Computer crime in Russia. Current state.
Computer crime in Russia. Current state
Banking information systems containing commercial information are actively subject to external intrusion by organized groups of hackers. The banks that have suffered from such crimes try not to attract public attention for fear of losing their credibility. But this does not make the issue any less important, relevant or serious. This problem, which has long been a priority abroad, is only beginning to be given importance in Russia.
In early June, the scientific and technical center of the Association of Russian Banks held a seminar entitled «Hackers against banks.» Its purpose was to familiarize security services with the latest data in the field of computer crimes against banks and hacker techniques for breaking into banking systems; to study the most effective means and methods for preventing computer crimes in the banking sector, recommended by specialists. The seminar proposed to study the organization of hacker communities and the danger of specific threats from them for banks; to exchange experience in means of protecting information in computer systems. The seminar featured reports by authoritative specialists from the Ministry of Internal Affairs, FAPSI, FSB and other organizations. The author analyzed and revised a number of reports into a single article: V.V. Molokostov «The Current State and Trends in the Development of Computer Crimes in the Banking Sector,» A.S. Ovchinsky, I.M. Naumov «Analysis of the Experience of Using Modern Information Technologies by Criminal Groups; Hacker Technologies on the Internet,» A.Yu. Komissarov «Forensic Aspects in Solving Computer Crimes.» This publication is the summary of everything said at the seminar regarding crimes in the field of ensuring the security of banking information systems
Russian legislation in the field of computer crimes
Russia has never been (and is unlikely to be in the near future) one of the most computerized countries in the world: most of its territory lacks extensive computer networks, and computer processing of information has not replaced traditional methods of working with data everywhere. Therefore, for quite a long time, Russian legislation demonstrated an overly tolerant attitude towards computer crimes. Positive changes in this area occurred only after a number of high-profile criminal cases, one of which was the case of one of the programmers of the Volga Automobile Plant, who deliberately made destructive changes to the program that controlled the plant's technological process, which entailed significant material damage. As a result, domestic legislation underwent significant changes, which led to the development of a number of laws establishing the norms and framework for the civilized use of computers.
The main milestone in the chain of these changes was the introduction of the new Criminal Code (CC) on January 1, 1997. It contains a very noteworthy chapter — «Crimes in the Sphere of Computer Information».
It lists the following types of computer crimes: unauthorized access to computer information (Article 272);
creation, use and distribution of malicious computer programs (Article 273);
violation of the rules for the operation of computers, computer systems and networks (Article 274).
It should be noted right away that criminal liability for the listed acts occurs only if they result in the destruction, blocking, modification or copying of information stored in electronic form. Thus, simple unauthorized penetration into someone else's information system without any adverse consequences is not subject to punishment. Unlike access to computer information belonging to another private person, government organization or private enterprise, a similar, but no longer virtual, but physical invasion of an apartment, house or office against the will of their owner is clearly classified as a criminally punishable act, regardless of the consequences.
For the sake of objectivity, it should be said that the existence of special legislation regulating liability for computer crimes is not in itself an indicator of the degree of seriousness of society's attitude to such crimes. For example, in England, the complete absence of specific laws punishing computer crimes has not prevented the English police from effectively investigating cases of various types of abuses related to computers for many years. Indeed, all such abuses can be successfully classified under current legislation, based on the final result of criminal activity — as theft, extortion, fraud or hooliganism, liability for which is already provided for by the criminal and civil codes. After all, murder remains murder regardless of what exactly served as the weapon — a knife, a gun, a noose or a computer.
According to the currently available data of the Main Information Center of the Ministry of Internal Affairs of Russia, in 1997 the share of computer crimes from the total number of criminal attacks in the credit and financial sphere was 0.02%. If we talk about absolute figures, the number of computer crimes has already exceeded one hundred, and the amount of damage incurred has exceeded 20 billion rubles.
However, these statistics should be treated with a certain degree of caution and skepticism. The fact is that there is still no complete clarity in police circles regarding the parameters and criteria by which committed computer crimes, as well as attempts to commit them, should be identified and recorded. As a result, it can be reasonably assumed that the data taken into account by official statistics constitute only a small tip of the iceberg, the underwater part of which can pose a significant threat to both computer systems and society as a whole. And there are serious grounds for such an assumption.
Computer crime has an extremely high latency everywhere. Russian law enforcement agencies become aware of no more than 5-10% of crimes committed, and their detection rate, in turn, does not exceed 1-5%. This is due to the fact that the theft of information can remain unnoticed for a long time, since it often means only its simple copying. And the victims of computer crime, the majority of which are private enterprises, often show reluctance to contact law enforcement agencies, fearing the possible dissemination of information about their own negligence and unreliability among investors and shareholders, which can initiate an outflow of funds and subsequent bankruptcy.
Trends
The most attractive sector of the Russian economy for criminals, according to experts from law enforcement agencies, is the credit and banking sector. An analysis of the most recent criminal acts committed in this area using computer technologies, as well as repeated surveys of representatives of banking institutions, allow us to identify the following most typical methods of committing computer crimes against banks and other financial institutions.
Firstly, computer crimes committed through unauthorized access to bank databases via telecommunications networks are becoming increasingly common. Last year, law enforcement agencies identified 15 such crimes, during the investigation of which facts of illegal transfer of 6.3 billion rubles were established.
Secondly, in recent times there has been virtually no computer crime committed by a lone individual. Moreover, there are known cases where organized crime groups hired teams of dozens of hackers. They were provided with a separate guarded room equipped with the latest computer technology so that they could steal large sums of money by illegally penetrating the computer networks of large commercial banks.
Thirdly, most computer crimes in the banking sector are committed with the direct participation of employees of commercial banks themselves. The results of studies conducted with the involvement of bank personnel show that the share of such crimes is approaching 70%. For example, in 1998, law enforcement officers prevented the theft of 2 billion rubles from a branch of a large commercial bank. The criminals executed a fictitious payment transaction using remote access to the bank computer via a modem, entering the password and identification data that were given to them by accomplices from the staff of this branch. Then the stolen money was transferred to a neighboring bank, where the criminals tried to withdraw it from the account by issuing a fake payment order.
Fourthly, an increasing number of computer crimes are committed in Russia using the opportunities that the global computer network Internet provides to its users.
The Internet as a medium and tool for committing computer crimes
The uniqueness of the Internet computer network is that it is not owned by any individual, private company, government agency or individual country. As a result, in almost all segments of this network there is no government regulation, censorship or other forms of control over information circulating on the Internet. This state of affairs opens up almost unlimited opportunities for access to any information, which is increasingly used in criminal activity. As a result, in many cases the Internet can rightfully be considered not only as a tool for committing computer crimes, but also as an environment for conducting various illegal activities. When using the Internet for this purpose, offenders are primarily attracted by the opportunity to unlimitedly exchange criminal information. Previously, only the special services of the superpowers — America and Russia, which possessed the necessary space technologies, were able to use communication systems that provide the same prompt and reliable communication throughout the world.
Another feature of the Internet that is attractive to criminals is the ability to exert information and psychological influence on people on a global scale. The criminal community is very interested in spreading its antisocial doctrines and teachings, in shaping public opinion that is favorable to strengthening the position of representatives of the criminal world in society, and in discrediting law enforcement agencies.
Computer crime has an unwomanly face
In 1998, the Forensic Science Center of the Ministry of Internal Affairs conducted a classification analysis of individuals involved in the use of computers to commit illegal acts. A generalized portrait of a domestic malicious hacker, created on the basis of criminal prosecution of such individuals, looks something like this: a man aged 15 to 45, either with many years of experience working on a computer, or with almost no such experience; has no criminal record in the past; is a bright, thinking person capable of making responsible decisions; a good, conscientious worker, by nature intolerant of ridicule and the loss of his social status within the group of people around him: likes solitary work: is the first to arrive at work and the last to leave: often stays at work after the end of the working day and very rarely uses vacations and time off.
According to the same Expert-Criminalistic Center of the Ministry of Internal Affairs, the basic scheme for organizing the hacking of the protective mechanisms of a banking information system is also quite uniform. Professional computer hackers usually work only after careful preliminary preparation. They rent an apartment for a front man in a house where employees of the FSB, FAPSI or MGTS do not live. They bribe bank employees familiar with the details of electronic payments and passwords, and telephone exchange workers in order to protect themselves in case of a request from the bank's security service. They hire security from former employees of the Ministry of Internal Affairs. Most often, hacking of a bank computer network is carried out early in the morning, when the security officer on duty loses his vigilance, and calling for help is difficult. The paradox of computer crimes is that it is difficult to find another type of crime, after the commission of which its victim does not show any particular interest in catching the criminal, and the criminal himself, having been caught, advertises his activities in the field of computer hacking in every possible way, hiding little from representatives of law enforcement agencies. Psychologically, this paradox is quite explainable. Firstly, the victim of a computer crime is absolutely convinced that the costs of its disclosure (including losses incurred as a result of the bank's loss of reputation) significantly exceed the damage already caused. And secondly, the criminal, even having earned the maximum prison term (not very long, and if lucky, suspended or reduced), will gain wide fame in business and criminal circles, which will subsequently allow him to profitably use the acquired knowledge and skills.
In conclusion, it should be noted that modern public opinion is characterized by the «Robin Hood syndrome» — criminal hackers are presented as some kind of noble fighters against fat cats bankers. And therefore, illegal hacking in Russia is apparently doomed to further intensification and expansion of activity.