Hacker
Professional
- Messages
- 1,041
- Reaction score
- 852
- Points
- 113
Question: - What does FBI do? What is the specific nature of its work?
- FBI investigates crimes in the field of high technologies. In addition, there is an economic focus in our work. In fact, this category includes all crimes related to fraud, which were carried out using the Internet. Most often, we are talking about crimes related to electronic payments. According to the law, all such crimes must pass through our Department.
Mostly, of course, we investigate hacking - emails, websites, and social networks. Another area is the investigation of fraud related to mobile phones.
Question: - What cases do you have to investigate more - fraud or hacking?
- It's hard to say, because everyone has their own focus, their own specialization. Somehow it turned out that last fall there were especially many scams, some wave just went. Most often, scammers presented themselves as employees of US Radio, reported that a person had won the lottery, and in order to receive a prize, they asked to transfer this or that amount to a particular number or mobile wallet. Of course, US Radio did not hold any lottery, and all the phones used by fraudsters to contact their victims were registered in the some state.
Question: - Who deals with such scams-groups or individuals?
- As far as I know, these crimes were committed by a group based in one of the major USA cities. At one time, mobile operators failed in the state. Someone, most likely one of the employees of mobile companies, copied the SIM card numbers that were previously registered, in other words, made duplicates of SIM cards. But all these fraudulent schemes were not born in our country, but were taken from the West. All this has already happened in Europe, in the USA. People either read about these schemes or heard from someone, so they decided to repeat them in USA.
Question: - How are scammers calculated?
"It's very easy to do. Each mobile phone number is linked not only to a specific person, but also to the territory. If necessary, you can make detailed calls and SMS messages. Even if a person has stolen a SIM card, they will be calculated based on their territorial location. Operational information is equally important. We have our own people who periodically provide us with various information. And in general, almost any crime has witnesses. Even if a person doesn't want to be a witness in court, we still work with them and accept information from them.
Question: - It is also interesting to learn how your Department deals with piracy on the Internet. After all, the pirates from the trays are gradually squeezed into the Network, and here is your "diocese".
- Indeed, there are a lot of such cases. Such people are very easy to track down. Basically, we know all of them. We know where these disks are manufactured, where they are stored, and where wholesale outlets are located. In fact, there are very few" firms " that do this, we know all their ways, and we have been working with them for a long time.
Question: - There is another type of Internet piracy. There are many sites that publish links to counterfeit software, and the programs or games themselves are hosted on file-sharing servers, most often foreign ones. What do you do in this case?
- The administration of file-sharing servers provides us with the IP addresses from which the file was downloaded. It is unrealistic to upload something large via a proxy server. Even if the disk image "weighs" 700 megabytes, it will take three to four days to load through a proxy server. In addition, we need a statement from the copyright holder. We need the copyright holder to come to us officially and provide all the necessary data. To compile data on material damage, we need to know how much a single disk costs. But copyright holders rarely come to us with applications.
Question: - As far as I understand, you interact with the administration of those file-sharing services that have representative offices in USA. And if it doesn't exist?
- If it is not available, we request information through the international Department of the Ministry of Internal Affairs. For example, with servers Rapidshare.com, Letitbit.net and Depositfiles.com We have been cooperating for a long time, and I have all the necessary contacts.
Question: - They often talk about such aspects of your activity as identifying extremist websites and blog entries that contradict US legislation. Let's recall at least the sensational case of Syktyvkar blogger Savva Terentyev, who was identified by the employees of the FBI.
- Of course, we record various extremist records on the Internet, record them with the participation of witnesses. Even if a person has deleted something and denies everything, we can easily restore it all. The administration of LiveJournal, LiveInternet and other similar services itself, at our request, restores deleted records and informs us with the indication of IP addresses, of course. Although extremism is, after all, more likely to belong to the FBI. In principle, we are not obligated to transfer cases of this kind to them, but they can contact us themselves.
Question: - Let's say you found an extremist on the Internet. Immediately a case is initiated, a request is made to the hoster to close the site?
"Not at all. We can invite the person first, just have a heart-to-heart conversation with them. As a result of this conversation, it immediately becomes clear whether he wrote it himself or not, whether he knows something about it or not. After all, we can use the IP or MAC address to figure out which computer all this was written from. Even if the recording was made from a phone or PDA, the service information is still saved and you can view it.
Question: - Does FBI monitor torrent networks?
- Basically, right now, copyright holders independently turn to the administration of torrent networks if they find illegal distribution of any of their products. The administration closes giveaways literally after one call or letter from the copyright holder. Previously, this was not the case, but since 2007, this practice has already begun. Sometimes even the copyright holder asks the administration in advance not to distribute their movie, program, or game. And then the moderators themselves find these products and close their distributions.
Question: - What about foreign torrent networks?
- Everything is much more complicated here. Since they are foreign, they have their own legislation. In fact, they have nothing to do with USA and our laws. The Internet is a global network, but if, for example, the site is located at a USA hosting provider, then the crime was committed in USA. The situation with torrents is completely different. But if we see that the pirates have massively relocated from torrents.ru on any site torrents.net then, of course, we will take measures and involve a specialized department of the Ministry of Internal Affairs.
Question: - I would like to recall such crimes as DDoS attacks. How do you manage to find their initiators? After all, they are carried out from many computers simultaneously.
- Attacks are quite frequent, most often on orders from competitors, but our legislation in this area is very imperfect. There are only purely specialized articles on IT crimes in our Criminal Code. None of them classifies a DDoS attack. The only thing that can attract a person in this case is for improper use of computer networks. For example, one computer visited the site ten thousand times a second. This means that the person used it incorrectly, and for this they can be charged.
I would like to see more articles related to computer crimes appear in our Criminal Code. It would be good to punish not only for distributing torrents, but also for downloading from them. On the one hand, it will be difficult to prove a person's guilt if they downloaded a program or game from a torrent, because they may claim that they did not know that the software they downloaded was unlicensed. On the other hand, the developers themselves could help us with this.
It is difficult to hold torrent users accountable, but it is still possible. There are a number of subtle questions, answering which, a person will compromise himself. For example, the movie is released on January 22, and in torrents it appears on January 20. It is clear that this is a deliberately unlicensed copy. Yes, and the quality will be noticeable.
Question: - Is it easy to find investigators who will then work with such complex technical crimes?
- Of course, it is difficult to find such people. Every investigator wants an easy and fast case that can be completed very quickly and sent to court. Few people want to conduct a case, for example, under Article of the Criminal Code ("Violation of the rules of operation of computers and their networks"). After all, such a crime can be investigated for almost a year, while its detection rate will be almost zero. If, of course, the authorities assign someone specific, then they will already be working, and there are very few enthusiasts.
Question: - Surely there are cases when you fail to identify the attacker. After all, you mainly focus on the IP address, but what if a person used an anonymizer that hides the real address?
"Actually, it's not a very good method of concealment. Some of these servers still display the real IP address when they conduct a transaction. There may be a postscript via proxy, but it will still be visible. Anonymous proxy servers will never provide an absolute guarantee of anonymity. This is a very big misconception that no one will find anyone on the Internet.
There is another problem. Some large providers that provide Internet access over wireless networks do not require any documents from the user. Just buy a card in the underground passage, enter absolutely any data during registration and get access to the Network. This is a violation of the Federal Communications Act.
Question: - Where do you attract new employees from?
- Almost everyone comes to us after graduating from the Information Security Department of the University of the Ministry of Internal Affairs. The guys are young and very qualified. All of them are well versed in the specifics of our work, they know perfectly well what a computer is, IP and MAC addresses, and file-sharing networks. All pirate sites are known to them, and they download them themselves.
Question: - What scale of attackers are you most often interested in? Surely you are not trying to catch a person who periodically downloads something "for yourself", but rather hunt for larger fish?
- Of course, we are interested in "serious" people, and not those who once distributed a movie via torrent. The authorities simply do not allow us to do simple things when a person accidentally or not shared a folder with programs or movies on his computer, and about five people downloaded them from him. We check in advance and check what kind of person he is, make inquiries about him. You can make all the necessary inquiries quickly and easily, within just one day.
Question: - Do you have a lot of cases initiated on the applications of commercial structures? Let's say they need to prove that an employee is stealing money or valuable corporate information?
- Yes, of course, there are many such cases. Most often, applicants, commercial entities and their security services prepare the evidence base themselves, and then contact us. We analyze all this and promptly open a criminal case. After that, the suspect can be taken. But all this happens smoothly only when a commercial entity is willing to cooperate with us. Some applicants are afraid that if they tell us in advance that they suspect an employee, we will let them know.
Question: - Can I tell you about any interesting cases from recent investigations?
- We had a statement related to the activities of one of the so-called prank sites. Pranks are people who call and play pranks on their victims over the phone. They often use IP telephony, Skype, and Google Talk, but even in these cases, it is not difficult to detect them. Pranks call a celebrity, record her voice during a phone conversation, then call another celebrity, ostensibly on behalf of the first, and include this recording during the conversation. But, of course, the victim of a joke quickly guesses that it is not a living person who is "talking" to her, but a recording.
- FBI investigates crimes in the field of high technologies. In addition, there is an economic focus in our work. In fact, this category includes all crimes related to fraud, which were carried out using the Internet. Most often, we are talking about crimes related to electronic payments. According to the law, all such crimes must pass through our Department.
Mostly, of course, we investigate hacking - emails, websites, and social networks. Another area is the investigation of fraud related to mobile phones.
Question: - What cases do you have to investigate more - fraud or hacking?
- It's hard to say, because everyone has their own focus, their own specialization. Somehow it turned out that last fall there were especially many scams, some wave just went. Most often, scammers presented themselves as employees of US Radio, reported that a person had won the lottery, and in order to receive a prize, they asked to transfer this or that amount to a particular number or mobile wallet. Of course, US Radio did not hold any lottery, and all the phones used by fraudsters to contact their victims were registered in the some state.
Question: - Who deals with such scams-groups or individuals?
- As far as I know, these crimes were committed by a group based in one of the major USA cities. At one time, mobile operators failed in the state. Someone, most likely one of the employees of mobile companies, copied the SIM card numbers that were previously registered, in other words, made duplicates of SIM cards. But all these fraudulent schemes were not born in our country, but were taken from the West. All this has already happened in Europe, in the USA. People either read about these schemes or heard from someone, so they decided to repeat them in USA.
Question: - How are scammers calculated?
"It's very easy to do. Each mobile phone number is linked not only to a specific person, but also to the territory. If necessary, you can make detailed calls and SMS messages. Even if a person has stolen a SIM card, they will be calculated based on their territorial location. Operational information is equally important. We have our own people who periodically provide us with various information. And in general, almost any crime has witnesses. Even if a person doesn't want to be a witness in court, we still work with them and accept information from them.
Question: - It is also interesting to learn how your Department deals with piracy on the Internet. After all, the pirates from the trays are gradually squeezed into the Network, and here is your "diocese".
- Indeed, there are a lot of such cases. Such people are very easy to track down. Basically, we know all of them. We know where these disks are manufactured, where they are stored, and where wholesale outlets are located. In fact, there are very few" firms " that do this, we know all their ways, and we have been working with them for a long time.
Question: - There is another type of Internet piracy. There are many sites that publish links to counterfeit software, and the programs or games themselves are hosted on file-sharing servers, most often foreign ones. What do you do in this case?
- The administration of file-sharing servers provides us with the IP addresses from which the file was downloaded. It is unrealistic to upload something large via a proxy server. Even if the disk image "weighs" 700 megabytes, it will take three to four days to load through a proxy server. In addition, we need a statement from the copyright holder. We need the copyright holder to come to us officially and provide all the necessary data. To compile data on material damage, we need to know how much a single disk costs. But copyright holders rarely come to us with applications.
Question: - As far as I understand, you interact with the administration of those file-sharing services that have representative offices in USA. And if it doesn't exist?
- If it is not available, we request information through the international Department of the Ministry of Internal Affairs. For example, with servers Rapidshare.com, Letitbit.net and Depositfiles.com We have been cooperating for a long time, and I have all the necessary contacts.
Question: - They often talk about such aspects of your activity as identifying extremist websites and blog entries that contradict US legislation. Let's recall at least the sensational case of Syktyvkar blogger Savva Terentyev, who was identified by the employees of the FBI.
- Of course, we record various extremist records on the Internet, record them with the participation of witnesses. Even if a person has deleted something and denies everything, we can easily restore it all. The administration of LiveJournal, LiveInternet and other similar services itself, at our request, restores deleted records and informs us with the indication of IP addresses, of course. Although extremism is, after all, more likely to belong to the FBI. In principle, we are not obligated to transfer cases of this kind to them, but they can contact us themselves.
Question: - Let's say you found an extremist on the Internet. Immediately a case is initiated, a request is made to the hoster to close the site?
"Not at all. We can invite the person first, just have a heart-to-heart conversation with them. As a result of this conversation, it immediately becomes clear whether he wrote it himself or not, whether he knows something about it or not. After all, we can use the IP or MAC address to figure out which computer all this was written from. Even if the recording was made from a phone or PDA, the service information is still saved and you can view it.
Question: - Does FBI monitor torrent networks?
- Basically, right now, copyright holders independently turn to the administration of torrent networks if they find illegal distribution of any of their products. The administration closes giveaways literally after one call or letter from the copyright holder. Previously, this was not the case, but since 2007, this practice has already begun. Sometimes even the copyright holder asks the administration in advance not to distribute their movie, program, or game. And then the moderators themselves find these products and close their distributions.
Question: - What about foreign torrent networks?
- Everything is much more complicated here. Since they are foreign, they have their own legislation. In fact, they have nothing to do with USA and our laws. The Internet is a global network, but if, for example, the site is located at a USA hosting provider, then the crime was committed in USA. The situation with torrents is completely different. But if we see that the pirates have massively relocated from torrents.ru on any site torrents.net then, of course, we will take measures and involve a specialized department of the Ministry of Internal Affairs.
Question: - I would like to recall such crimes as DDoS attacks. How do you manage to find their initiators? After all, they are carried out from many computers simultaneously.
- Attacks are quite frequent, most often on orders from competitors, but our legislation in this area is very imperfect. There are only purely specialized articles on IT crimes in our Criminal Code. None of them classifies a DDoS attack. The only thing that can attract a person in this case is for improper use of computer networks. For example, one computer visited the site ten thousand times a second. This means that the person used it incorrectly, and for this they can be charged.
I would like to see more articles related to computer crimes appear in our Criminal Code. It would be good to punish not only for distributing torrents, but also for downloading from them. On the one hand, it will be difficult to prove a person's guilt if they downloaded a program or game from a torrent, because they may claim that they did not know that the software they downloaded was unlicensed. On the other hand, the developers themselves could help us with this.
It is difficult to hold torrent users accountable, but it is still possible. There are a number of subtle questions, answering which, a person will compromise himself. For example, the movie is released on January 22, and in torrents it appears on January 20. It is clear that this is a deliberately unlicensed copy. Yes, and the quality will be noticeable.
Question: - Is it easy to find investigators who will then work with such complex technical crimes?
- Of course, it is difficult to find such people. Every investigator wants an easy and fast case that can be completed very quickly and sent to court. Few people want to conduct a case, for example, under Article of the Criminal Code ("Violation of the rules of operation of computers and their networks"). After all, such a crime can be investigated for almost a year, while its detection rate will be almost zero. If, of course, the authorities assign someone specific, then they will already be working, and there are very few enthusiasts.
Question: - Surely there are cases when you fail to identify the attacker. After all, you mainly focus on the IP address, but what if a person used an anonymizer that hides the real address?
"Actually, it's not a very good method of concealment. Some of these servers still display the real IP address when they conduct a transaction. There may be a postscript via proxy, but it will still be visible. Anonymous proxy servers will never provide an absolute guarantee of anonymity. This is a very big misconception that no one will find anyone on the Internet.
There is another problem. Some large providers that provide Internet access over wireless networks do not require any documents from the user. Just buy a card in the underground passage, enter absolutely any data during registration and get access to the Network. This is a violation of the Federal Communications Act.
Question: - Where do you attract new employees from?
- Almost everyone comes to us after graduating from the Information Security Department of the University of the Ministry of Internal Affairs. The guys are young and very qualified. All of them are well versed in the specifics of our work, they know perfectly well what a computer is, IP and MAC addresses, and file-sharing networks. All pirate sites are known to them, and they download them themselves.
Question: - What scale of attackers are you most often interested in? Surely you are not trying to catch a person who periodically downloads something "for yourself", but rather hunt for larger fish?
- Of course, we are interested in "serious" people, and not those who once distributed a movie via torrent. The authorities simply do not allow us to do simple things when a person accidentally or not shared a folder with programs or movies on his computer, and about five people downloaded them from him. We check in advance and check what kind of person he is, make inquiries about him. You can make all the necessary inquiries quickly and easily, within just one day.
Question: - Do you have a lot of cases initiated on the applications of commercial structures? Let's say they need to prove that an employee is stealing money or valuable corporate information?
- Yes, of course, there are many such cases. Most often, applicants, commercial entities and their security services prepare the evidence base themselves, and then contact us. We analyze all this and promptly open a criminal case. After that, the suspect can be taken. But all this happens smoothly only when a commercial entity is willing to cooperate with us. Some applicants are afraid that if they tell us in advance that they suspect an employee, we will let them know.
Question: - Can I tell you about any interesting cases from recent investigations?
- We had a statement related to the activities of one of the so-called prank sites. Pranks are people who call and play pranks on their victims over the phone. They often use IP telephony, Skype, and Google Talk, but even in these cases, it is not difficult to detect them. Pranks call a celebrity, record her voice during a phone conversation, then call another celebrity, ostensibly on behalf of the first, and include this recording during the conversation. But, of course, the victim of a joke quickly guesses that it is not a living person who is "talking" to her, but a recording.
