Who works on ru, they come to him in the morning: the adventures of hackers in Russia

[Father]

The path of a hacker is a thorny one, although it is still attractive to many. In the domestic information spaces, this activity has a special flavor. Someone comes to the attention of law enforcement agencies at the first attack, someone sells their malicious developments for mere pennies, and someone surprises with the complexity of the built schemes.

What did novice and more experienced hackers who specialize in domestic targets do? How did you get caught and what was your punishment? We will tell you in the article.

What did you do​

Not all domestic hackers break into the infrastructure of large companies. There are also people in their ranks whose goals are much more modest. Such modest "hard workers in the hacker field" rarely make headlines in major media-except in the press releases of law enforcement agencies that have identified an offense.

Domestic malware at a discount​

A developer from the city of Vyksa in the Nizhny Novgorod region has created software to bypass the protection of computers. The man decided to make money on his brainchild and, together with an accomplice, sold access 900 times.

Homegrown hackers could take advantage of the development at a very affordable price. The total income of the two accomplices was only 180 thousand rubles, that is, two hundred rubles from each "hacker nose". It all ended with the detention and initiation of a criminal case under the article on the creation and distribution of malware.

The FSB warns​

A resident of the Orel region installed special software on his computer to perform automated requests to the official portal of the region. The goal, according to law enforcement agencies, was to hack the system and copy data.

Perhaps the man decided to spend an unusual New Year's holiday, because attempts to hack the site were made in January 2023. The consequences came in the summer. In June, the hacker's identity was established by the local FSB department. After a preventive conversation, he received an official warning about the inadmissibility of such actions.

Dmitry Ovchinnikov
Chief Specialist of the Integrated Information Security Systems Department of Gazinformservis

Any attack always starts with intelligence. Network scanners are used for this purpose. Naturally, such network activity is easy to detect, because novice hackers do not know many of the secrets of their work. Therefore, I strongly recommend not to perform such operations with websites without the official permission of the owner. All this can be regarded as illegal activity. If you want to learn something – there are plenty of legitimate sites and online resources. And the hacker from the article still got off easy. Don't repeat his mistakes.

Getting to know each other in an online game for stealing bank card data​

In June, six people suspected of stealing bank card data were detained in Rostov-on-Don and Ryazan at once. The men met in an online game and decided to make money together. The bank cards whose data was stolen by the six belonged to citizens of the United States, Canada, Germany and France. The victims paid for purchases in online stores.

The implementation of the scheme took a wrong turn when trying to sell stolen data. The hacker six tried to sell them for $ 500. However, the buyer turned out to be a law enforcement officer.

Purchases in online stores at someone else's expense​

A hacker from the Krasnodar Region specialized in domestic online stores. He stole the logins and passwords of victims using malware. Having gained access to the account in this way, the attacker made purchases for himself.

The suspect has already been charged under three articles of the Criminal Code. The maximum penalty can be up to eight years in prison.

Appropriated bonuses from marketplaces and spent them on intimate toys​

An IT specialist from Voronezh went further: his goal was the marketplaces themselves, not their customers. The man used the vulnerability of several marketplaces related to bonus programs to earn himself 341 thousand bonuses. Then he bought goods on them at the rate of one bonus-one ruble.

The golden rain of bonuses was used by Voronezh residents to purchase electronics and intimate toys. Almost all the goods "purchased" in this way were found at his home during a search.

Alexander Gerasimov
CISO Awillix

Loyalty cards that accumulate points usually have a fixed part of the number at the beginning and a variable part at the end. An attacker can get a pair of cards and look at the difference between them, then log in to your merchant profile and start sorting through the part that can be changed to activate the card. So, they can activate someone's real card, which has a lot of bonuses, to their account and use the points. For example, some grandmother who has been saving up points for a long time, but does not activate the card.

Such incidents mostly pose a threat to the company's reputation. To protect yourself, you need to link loyalty cards to user accounts and track anomalies — multiple requests for linking a card to an account. Block users who create multiple requests.

Established cryptomining in computer clubs​

The Muscovite went to Yekaterinburg on a kind of hacker business trip. His goal was local computer clubs. According to the investigation, having obtained a computer at his disposal, the attacker clicked on a pre-prepared link in the browser and installed cryptocurrency mining software on the device.

So the man managed to visit four Yekaterinburg computer clubs. Employees noticed something was wrong and complained about the unstable operation of computers, but they could not establish the true cause for a long time.

As a result, the hacker-cryptominer and his accomplice were detained and charged under two articles of the Criminal Code. The detainee fully admitted his guilt.

Hundreds of hacked Public service accounts​

Immediately 130 hacked Public Service accounts on the account of an attacker recently detained in Ufa. The hacker approached the case thoroughly: he created clones of the websites of state institutions, where victims entered their data.

Stolen accounts were used to get microloans. The hacker withdrew funds through e-wallets, and simply deleted the used account when the limit was reached.

Traffic police inspector and part-time hacker​

In Kabardino-Balkaria, a traffic police inspector is suspected of taking bribes from those taking driver's license exams. He solved the problem creatively and created special software that helped examinees pass the theoretical part without any problems. The program itself replaced the answers with the correct ones.

The inspector installed his product on the exam computer. For infection, according to investigators, he used the email address of one of the employees.

A criminal case has been opened against a technically savvy traffic police officer under three articles of the Criminal Code of the Russian Federation. By the way, he also excelled in the service — he is a police colonel and holds a high post in the traffic police.

How much did you get​

Modest Russian hackers usually have modest sentences, too. Someone will pay a fine, someone's computer was confiscated in favor of the state, someone was given a restriction of freedom.

Penalty for free admission to the resort​

Cyber Media has already written about hackers from Sol-Iletsk in the previous issue of the collection of domestic cyber incidents. The men got 15 tickets to go to the Salt Lakes resort and changed the system so that the pass was free for everyone.

Three months later, the story continued — the hackers were sentenced. The first participant will pay a fine of 150 thousand rubles-slightly less than the amount of damage caused to the resort. The second was given a one-year restriction of freedom, because this is not his first "feat" in the hacker field.

Minus the computer for stealing YouTube user data​

The hacker from Cherepovets is only 19 years old, but recently received a suspended sentence of one year for posting a link to download a file with malware on YouTube. The computer from which the young man committed his crimes was seized in favor of the state.

The hacker used the software in the file to steal usernames, passwords, network addresses, and cryptographic wallet files. He managed to sell some of them, although the amount of income received remained unknown.

When the young hacker was contacted by law enforcement officers, he fully admitted his guilt. After that, he actively cooperated with the investigation, thanks to which he received a relatively lenient sentence.

Restriction of freedom for an unsuccessful attack on a bank​

Cyber Media also talked about the hapless hacker from Kotovsk earlier. Kotovets installed and launched malware on his computer to attack the bank. The attack failed, but the law enforcement officers who found out the attacker did not allow them to simply forget about the attempt.

As a result, the hacker was found guilty under the article on the creation, use and distribution of computer programs. Penalty: one year restriction of freedom.

Hackers and victims​

The story of Russian hackers would remain incomplete without a story about the victims of their activities. What do ordinary Russians face when they suddenly find themselves the target of an attack? How do they act and what do they do to resolve the situation?

865 tubes of Wildberries cream​

A resident of the Vologda region still owes Wildberries 86.5 thousand rubles for the return of goods. The person who hacked her account ordered the delivery of 865 tubes of cream, ointments for joints and fungal agents to the Amur Region.

The refund turned out to be paid — 100 rubles per tube. So the same debt of 86.5 thousand rubles was formed. What benefits the hacker himself received from the attack remained unknown.

40 thousand rubles in microloans after hacking the Public services account​

A resident of the city of Vyksa in May 2023 lost access to her Public services account, and then found in her credit history microloans for almost 40 thousand at 40% per annum. The attacker changed the phone number and email address in the account, so the woman discovered the fact of hacking by accident.

The victim turned out to be an employee of the financial sector, so she was not taken aback by such a find. Credit and financial organizations wrote off her microloans when the woman proved that they were issued to fraudsters.

However, even this knowledge did not help in attempts to prove the fact of the seizure of her account on Public Services. The woman received a reply that the account was deleted and re-created, so it is impossible to establish the fact of hacking.

An attempt to appeal to law enforcement agencies also did not bring results. The victim was refused to open a criminal case.

Conclusions: hacking at the call of the heart​

Many Russian hackers are united by a very modest reward that they tried to get for illegally extracted data. Many of their foreign "colleagues" would hardly take the risk for two hundred rubles — a little more than two dollars at the exchange rate at the time of writing.

At the same time, the ingenuity of those who work on ru is still not denied. The best proof of this is a cryptominer from computer clubs in Yekaterinburg, who successfully applied his scheme for a whole year before being detained. Not far behind is the Kabardino-Balkar traffic police inspector who created software for cheating on exams. Probably, if desired, he will be able to retrain as a developer without any problems.

Caught hackers often admit guilt and cooperate with the investigation. This is probably why the most popular punishment in our selection turned out to be a relatively mild restriction of freedom.