27 May 2021. Rossiyskaya Gazeta – Federal Issue No. 116(8467)

Written by Mikhail Falaleev

Translated by Elizaveta Ovchinnikova


Cybercriminals have organised a whole criminal market. Everything is offered – from hacker attacks to theft of money from accounts

Modern technologies seem to have played a cruel joke on humanity – the shadow economy dominated by the cyber mafia is gradually replacing the legal economy. And it is not only about ordering prohibited services or goods on the Internet. Even seemingly legitimate transactions are sometimes more profitable to make in the informal sector of economy – you do not have to pay taxes, customs duties and other fees.

Cybercrime multiplied by the realities of a pandemic may one day bring down the global financial system and, consequently, the economy.

President of the International Police Association Russian Section, Lieutenant General, Doctor of Law, Professor, Honoured Lawyer of the Russian Federation Yury Zhdanov told Rossiyskaya Gazeta what new threats the cyber mafia poses.


The Unknown Internet


RG: Yury, how big is the threat of the cyber mafia? Whether the existence of a modern economic system is really called into question or we will manage with another, albeit global, crisis?

Mr Yury Zhdanov: I am afraid that this situation will not be resolved simply by a crisis. The greatest redistribution of economic wealth in history is taking place. The risk of cybercrime for incentives for innovation and investment is significantly greater than the annual damage caused by natural disasters. And in criminal terms, this is more profitable than the global trade in all major illegal drugs in the aggregate.

Take a closer look at the numbers. The American company Cybersecurity Ventures expects that in 2021, cybercrime will cause a total global damage of six trillion dollars. The global cost of cybercrime will grow by 15% per year, reaching 10.5 trillion dollars by 2025, compared with three trillion dollars in 2015.

And these figures relate only to the visible part of the network. In addition, in the ‘deep web,’ the damage from cybercrime cannot be quantified at all. According to some reports, the scale of the hidden web, which is not indexed and is inaccessible to search engines, is five thousand times larger than of the official Internet.

The scale of the hidden web, which is not indexed and is inaccessible to search engines, is five thousand times larger than of the official Internet.

RG: In fact, we can talk about creating a parallel world economy. Can we also talk then about the global cyber mafia?

Mr Yury Zhdanov: We can. Organised crime structures engaged in cybercrime join forces, and their probability of detection and prosecution is estimated at 0.05 percent. This is stated in The Global Risks Report 2020.

RG: This begs the question: are the police even paying attention?

Mr Yury Zhdanov: The police are paying enough attention to the right things and, in general, making reasonable conclusions.

Europol thoroughly investigated the trends of cyber mafia in its latest April EU Serious and Organised Crime Threat Assessment (SOCTA) report.

According to experts, the use of technology is one of the main features of serious and organised crime in 2021. Criminals use encrypted communication to contact each other, social networks and instant message services to communicate with a wider audience in order to advertise illegal goods or spread disinformation. While spreading disinformation is often not criminal behavior in itself, it can encourage or facilitate criminal activity. Fraudsters and forgers have initiated similar disinformation campaigns in the context of the COVID-19 pandemic to increase sales of their products or to involve victims in fraudulent schemes.


Did You Order A Hacker?


RG: Can a cybercrime even be ordered?

Mr Yury Zhdanov: Yes, cybercriminal services can be purchased by paying a fee, a subscription fee or a percentage of illegal profits. On the Internet, especially in the darknet, relevant crime tools are widely offered, for example, malicious software, ransomware, phishing support tools, traffic analysers, devices for stealing data from credit cards and distributed denial-of-service attacks – DDoS. Hacker programmes are constantly being improved. They are very diverse – the number of options is measured in hundreds of thousands. The EU Agency for Cybersecurity (ENISA) reports every day on the detection of 230 thousand new strains of malware.

Encrypted credit card data of persons who have become victims of fraud is also sold.

The ‘crime as a service’ model makes criminal services easily accessible to anyone, reducing the level of knowledge and skills that were previously required to commit specific criminal actions. Finally, Internet platforms provide instructions for committing most crimes. The topics of such ‘handbooks’ and ‘training manuals’ range from synthetic drugs production, primitive firearms and improvised explosive devices manufacture for all types of cybercrime.

RG: Here, probably, bitcoins would have played their role.

Mr Yury Zhdanov: And not only them. All cryptocurrencies remain an important means of payment for illegal goods and services. Decentralisation and semi-anonymity make them attractive for carrying out criminal transactions. Illegal income can initially take the form of a virtual currency or can be converted into digital form. New methods of money laundering using cryptocurrencies include the use of coin mixing and exchange services.


Language of Misunderstanding


RG: In which areas is cybercrime most active?

Mr Yury Zhdanov: Actually, in almost all where digital technologies are used. Criminal content on the Internet today dominates in such areas as trade, communication and access to information. The digital transformation of the economy, society and private life is progressing rapidly and continues to affect all aspects of human life and activity. It is not surprising that these changes have had a significant impact on the sphere of serious and organised crime in the European Union. Almost all types of criminal activity now include online components, such as digital solutions that facilitate communication for criminals.

The Internet space has changed retail and commerce. Digital trading platforms have made goods more accessible. The number of specialised websites and specialised apps has increased rapidly. And they have simplified access to all types of goods and services. The transformation of legal trade is also reflected in the criminal sphere. Most of the illegal actions have been transferred to the Internet. Criminals use both legal and shadow Internet, where they offer all kinds of prohibited goods and most illegal services. The availability and accessibility of secure online channels has led to the diversification of platforms used for illegal trade on the Internet.

Crime structures can now create and manage companies using only one device located in any country, conduct trade and transfer documentation over the Internet. In addition, there is now free software for creating fake bank accounts and statements. Due to new ways of transferring money, such as alternative banking platforms, as well as electronic bank payment services, it has become even more difficult to calculate intruders.

The spread of communication channels with data encryption and social networks allows criminals to easily expand the audience of their potential customers.

RG: Apparently, this is why the percentage of exposing criminals is so low?

Mr Yury Zhdanov: Criminals use various countermeasures to ensure the security of their operations on the Internet and rely on services such as virtual private networks (VPN), proxy servers and anonymous browsers or ‘onion’ routers – Tor Browser. Trading platforms in social networks, closed groups, as well as encrypted message services are widely used. Online retail provides direct access to a wider range of consumers. This has led to a sharp increase in the use of small parcels sent through postal or courier agencies for the distribution of prohibited and illegal goods. Due to the large volume of mail, the probability of detecting small batches of goods is reduced.

Social networks duplicate advertising on websites and serve as separate channels for marketing or communication channels for criminal networks.

RG: But after all, special devices are needed to encrypt and decrypt messages.

Mr Yury Zhdanov: And they have such devices. Some providers offer secure communication services using modified mobile devices. Europol suggests that some of these services directly and intentionally serve criminals’ communication needs. The devices offered by such providers allegedly guarantee complete anonymity and do not have such functions as a camera, microphone, GPS, USB ports. These services eliminate any communication between the device or SIM card and the user. The encrypted interface is usually hidden and works as part of a dual operating system. Such phones are sold through underground dealers’ networks.

RG: By the way, do they always fulfill their obligations if their products were ordered and paid for?

Mr Yury Zhdanov: No, of course they do not! When you agree on something in the darknet, there is always a risk of being deceived. And there is no one to complain about. Non-delivery fraud is a variant of fraud with a payment order or an advance payment. Such scammers advertise or sell non-existent goods using a fictitious online store.

For example, in the first months of the COVID-19 pandemic, fraudsters used high demand and insufficient supply of personal protective equipment and self test kits. The number of websites and social network accounts advertising these products for fraudulent purposes increased significantly. The profits from these fraudulent schemes were considerable. Among the victims were many commercial and budget organisations, for example, hospitals or clinics that placed orders for the supply amounting to several million euros.

RG: I wonder if they are also deceiving each other.

Mr Yury Zhdanov: And how can it be without this? For example, the victims of match fixing organisers are increasingly becoming participants in the developing eSports market. There are indicators that show manipulation in this branch. This is an unusual surge in bets and unusually large amounts of bets just before the start of matches. So now participating in sweepstakes is more trouble than it is worth.

RG: With such a rapid development of technologies, could they also print money, indistinguishable from real ones?

Mr Yury Zhdanov: And this is a very serious problem that threatens the global financial system. The distribution of counterfeit banknotes has already become a digital crime. On the Internet, they advertise and sell banknotes of various currencies and denominations, materials and equipment for illegal production, manuals that teach how to make fake money, as well as information about security features. The introduction of an uncontrolled amount of very high-quality but counterfeit banknotes into circulation can cause a catastrophe.

RG: Are they aware of cyber mafia threat in Russia?

Mr Yury Zhdanov: Absolutely. The Ministry of Internal Affairs of Russia (MVD RF), for example, has developed and is actively using The Remote Fraud programme. With its help, it is possible to detect serial fraud committed remotely. More than 324 thousand signs of serial crimes have been revealed. This programme collects, systematises, processes and analyses information that is collected as part of the investigation of criminal cases about crimes committed remotely. The Remote Fraud allows recording the necessary information from the registration date of a report about such crimes.

By November 2022, the MVD RF will introduce The Mirror programme, which allows identifying signs of intra-frame editing of video images, which is created using neural networks – deepfakes. And many such technical solutions will appear. In general, the time has now come for the transition to fundamentally new technologies. Thus, the World Economic Forum (WEF) experts in the latest documents published in May call for timely transition to quantum-secure standards at the national level for the sake of cyber security. Otherwise more and more data will be at risk. The experts remind us that new cars, planes and critical infrastructure are designed to be closely connected to digital ecosystems, and the expected service life is decades. A future vulnerability in an outdated component that is not quantum-safe, in case of compromise, can lead to massive operation failures.

RG: But you should agree, it is not easy to resist the global cyber mafia alone. Are we trying to negotiate cooperation with anyone?

Mr Yury Zhdanov: Yes we are. Russia has become the initiator and developer of the draft UN Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes. In May, active work began to promote and refine the project at the UN platforms.

RG: Is the project received favoraubly by our foreign partners?

Mr Yury Zhdanov: Alas, this process will be very difficult. It is already meeting fierce opposition due to geostrategic and ideological contradictions on the part of the United States and Great Britain. And it is no coincidence that in May, the US and UK intelligence services published a joint report on the methods of work of hacker groups that they associate with the Russian Foreign Intelligence Service (SVR RF). The document, in particular, refers to hackers from the groups APT29, Cozy Bear and The Dukes.

The report was prepared by the National Cyber Security Centre of the United Kingdom, the FBI, the US National Security Agency and the US Cybersecurity and Infrastructure Security Agency.

RG: What was our reaction?

Mr Yury Zhdanov: The SVR RF, in turn, called the accusations of involvement in cyber attacks ‘verbiage’ and ‘nonsense.’

And the cyber mafia is gaining strength and multiplying its economic and technological influence. Because there is a struggle not with it but with those who are trying to suppress it.


Key Question


A Call From a Well-Wisher


RG: Everything is clear about the threat to state structures and private corporations. And what does the cyber mafia threaten ordinary people with?

Mr Yury Zhdanov: Well, again – emptying their pockets. For example, there are new methods of committing crimes, such as SIM card swap scam. Cybercriminals take control over the use of the victim’s phone number, in fact, deactivating their SIM card and transferring the number to a SIM card belonging to a criminal network member. As a rule, criminals carry out swapping on behalf of a telephone service provider, either through an employee of the company who is actually a corrupt insider or using methods of social psychology.

RG: So is it a new kind of phone fraud?

Mr Yury Zhdanov: In general, it is. Telephone operators convince victims to make a payment, transfer money or make an advance payment under the pretext of fictional stories or scenarios. This is a deliberate imitation of another person in order to deceive someone by pretending to be, let’s say, a police officer, a family member, and threatening something.

RG: Does it mean cybercriminals can interfere in our personal life?

Mr Yury Zhdanov: And very actively. For example, they skillfully arrange romance scams. To do this, carefully study the adverts of those who are really looking for love, enter into correspondence. Scammers try to gradually ingratiate themselves with the victim. Soon they begin to pull personal data, for example, bank account numbers, bank cards or ask for money.