second. The first building was our fourth, and the second, third burned down. Well, it so happened that both the first and the fourth were without power. That is, well, it's such a... Ours, thank God, were not damaged, but it was the first bell that we still need to go in.
Well, yes, yes.
Specialist:
Well, it's just that... The future is digital. In any case. And no matter how much you want it, you have to keep up, yes, with the trends and with the times. And if you are a business owner, you should already understand that a significant part of your costs should be on information security. Because this physical, this fraud, all this has already passed. Well, when, the last time we remember, when they walked into a bank with weapons and actually robbed.
Almost all of that is already a thing of the past.
Pavlovich:
Maximum collectors, right?
Specialist:
Well, yes, yes, yes. That is, it is much easier to sit at home comfortably somewhere in Miami or Thailand at the computer and just withdraw funds.
Why are people concerned about security in the West
Pavlovich:
But you also think, why in this, why do Western companies pay more attention there and invest their funds, because there are serious penalties for this. That is, if your client database leaked, you will be fined 50 million, 500 dollars, depending on the scale of the leak. Including.
Specialist:
In Russia, if...
Pavlovich:
Leaked, well... Well, leaked.
Specialist:
Well, they will give you a suspended sentence or, I don’t know, well, the punishment is really paltry. That’s it.
Pavlovich:
Okay, thank you very much. You’re welcome, you’re welcome. Nice to meet you. Well, in short, if this, if you are attracted to all sorts of searches, searches and explosions, yes, this is to Nikitin or to Alexander.
Specialist:
Thank you very much.
Pavlovich:
See you on the screens.
Hacking, phishing, distribution of malware, to be continued...
Specialist:
Look, we are now going to SERT, there is such a cool room there. These are the guys who monitor the Internet. And when phishing resources appear there, someone starts distributing malware, someone was hacked, and they start doing something in his name. They are the ones who revoke registrations, take data from hosters, block domains. They are the ones who are written to by enraged resource owners. Like, you blocked my domain, why?
And they just don’t know, let’s say, that they were hacked and all sorts of things are being spilled from them. Plus they are the ones who monitor our solution, our products from our clients. What is happening there and how. That’s why that very sergip. Let’s go in.
Famous carder Sergey Pavlovich continues his conversation with employees of Group-IB, the main Russian private fighter against hackers, carders and other cybercriminals, and in the eighteenth episode of the series we met in the company's office to see everything live, and we talk with a specialist of the Group-IB computer forensics laboratory, Simonyan Alexander Arshutovich.
Enjoy reading!
Contents:
- Alexander Simonyan – forensic scientist
- Funny story: undercover hacker caught
- Working with investigators, defending lawyers
- Sergei Nikitin was recognized during interrogation
- What functions does Alexander perform?
- Work with the Ministry of Internal Affairs, the FSB and the Investigative Committee
- Conferences for professional development
- "We train Europol and Interpol"
- The most interesting thing about being a forensic scientist
- Group-IB expansion
- "The future is digital"
- Why the West is concerned about security
- Hacking, phishing, malware distribution, to be continued...
Alexander Simonyan – forensic scientist
Pavlovich:
Friends, we caught another Group-IB employee. More precisely, he probably caught us, because he is a former major of the Ministry of Internal Affairs, if I may say so, right? We caught him. We caught him. Tell us what you do, introduce yourself and what is your main function in the department.
Specialist:
My name is Alexander, computer forensics laboratory. I am a forensic scientist of the laboratory. This is a specialist who conducts examinations, research with information carriers, with any. Accordingly, we restore data, look for some digital traces and, accordingly, answer the questions posed by the customer.
Reference:
Simonyan Alexander Arshutovich (specialist of the computer forensics laboratory of Group-IB).
Pavlovich:
Well, in general, about the same as Nikitin, right?
Specialist:
Well, yes, yes, yes. That is, we have a specialized lab, since forensics, yes, this is common. That's it. Well, and, as a matter of fact, this laboratory where we do all this, and our specialists, as is no secret to you, often participate in various investigative and operational activities.
Pavlovich:
Well, Nikitin told me, there, he is cruel, he says, in general, there, he likes explosions.
A funny incident: the arrest of an undercover hacker
Specialist:
Seryoga is always furious. He is for coming in suddenly, with effect, well, as a rule, it brings certain results, that's it. Well, there are such funny incidents. By the way, I can remember one incident. We had one such important hacker arrested in one of the provincial cities of Russia. We knew from cyber intelligence that he had a working laptop, where all the facts, all the evidence we need were stored, it was encrypted.
And it was fundamentally important at the moment of entering the apartment, when the special forces enter, it is very important that the computer is open, and preferably a password is entered to decrypt the system, because we knew that his password is strong, and even if we seize this equipment, we will not be able to do anything with it, because we will not be able to decrypt it. Pick a password.
That's it. And we came up with this story that we also knew from intelligence that his Internet provider was in the neighboring building. That's how it happened. It's just a small provincial town, his Internet provider was in the neighboring building, and his Internet periodically went down. And he always called in repairmen to fix it, because for him, having the Internet is a critical situation. It must always work stably.
Pavlovich:
Well, how did you find out, figuratively speaking, from the Nephili, let's say, Messengers read the correspondence?
Specialist:
No, all the operatives did it using their own methods. Wiretapping, of course. Standard reconnaissance that they conduct. And it was decided that we would dress up as craftsmen, we contacted the provider, they allocated us outfits of craftsmen, what they wear, logos, all the stuff with these boxes. And who was there? You were there? Me and an operative. Did we come together?
We came together, well, we cut off his internet, naturally, he immediately calls back 5 minutes later, urgently fix my internet. That's it. Ten in the morning, I think it was or nine, so we go to the floor, he calls, naturally, he looks at the cameras there, his security was set up terribly, there were, in general, two iron doors and so on, but he looks at the cameras, what it is, yes, employees and providers are there, we introduce ourselves.
Well, he's used to this.
Pavlovich:
Yes, yes, this is a standard situation for him, absolutely.
Specialist:
And he was very cautious. He himself has always been in this mood, so he treated security directly.
Pavlovich:
Friends, I want to tell you about the proven and first regulated crypto exchange in the CIS Currency.Com. The company is audited annually by one of the audit companies, the so-called "Big Four". On the Currency platform, you can easily buy and sell cryptocurrencies using fiat funds. Currency.Com has a direct account with Sberbank, which allows clients, that is, you, to save on commissions. It also provides one of the most favorable rates when purchasing or selling cryptocurrency through fiat.
Currency.Com offers cryptocurrencies such as Bitcoin, Ethereum, Bitcoin Cash, Ripple, Litecoin, USDT and others for exchange and trading. The platform also offers more than 2,000 tokenized assets for investment and trading. And if you suddenly do not know what a tokenized asset is, then it is any asset, security, raw material, index, like in traditional funds on exchanges, but expressed in tokens.
And I want to say that this is probably the only, at least I don’t know any other, crypto exchange where you can buy tokens of oil, coffee, or stocks, which is very convenient. The platform also offers the opportunity to trade on a demo account with the full functionality of a real account. And Currency.Com constantly holds public competitions for traders, the winners of which receive significant rewards. Currency.Com, I will leave the link in the description, register, deposit at least $20, make at least one leveraged transaction and receive a $50 bonus from Currency.Com.
Link in the description.
Specialist:
Well, and actually, he opens the door, we're there in caps, in these outfits, hello there, well, show us where your router is, we'll look at the router now, we looked at the router for show, well, we don't see anything here, but show us your workstation, like you need to go into the settings, yeah, on this laptop, and right in front of us he enters the password to unlock the system, accordingly, and at that moment something happens that he didn't expect, accordingly,
we...
Pavlovich:
So, did you show your ID or take out a gun or what?
Specialist:
No-no-no, at that moment the special forces just come in, well, that's not my job, we naturally interact with the heavy ones, but they put him on the floor already. And he didn't rush to turn off the laptop? And there we are just standing, we blocked everything. Oh, near the laptop. Of course, of course. And, actually, on the laptop we found the invoice that we needed. Accordingly, there was evidence and all the correspondence with all the members of the group with whom he interacted.
That is, there, along the chain, they have already rolled out a lot of how many years 10-15 received yes, listen, no, in my opinion, the process is still ongoing, he is not even under arrest, our legislation, you know, yes, it is very difficult for now for a cybercrime, your participation, I do not know, the Belarusian one is tough, but everything is in the process, well, listen.
Working with investigators, protecting lawyers
Specialist:
We generally take part in many high-profile cases to catch hackers, criminal groups in Russia, international, so we have experience. The most important thing here is when you, we in our area always consult the investigator, because investigators are operatives, as a rule, they do not know, do not understand the nuances of all this, and we always
consult them so that during the arrest, during the seizure, there, I don’t know, the search, in addition to the departmental expert, there is also a specialist at a level who is much higher in competence, and so that during the search the equipment is correctly seized. Because it often happens that serial numbers are described incorrectly.
This is very important, and it is important to get the necessary information there in the moment, which can be quickly, efficiently analyzed and put into action. And sometimes it happens that mobile phones, a trivial example, a lot of cases when he arrives, confiscates an iPhone, does not switch to airplane mode, does not put it in a Faraday cage, and, accordingly, the villain simply erases, zeroes out the data a day later, when he is released, through iCloud, through Apple ID, this is a complete disaster.
Therefore, it is very important to correctly and professionally formalize everything at the search site, to do everything.
Pavlovich:
Yes, because if you write the wrong serial number, he will say that this is none of my business at all. That's it, the lawyer will ruin it. Right?
Specialist:
Any lawyer who has some understanding of such events, there are already quite a few of them, because they know...
Pavlovich:
I have advised some, Mironov for example. I defended a group, the guy drove a Lamborghini, maybe you remember the case. And the son of the Ukrainian who drove the Lamborghini ordered a pizza from some old mobile phone. I think he got 13 years.
Sergey Nikitin was recognized during interrogation
Specialist:
Lawyers ask for a lot of money for such cases, because there are relatively few of them. Therefore, it is very important to conduct a search correctly and consult the investigation and interrogate.
It is very important to interrogate correctly. We had a case when your beloved Sergey Nikitin during interrogation... Seryozha, hi! During interrogation, the hacker recognized him, like I saw you on People, no questions.
What functions does Alexander
Pavlovich perform:
Give me a 10 percent cashback. You are a fierce beast, in general, I give you the whole layout and so on. And who, what other functions are you doing now besides these?
Specialist:
Well, a presell manager, an employee, a person who connects the technical staff with specialists, with our customers, with our managers AND the client. That is, a person who can explain to both of them, in general, in business language, what the client needs, what happened, and so on.
Pavlovich:
And who? An important question. Your services, as far as I have reviewed the investigation of, for example, who is behind the DOS attack, are some kind of astronomical money. And who pays in this case for your participation in catching this hacker, as you said? And now, well, through Prolander employees.
Specialist:
There is always an interested party, that is, the end client, the customer.
Working with the Ministry of Internal Affairs, the FSB and the Investigative Committee
Pavlovich:
There was some kind of, as I understand it, international investigation here, or what was it?
Specialist:
That is, catching these hackers? Well, yes. Well, we constantly have such events.
Pavlovich:
But it wasn’t the Ministry of Internal Affairs that paid you, right?
Specialist:
No, no, no. The Ministry of Internal Affairs can officially pay. They have limits on certain events.
Pavlovich:
Well, with your prices, they are exhausted for a year in advance for one case.
Specialist:
Here the situation is as follows, that we work with the Ministry of Internal Affairs for free, because we are interested in getting data, enriching our knowledge base, because there are new cases, which, for example, no one is aware of yet, and the malware may be new, or some tactics, methods, and, accordingly, we actively help the Ministry of Internal Affairs to enrich our knowledge base. This is valuable for us.
Pavlovich:
And with whom, for example, from the security agencies do we have to interact more often? Is it the Ministry of Internal Affairs, the FSB?
Specialist:
In the FSB, very rarely, practically none. This is the Ministry of Internal Affairs and the Investigative Committee. That is, the main high-profile cases, of course, are investigated by the Ministry of Internal Affairs, BSTM, Department K. In Belarus, I don’t remember what they are called, by the way.
Pavlovich:
In my opinion, they are not in the Ministry of Internal Affairs, but in the KGB.
Specialist:
On the cyber line.
Pavlovich:
Well, somehow it’s all there now, it’s just all mixed up now. They also singled out the Investigative Committee. I don’t know what it’s called anymore.
Specialist:
Well, the Investigative Committee is purely investigators, partly lawyers, for the most part, yes, and the operational services are the Ministry of Internal Affairs. That is, the Ministry of Internal Affairs provides support, operatives from the Ministry of Internal Affairs provide support to the Investigative Committee.
Pavlovich:
For example, the level of these Belarusian law enforcement officers from Department K, I just encountered them twice and I know firsthand, it is really very high, but if you take, you also work in the regions and so on, just regardless of regalia and so on, yes, that is, if you really assess the level of Russian law enforcement officers in the area of combating computer crime, there, on a scale of, say, one hundred percent, that is, what is it like for them, that is, there?
Conferences for advanced training
Specialist:
Listen, well, on a one hundred percent scale, I would probably give sixty. That is, well, that is quite a lot. I will tell you that it is gradually growing, we actively interact with them, that is, we periodically conduct training, explain, that is, we have some conferences there, where we gather the main investigators or operatives who are in these areas. Accordingly, we tell them the trends there, what is relevant now, how all this is investigated.
Pavlovich:
These are the key ones, right? That is, the heads of the department, figuratively speaking, who will then convey this to their subordinates?
"We train Europol and Interpol"
Specialist:
Well, not even the heads, but the actual executors themselves, that is, the investigators who will directly investigate the case. It is really important for them to understand and know this. Often you encounter situations when there is resonance, some kind of criminal case, and the investigator absolutely does not understand what is wanted from him. And so we conduct training in such situations. Well, we also train Interpol, Europol, for example.
Pavlovich:
That is, you, a Russian company, train Interpol and Europol. By all logic, yes, as in connection with the West, they should you, in theory.
Specialist:
Yes, I am an official partner of Europol, Interpol. Accordingly, we interact with them along the line, again, of any investigations along the cyber line, detentions, arrests. That is, we know them.
The most interesting thing about the work of a forensic scientist
Pavlovich:
Our conversation is coming to an end. What is the most interesting thing about your work?
Specialist:
Listen, the most interesting thing is that, look, any crime, today, or practically any crime, already leaves digital traces. And be it a financial crime...
Pavlovich:
Do you mean in the computer world? Yes, yes, yes, in the digital world. Murders, car thefts as well?
Specialist:
Well, even car thefts and murders, in any case, you correspond there, or call someone, and so on. All this ends up with us in any case. And the most interesting thing is when you actually find digital evidence that ultimately leads to a result, that is, to the actual capture of the villain. You understand, this is not some kind of fanaticism that you really enjoy, that your work bears fruit. That is, you should simply live by this.
Expansion of Group-IB
Pavlovich:
And as a person connected with sales, what needs to be done to make the services of your company and similar ones cheaper and available to a wider range of, for example, companies?
Expert:
Yeah, listen, you can't really give any recommendations here, we just know our level of competence, we know who we are, we know how long we've been on the market, and we know our competitors, so the prices that are there now, well, roughly speaking, our price list, in our opinion, it's adequate.
Pavlovich:
No, I'm not saying it's inadequate, it's just possible to do it, expand the staff there, open hundreds of offices there.
Expert:
Well, we're moving in that direction. You see, we're slowly taking over the world. An office is opening in Amsterdam, Singapore, and now in Dubai. It's just that foreign countries see potential in this. That's why our services and products sell much better abroad than in Russia. But the main cash flow, let's say, still comes from the West, right? Well, not the main one yet, but everything is moving in that direction.
Everything is moving in that direction, because in the West the information security culture is much higher than in Russia, unfortunately. Because in Russia, until you get a shock, you won't come to your senses, you won't start to protect yourself in some specific way, so that you will never be protected not 100%, but 100%. But in the West, for example, if you are a large company, you can buy one service from five different vendors.
And for them, this is just normal. But in Russia, for one to buy five different vendors, some solution or product, I can't imagine what kind of company it should be.
"The future is digital"
Pavlovich:
You just reminded me of a situation, my company recently had one, we had an OVH data center in France, it recently burned down, 3 million of these sites went down around the world, across Europe. And we had the main database on one machine, a backup on the second. The first building was our fourth, and the second, third burned down. Well, it so happened that both the first and the fourth were without power. That is, well, it's such a... Ours, thank God, were not damaged, but it was the first bell that we still need to go in.
Well, yes, yes.
Specialist:
Well, it's just that... The future is digital. In any case. And no matter how much you want it, you have to keep up, yes, with the trends and with the times. And if you are a business owner, you should already understand that a significant part of your costs should be on information security. Because this physical, this fraud, all this has already passed. Well, when, the last time we remember, when they walked into a bank with weapons and actually robbed.
Almost all of that is already a thing of the past.
Pavlovich:
Maximum collectors, right?
Specialist:
Well, yes, yes, yes. That is, it is much easier to sit at home comfortably somewhere in Miami or Thailand at the computer and just withdraw funds.
Why are people concerned about security in the West
Pavlovich:
But you also think, why in this, why do Western companies pay more attention there and invest their funds, because there are serious penalties for this. That is, if your client database leaked, you will be fined 50 million, 500 dollars, depending on the scale of the leak. Including.
Specialist:
In Russia, if...
Pavlovich:
Leaked, well... Well, leaked.
Specialist:
Well, they will give you a suspended sentence or, I don’t know, well, the punishment is really paltry. That’s it.
Pavlovich:
Okay, thank you very much. You’re welcome, you’re welcome. Nice to meet you. Well, in short, if this, if you are attracted to all sorts of searches, searches and explosions, yes, this is to Nikitin or to Alexander.
Specialist:
Thank you very much.
Pavlovich:
See you on the screens.
Hacking, phishing, distribution of malware, to be continued...
Specialist:
Look, we are now going to SERT, there is such a cool room there. These are the guys who monitor the Internet. And when phishing resources appear there, someone starts distributing malware, someone was hacked, and they start doing something in his name. They are the ones who revoke registrations, take data from hosters, block domains. They are the ones who are written to by enraged resource owners. Like, you blocked my domain, why?
And they just don’t know, let’s say, that they were hacked and all sorts of things are being spilled from them. Plus they are the ones who monitor our solution, our products from our clients. What is happening there and how. That’s why that very sergip. Let’s go in.
