Services of hackers in Belarus. Hackers enter without knocking: Experts predict new threats from cybercriminals to Belarus. What did the Rechitsa hacker get caught on

In the basement of a residential building at 45 Leonid Beda Street, there is a whole scientific and technical laboratory of robotics. KYKY visited the Minsk hackerspace and was satisfied.

Entrance from the yard, a metal gate with the image of a microchip, a sharp descent and an iron door with the inscription hackerspace.by - this is how you find yourself in the techno-Klondike of Minsk. Pavel, an enthusiast of the movement, meets at the entrance: today is Thursday - the day open doors, which means we will have an interesting tour.

Behind the iron door opens a small room, crammed to the ceiling with various parts, wires, microcircuits and spare parts. All this is proudly called an open laboratory of technical creativity or hackerspace. In general, hackerspaces are a worldwide phenomenon, which is an association of creative techies into a circle of interests. At its core, hackerspace is a place where anyone can come with their idea and start designing, planning and creating.

According to Pavel, the Minsk movement began about four years ago with a desire to repeat the world experience in Belarus.

On this topic: Belarusian IT specialist does not forget about the people! Seven Applications

The group of enthusiasts expanded, attracting new acquaintances and vice versa, losing people. “It’s hard to continue a project,” says Pavel, “if you don’t see results in a short period.” In addition, the guys had to look for premises more than once: the very first Minsk hackerspace was located in the former ME100 ( a creative cluster that has existed in Minsk for six months - ed. KYKY) until its closure, after which it moved several times.

While Pavel tells the story of the change of premises, I examine the room in which I am. Drones from the DroneX project hang everywhere under the ceiling, they are also partially scattered on the floor. Everywhere boxes with spare parts and protruding wires. In the far right corner, I notice a box with a homemade 3D printer. Pavel sees my interest and switches to a story about printers.

It turns out that jokes about 3D printers are not such jokes: you can really rent one printer, print your own copy on it and return the original back to the rental!

Except for the chips and the metal core, all parts are molded on another printer. Nearby is a box with molded parts - I grabbed myself a gear as a keepsake. Pavel promised to show how the printer works, but this requires warming it up. I left Pavel for now, went to observe another project at the testing stage.

In the center of the room there is a long table, at which a person with a laptop sits and alternately turns on and off the table lamp without touching it. To be honest, my humanitarian perception of the world collapsed at that very moment. Majordomo.smartliving project manager Sergey is testing a wireless light control system. Sergey is developing smart home technology, in which many processes are automated and simplified.

For example, you can program turn on wifi, opening the garage door and turning on the lights if you drive close to the house. “Of course, a smart home won’t cook breakfast on its own, but you won’t have to worry about an iron that is not turned off from the network or an open tap: the home control system turns off all this if the owner moves away a certain distance,” Sergey says proudly of the innovative project.

Sounds reminiscent of bustling robots indicate that the 3D printer is ready to print. As soon as I wanted to ask for a neat inscription of the site to be printed with hot plastic, Pavel started the process and began to stamp out some missing parts for his project. Well, I already have a souvenir from a 3D printer anyway.

On this topic: “These pieces of iron are up to serious gizmos, like cancer from here to the moon.” Geeks at the robot show

In the process of printing the printer, all new visitors entered the room. As a result, it turned out to be very crowded and even a little stuffy, although when I just crossed the threshold of the hackerspace, I thought that it was too closed a club for three people. As befits the status of a creative space, the spirit of real creative chaos was in the air. The room was gradually filled with voices of disputes and discussions, everyone was busy with something of their own: someone continued to experiment with their project, someone proposed a new one, drawings and sketches were laid out on the table, and in the adjacent room they began to saw something actively.

The best part is watching people doing what they love.

Despite the fact that most of the club's enthusiasts have full-time jobs with busy schedules, they come here again and again, stay for long evenings and even work at night. You can join the club by coming to the open day, which is held every Thursday from 19:00. Additional information about the project can be found on the website or on the pages in social networks.

Noticed a mistake in the text - select it and press Ctrl + Enter

The entry of Belarus into a leading position in the CIS in the development of the digital economy and the active use of IT technologies in everyday life is an obvious achievement. But the danger of frequent criminal intrusions into this sphere is also growing. Experts are already warning that cybercrime is on the rise. Moreover, it is not so much about theft using computer technology, but about crimes against information security. This applies to both ordinary people and large organizations, including strategically important ones. What new challenges can we face?

It is unlikely that most of us today are able to refuse for several days in a row from a computer or smartphone, communication in social networks, if this is not a vacation time. Otherwise, relatives or colleagues will raise the alarm: what if a misfortune happened to a person? Cybercriminals are taking advantage of the situation. Fresh data was recently announced by Vladimir Zaitsev, deputy head of the department for solving crimes in the field of high technologies of the criminal police of the Ministry of Internal Affairs: the number of detected crimes of this profile in 2017 compared to 2016 increased by a quarter - from 2.471 to 3.099. At the same time, the number of crimes against information security increased by 20%.

– So far, about 75% of cybercrimes are related to theft, but in the future the number of computer hacks and the use of malware will increase,- an independent expert in the field of cybersecurity believes Alexander Sushko, who until recently developed this topic in the structure of the Investigative Committee. He announced his forecast during the event "Personal Data Protection Day" held in Minsk. - And all because, for example, instead of face-to-face contact with banks, we pay for services online. There are no problems here, except for one: hackers know that we use online services and want to get our data and then money. The task of criminals is facilitated by the fact that many of them own several gadgets at once, and the attack vector extends to all these devices.

Criminal activity using computers or via the Internet is a collective work, loners are rare here. Each of the members of the organized group does their part of the work, receives money for this, and the total amount of the stolen can be tens of thousands of dollars. However, criminals do not always immediately monetize the information received, therefore, the expert warns, many victims are not yet aware of their unenviable status. It is noteworthy that a person living in any area can suffer. Previously, the number of cybercrimes grew only in Minsk, but now the “fire” is spreading to the regions. Borders do not matter at all lately: universal online allows a person with a computer to “infect” equipment anywhere.

Alexander Sushko draws attention to the fact that about a third of the identified high-tech crimes are so-called targeted attacks - targeted attacks against a specific company, organization or government agency. The general scheme is as follows: malware is embedded on a computer, due to which the attacker views its content, as well as the server. If he sees, let's say software 1C, then it encrypts it. Then the hackers enter into a correspondence with company representatives and offer impressive sums for the return of valuable information. In the foreseeable future, financial institutions will also be in the high-risk group, according to Group-IB, an international company for the prevention and investigation of cybercrime and fraud using high technologies. One of the schemes has been operating for several years: criminals remotely attacked the ATMs of more than 80 banks in 30 states, including Belarus. Access to the bank's system is provided by a malicious program that forces cash devices to dispense cash, supposedly on behalf of an administrator.

International experts also believe that extortionists, the so-called ransomware, will continue to be active on the criminal market. Plus, attacks are expected, and this is the trend of a new generation, on cryptocurrency services. And, of course, we should not forget about the security of critical infrastructure facilities that ensure the normal operation of services and systems that are extremely important for the development of the state. We are talking, in particular, about water supply, energy, a nuclear power plant under construction, the transport system, and large manufacturing enterprises. And Kaspersky Lab believes that technology enterprises and legal software developers may also become new targets for hacker attacks in 2018.

– Based on my experience, I clearly see that the inhabitants of our country can be protected from cybercriminals only if we cooperate closely with Russia, Alexander Sushko is convinced. - About 80% of the cases investigated by us are connected with the withdrawal of funds to Russian Federation. Our criminals understand that it is difficult to cash out criminal money in Belarus.

Cooperation with other countries is also necessary: ​​high-tech crime is a worldwide problem. Belarus intends to draw the attention of European parliamentarians to it very soon: our country plans to submit a resolution on cybersecurity to the OSCE PA for consideration.

Numbers

In 2017, employees of the departments for solving crimes in the field of high technologies of the criminal police of the Ministry of Internal Affairs of Belarus identified 1,052 citizens involved in cybercrimes. This is 86 people more than a year earlier.

By the way

In early February, Belarusbank ASB warned its customers - owners of payment cards that false accounts appeared on the Instagram social network, similar in name and symbolism to the official account of Belarusbank. They offer the client to send a photo of the front side of the bank payment card to replenish the card account in the amount of 5 to 100 rubles. The bank assured that their financial institution has nothing to do with such accounts and the information posted in them. The press service of Belarusbank also reminded that the card number, its expiration date and the security code on the reverse side are confidential information, and its disclosure can be used by fraudsters for personal gain.

Potential victims of hackers in 2018

A special operation against him was carried out by the American FBI and the Belarusian Ministry of Internal Affairs and the Investigative Committee.

More victims of hackers Windows users and Android. But don't worry - each of us at least once in our lives will become the object of a cybercrime, a cybersecurity expert says in an interview for Radio Svaboda.

33-year-old Sergei Yarts, who was detained a couple of weeks ago in Rechitsa, is called an "outstanding" hacker.

The man against whom the FBI and Belarusian law enforcement officers conducted a joint operation has been identified by cybersecurity experts from Recorded Future.

For many years, the Belarusian was hiding under the nickname Ar3s and, according to Reuters, was behind the largest and oldest Andromeda botnet.

He talks about hackers and the main rules of cybersecurity Andrey Borisevich, Director of Advanced Development at Recorded Future.

Why do hackers infect our computers

- What is Andromeda, which was served by a Belarusian hacker from Rechitsa?

Andromeda - botnet. This is a large network of infected computers around the world, controlled either by one person or by a criminal structure. To manage the entire network or individual computers in it, there is a single control panel. Through it, instructions can be sent to the infected computer - for example, to install harmful software or start spamming via email.

The most common way to use infected computers- elementary theft of personal data of users. Keylogger is installed on the computer - a special program that intercepts everything that is typed on the keyboard. If a person logs into his bank account via a mobile phone, enters a password, this information is intercepted and sent to the attacker. Access to individual infected computers can be sold to other attackers.

How data is used? One of the ways is an illegal purchase in an online store. Modern online stores have been fighting hacker crimes for a long time and successfully, as they are quite easy to recognize. For example, if someone enters the store from the IP of another country. To get around this, the attacker gains access to a random computer in the US, accesses the site of the same Amazon or PayPal from it, and makes an illegal transaction. online store, payment system or the bank sees it as a transaction from a familiar country.

But there are many ways to use infected computers. Almost any cybercrime we hear about - either they stole money from a bank account, or attackers gain access to the networks of financial institutions and steal money just from banks, or steal money from people from computers, from electronic wallets, cryptocurrency and so on, personal data - all this is usually done through the creation of a botnet.

The one who controls this network, of course, and earns quite a lot, and causes very significant harm.

[From sandbox] Running/debugging Python scripts in LXC/LXD containers from under VS Code https://t.co/6rxJsdBKwd

— If almost every area of ​​our life has already been digitized, can we say that each of us will face cybercrime?

- This is really a huge problem, and it did not appear today or yesterday. Botnets of the magnitude of Andromeda started appearing 10-15 years ago. For the criminal world, this is something everyday. There are certain risk groups who are most likely to encounter such a problem. First of all, these are Windows users, because most malicious software is written for Windows or Android, if we talk about mobile phones.

Historically, it has been users of MacBooks and iPhones are practically not attacked by cybercriminals. First of all, because Apple products the most protected and less vulnerable to external threats. And secondly, simply because there are much more devices on Windows and Android than from Apple. For attackers, the number of potential victims is much more important than quality.

Almost everyone will sooner or later fall for the hook of intruders. This does not mean that they will attack you personally. Most likely, this will happen through mass infection. But sooner or later your information will be sold to someone.

Ordinary citizens have long suffered large financial losses. The ranks of cybercriminals are growing.
Computer infected with Petya ransomware. Illustrative photo If 5 years ago there was an unspoken rule among cybercriminals not to attack citizens from the CIS space Now, everyone closes their eyes to it. We see that attacks on Belarusian, Russian, Ukrainian banks and financial institutions do not stop. Such attacks are quite successful when tens of millions of dollars are stolen from banks. Constantly trying to spread ransomware viruses. Such a virus blocks access to your device and requires you to pay a ransom for the return of data.

Statistics are stubborn things, and they show that sooner or later everyone will face such a problem.

What did the Rechitsa hacker get caught on

— What is so exceptional about the personality of the Rechitsa hacker? And how could such an authoritative person in the world of cybercrime get caught that ICQ was registered to a real MTS number?

- Determining who is behind this nickname, in fact, did not become a big problem. It only took a few days. We did this about six months before his arrest.

As a rule, people make such mistakes at the very beginning of their criminal career, when they are still young, ignorant. They make minor mistakes, and they remain on the Internet forever. It only takes time and a little effort to look a little further in time - and you can find moments when a cybercriminal either used his real phone number or used a nickname under which he had registered on a social network a long time ago, potentially exposing his photo or even his name .

Cybercriminals, especially inexperienced ones, often use real Skype. And for law enforcement agencies, there is no difficulty in gaining access to record Skype.

In our case, this character did just that. Even before the start of his criminal career, he communicated in the circles of programmers, often asked questions on various non-criminal forums. He left his data when registering on the forums, the real year of birth, e-mail, and in one place ICQ, which he continued to use for many years after the transition to the “dark side”.

How the Belarusian hacker was detained:

It often happens that these are quite simple people with whom you live next door and you can't imagine that this is one of the most famous hackers searched all over the world. You don't have to go far for examples.

There is a young man from England Marcus Hutchins, who was arrested by the FBI over the summer. He was already known as one of the most respected cybersecurity professionals in the world. He stopped the spread of the WannaCry virus, which at that time attacked Russia, Ukraine, and European countries with great speed. He was considered a hero. And a month or two later, he was arrested by the FBI on suspicion of distributing one of the most powerful Trojans, which was distributed in criminal forums and in the criminal underground.

If we return to our character, then we found out that since 2004 he has been administrator of one of the most respected crime forums technical orientation. Criminal forums are of different types. There are those where the majority is engaged in carding - stealing money from credit cards, bank accounts, hacking online stores.

And there are technical forums where they discuss the most modern malicious software (malware), sell it, do everything related to its support. Exactly like this the forum was led by Ar3s, our Sergey Yarets. He was the chief administrator, and one of the most famous specialists in the criminal environment.

After all, even if new malicious software appeared on other sites, he was invited as an independent expert.

He got access to new version Software, researched, tested and delivered its verdict. If Yarets said that the software works as advertised, then the success of this product was predetermined. Then the sales of these harmful programs went with a bang, and the criminals no longer had any doubts about him.

"Humble Hacker Lifestyle Doesn't Mean Low Income"

- If these forums exist so publicly, and the guy himself led enough open image life - take his active Twitter, for example - at what point does this interest in malware become a crime?

“The moment when people come and ask a question about him, and at the same time it is clear to everyone that the ultimate goal is to harm either individuals or organizations. Often, newcomers release their viral software for sale and for some reason believe that if they write in the contract that the software is “developed and sold solely for research purposes”, then this will somehow save them.

Yes, a hacker can write: my software is not designed to attack people and organizations. But everyone understands that it is distributed on hacker forums, money is taken for this. It is known that it will be used to attack ordinary citizens. This is already a crime. This does not protect future hackers from criminal prosecution.

How much could S. earn on this? His friends do not believe in such a "brilliant" career and say that the guy lived very modestly.

— If I’m not mistaken, the license itself cost $2,000. But this particular botnet consists of two elements: a control panel that allows you to manage all infected computers, and the second part is the so-called payload, that is, the harmful file itself that will be sent to the computer — object of attack. For example, it could be an email attachment that looks like a harmless .jpg file. You click it and your computer gets infected.

Antivirus programs very quickly learn to recognize such harmful documents. And for such software to work effectively, they need to be constantly cleaned. This is called support. And this is one of the services provided by Ar3s. For this he received $50. With the widespread distribution of malware, this should be done almost daily. Having bought a license for $ 2,000, you need to pay another 1,500 monthly for support.

Therefore, I think that Sergey's modest lifestyle does not mean that he had a small income. He had a legal job, in the eyes of many people he was an ordinary citizen, but at the same time he was also involved in criminal cases. And for many years.

“The fact that society does not see big criminals in hackers is the merit of Hollywood”

- How many such hackers can there be in Belarus?
- There was a lot, because the technical education in Belarus is one of the best in the world. But a lot of "talented" hackers left in due time for safer places for them. Including to Russia, Ukraine, since in Belarus law enforcement agencies acted much more professionally in relation to them. It is well known that in Belarus it is difficult to give a bribe, to fight off criminal prosecution. And in neighboring countries it is all the time.

How do you feel about the fact that hackers are still considered almost “role models”, they have a heroic-romantic image, and when they get out of prison, they willingly give out interviews about their “cyber exploits”, and many people are interested in them?
- In modern society, hackers are not considered bandits. But the time has long passed when ordinary people did not suffer from them. There is still an impression that banks somehow compensate for the money stolen by hackers, but this is not true. It has long been difficult for banks to return money if it is stolen from credit cards and bank accounts. Even in the US, it's hard for people to get their money back. Today's hackers cause enormous damage to ordinary people.

Modern attacks also occur with the help of ransomware viruses, which attack everyone and everything - personal computers, medical institutions, police, courts, government agencies. Now these cybercrimes have crossed all reasonable limits and are more reminiscent of the situation in the Wild West of the 18th century than the modern society of the 21st century.

Society still does not see big criminals in hackers, and partly this is the "merit" of Hollywood. He continues to churn out movies, series about hackers, where he shows what kind of "Robin Hoods" they are, how they manage to remain elusive, travel the world, be one step ahead of the police.

But those times are long gone. The same Sergei, who was arrested in Belarus, is one of the dinosaurs. He's been in this business since he was 18. AT modern world cybercrime is already linked to organized cybercrime.

Modern cyber attacks, especially on banks, are carried out by powerful cyber groups who have huge financial and administrative support, a corruption component on the part of the police, when they can be covered and take care of their safety.

In America, cybercrime often intersects with street crime. This is no longer just a hacker in a bike with a hood, but people who have 2-3 trips to prison behind them, who rob, kill and at the same time steal money from accounts. The way society sees cybercrime has not been true for a long time.

6 cybersecurity rules from an expert

Install an antivirus. This, of course, is not a panacea. If the hacker chose you, then the antivirus may not help. But it will help weed out most of the "opportunistic" attacks, the purpose of which is to infect as many computers as possible.

Don't open email attachments. First of all, if you do not know who this letter is from. Hackers have now learned how to manipulate consciousness well through a variety of NLP methods - Neuro Linguistic Programming. By purchasing hacked databases, they know your name and you receive an email with an infected file addressed to you personally. We live in a fast pace, we have no time to reason, we open emails without hesitation. And this is absolutely not worth doing. If you know the person who sent the suspicious email, take the time to send him an SMS and ask if he really sent it.

Do not click on links in emails, where you are offered bonuses, profitable job or say that you have won some prize. Now this is a very common method of hackers, and as a result, your computer gets infected.

Have different passwords for absolutely all services that you are using. Literally to every website, application program.

Install a password generator, it will help you create random passwords. There is special programs, they may cost $10 a year, but it's worth it. Such a program will save you a lot of time and effort that you can spend on recovering your data and returning money in the future.
The criminal knows that people are lazy, invent 1-2 passwords and use them for everything. Fraudsters have known this for a long time. At least one password of any person in the world can be found on the Internet and after an elementary selection to get access to important resources - a bank account, a credit card, e-mail etc.

Use Google two-factor authentication. Hackers have not yet learned how to bypass just such a method of protection.

How do hackers work and how do they regularly break into mailboxes of famous people? This question is probably asked by everyone who reads news about successful hacker attacks. About two weeks ago, an AIN.UA correspondent decided to find out how the notorious crackers work and learn about their methods of work. To do this, he found five different hackers with the help of various forums and bulletin boards and asked for a reward to hack his own e-mail. Here's what came out of it.

Finding people who call themselves hackers was not difficult - for the query "mail hacking to order" Google gives hundreds of links to thematic sites and forums. So that the performers would not suspect a dirty trick, I registered under an assumed name mailbox at Mail.ru. For greater reliability, all correspondence was conducted from under a German proxy server - unlike the same Gmail, Mail.ru shows the sender's IP address to the addressee. As a result, we agreed on "cooperation" with five resources - email-vzlom, trainilang, mail-hack, reset and hack.premium.

It seems to me that the “light” of the IP address of the sender of the letter is a serious gap in the Mail.ru security system

The sites that I turned to for "help" were mostly in RuNet and promised to help in solving my sensitive issue within a few days. Hackers boasted that they were almost guaranteed to break into an account on any of the popular email services or social networks. All applications were sent through the order form on the site, after which it was necessary to wait for a response. It looked like this.

After the applications were sent, I began to wait for the result. Within a few days, the owners of almost all the sites where I placed orders wrote to me. The first surprise was the price of the issue - the amount "in fact" was significantly different from the one that was indicated on the site. My head was estimated at an average of 50,000 rubles, and after I, without bargaining, agreed with the named amount and told the performers everything I know about my "enemy", the orders were accepted for processing.

Gmail doesn't show the number of bad password attempts, but I'm pretty sure the hackers went through all the popular password choices first. “Despite the large number of manuals on the topic “how to choose a strong password”, the most popular are still “123456”, “password” and the like. Do not forget that cracking such a combination using brute force, that is, guessing a password by brute force, will not be difficult, ”says Sergey Lozhkin, senior antivirus expert at Kaspersky Lab, about this hacking method.

Having failed with password guessing, our "contractors" turned to phishing. However, these hacking methods also did not come as a surprise to me.

Phishing is a popular way to get information from careless users. Hackers send emails that appearance very similar to real resources and ask the user to allegedly re-enter the login and password to their account. Here is an example of such a letter:

To avoid becoming a victim of such attacks, Kaspersky Lab recommends not clicking on links received in such messages, and at the first suspicion that you have been hacked, you should immediately change the passwords for accessing all used services. This is what the page that sends your passwords to attackers looks like. Pay attention to the site address.

Another example of phishing emails is the disguise of "malware" as sent documents. True, there are actually no documents in the letter, and instead of documents, a GIF-image is attached to the letter with a link to a site for extorting passwords.

Unfortunately, for a potential $700 reward, the hackers didn't even bother to change the titles of typical "phishing" emails. Therefore, I constantly received invoices and documents from unknown Russian partners. Once, they even called me from a Russian number and asked if I received the sent documents. But then I went through customs control in Boryspil and there was no time to ask about the “documents” in detail. However, the link attached to the letter led to the same fake site.

To be honest, most of the hacking attempts were fairly similar. One of the "hackers" decided to be original and sent me "an order for a journalistic investigation worth $10,000." Details of the investigation were contained in the xls-file, however, again with the word "Russia". To the credit of the hackers, it is worth noting that none of them tried to lie that the mail was hacked and receive partial or full prepayment for their work.

A cursory analysis of the file showed that this time they tried to hand me a virus. When trying to view the file, Excel issued a warning that it contains macros and its contents may be dangerous for the computer. Most likely, a keylogger or a Trojan was contained inside.

After exchanging letters, persuading us to open the file and complaining about the urgency of the order, our interlocutor disappeared into eternity and for some time there was a lull. Interestingly, one of the hackers somehow found out that I, in addition to him, turned to other performers and refused to work with me, arguing that in order to guarantee hacking, the “victim” must be led by one person.

A few days have passed since then, and at the time of this writing, I still continue to receive letters with suspicious links and files. But now I know for sure that my password can be cracked solely through my own fault and indiscretion, otherwise the mailbox will remain with me forever.

A blitz survey of experts and people familiar with hacking techniques showed that a secure service can only be hacked using social engineering methods. To do this, hackers force the victim to enter a password on a phishing site on their own or select a password or security question based on information from the Internet. In my case, I used a password of more than 20 characters, which includes letters, numbers and special characters and is a random set of characters with no connection to my life. I also use SMS authentication, and my Gmail and Facebook passwords are unique and not used on other less secure resources. For a one-time registration on forums and websites, I use a simple, easy-to-remember password, breaking which will not give a hacker anything.