- Joined
- May 15, 2016
- Messages
- 16,684
- Likes
- 2,644
- Points
- 1,730
A powerful hacker group was disarmed in Odessa by officers of the Security Service of Ukraine, together with partners from the FBI.
About this at the briefing told and. Chairman of the Security Service of Ukraine Ivan Bakanov.
The group members organized and for a long time (since 2007) provided virtual services to hackers and other criminals, creating conditions for them to freely carry out illegal activities in the network.
The attackers used Dark Net - part of the Internet that is hidden from ordinary users, where you can anonymously buy weapons, drugs and the like.
“Unlike ordinary citizens, law enforcement officers usually have the right and many opportunities to deanonymize the person who committed the crime,” explained Bakanov. - You can, for example, request the necessary information from your provider or service provider. But not in Dark Net, which is based on the so-called abuzostoykim hosting, which does not respond to any requests from law enforcement, nor to the complaints of rights holders, which can not be found due to the complex technologies of masking (both physical and virtual) and the characteristics of the Internet itself.
However, for several days now, among those who have not only heard, but also used Dark Net, panic reigns, many are attempting to contact the organizers of the “bulky” hosting, which we have neutralized in Odessa. Hundreds and possibly thousands of unlawful attacks on citizens of Ukraine, the United States, Japan and Europe, on their authorities and administrations, and objects of critical infrastructure were prevented. ”
Special services operatives found that the organizer of the group is a citizen of Ukraine, a resident of Odessa, Mikhail Rytikov (Titov). He received his first hacker experience in Moscow in the mid-2000s. Already in 2007, he began to provide his services to hackers around the world through Ukrainian networks, carefully concealing the actual location of his equipment from law enforcement officers and special services of any country.
The equipment was periodically found by Ukrainian, Russian, American law enforcement officers, confiscated it, temporarily ceased operations, but the hacker group soon resumed operations. Today, the group has ten main participants and dozens of accomplices, intermediaries in a number of countries around the world, as well as thousands of customers, including, for example, the developer of the ZeuS virus, Yevgeny Bogachov, who is being sought by the FBI.
“All of them are worried that hundreds of terabytes of data were in the hands of the special services, which could be evidence in hundreds of criminal cases around the world. According to our estimates, we can talk about 40% of the Russian-language segment of Dark Net, ”he said. head of the SBU.
Only in the United States in respect of the organizer of the hosting charges were filed, which "pull" to fifty years in prison. He is accused of fraud, unauthorized interference, theft of personal data and a number of other crimes. In particular, according to the American law enforcement officers, Rytikov participated in the theft with the subsequent sale of more than 160 million "dumps" (numbers and passwords) of payment cards.
In Ukraine, the organizer and another member of the group announced the suspicion of committing criminal offenses under Part 2 of Art. 361 and Part 3 of Art. 301 of the Criminal Code of Ukraine. They chose a measure of restraint in the form of house arrest.
Despite the complicated documenting mechanism associated with imperfect domestic legislation in the cyber sphere, the SBU operatives together with investigators from the State Bureau of Investigation and prosecutors of the General Prosecutor’s Office of Ukraine managed to gather necessary evidence of the involvement of the defendants in the commission of serious crimes.
During the authorized investigative actions on the territory of a private house near Odessa, a real data center was found with a backup autonomous power source, security, powerful Internet access channels and even an elevator. The center was carefully hidden.
“Almost one and a half hundred servers were confiscated, on which thousands of hacker resources were placed, some of them remained encrypted, many resources were configured in such a way as not to keep traces of criminal activity,” the Acting Nikolai Kuleshov, head of the department of counterintelligence protection of state interests in the field of information security.
A preliminary study of network equipment and an assessment of the ranges of IP addresses used by the group indicates at least three autonomous systems reserved for enterprises of the Russian Federation. Considering the counter-intelligence regime existing in the Russian Federation, as well as the technological features of the organization and construction of SORM-3 (a system for recording calls to the Internet, developed with the participation of the FSB), ownership and management of this numbering resource could not occur without control and protection from the Russian special services.
“This information allows the SBU to get a clearer picture of cyber attacks on Ukrainian critical infrastructure, the role of the Russian special services in cyber attacks on other countries. Cybersecurity in the international dimension is a collective task, and no single country alone can effectively defend against cyber threats, ”said Ivan Bakanov.
About this at the briefing told and. Chairman of the Security Service of Ukraine Ivan Bakanov.
The group members organized and for a long time (since 2007) provided virtual services to hackers and other criminals, creating conditions for them to freely carry out illegal activities in the network.
The attackers used Dark Net - part of the Internet that is hidden from ordinary users, where you can anonymously buy weapons, drugs and the like.
“Unlike ordinary citizens, law enforcement officers usually have the right and many opportunities to deanonymize the person who committed the crime,” explained Bakanov. - You can, for example, request the necessary information from your provider or service provider. But not in Dark Net, which is based on the so-called abuzostoykim hosting, which does not respond to any requests from law enforcement, nor to the complaints of rights holders, which can not be found due to the complex technologies of masking (both physical and virtual) and the characteristics of the Internet itself.
However, for several days now, among those who have not only heard, but also used Dark Net, panic reigns, many are attempting to contact the organizers of the “bulky” hosting, which we have neutralized in Odessa. Hundreds and possibly thousands of unlawful attacks on citizens of Ukraine, the United States, Japan and Europe, on their authorities and administrations, and objects of critical infrastructure were prevented. ”
Special services operatives found that the organizer of the group is a citizen of Ukraine, a resident of Odessa, Mikhail Rytikov (Titov). He received his first hacker experience in Moscow in the mid-2000s. Already in 2007, he began to provide his services to hackers around the world through Ukrainian networks, carefully concealing the actual location of his equipment from law enforcement officers and special services of any country.
The equipment was periodically found by Ukrainian, Russian, American law enforcement officers, confiscated it, temporarily ceased operations, but the hacker group soon resumed operations. Today, the group has ten main participants and dozens of accomplices, intermediaries in a number of countries around the world, as well as thousands of customers, including, for example, the developer of the ZeuS virus, Yevgeny Bogachov, who is being sought by the FBI.
“All of them are worried that hundreds of terabytes of data were in the hands of the special services, which could be evidence in hundreds of criminal cases around the world. According to our estimates, we can talk about 40% of the Russian-language segment of Dark Net, ”he said. head of the SBU.
Only in the United States in respect of the organizer of the hosting charges were filed, which "pull" to fifty years in prison. He is accused of fraud, unauthorized interference, theft of personal data and a number of other crimes. In particular, according to the American law enforcement officers, Rytikov participated in the theft with the subsequent sale of more than 160 million "dumps" (numbers and passwords) of payment cards.
In Ukraine, the organizer and another member of the group announced the suspicion of committing criminal offenses under Part 2 of Art. 361 and Part 3 of Art. 301 of the Criminal Code of Ukraine. They chose a measure of restraint in the form of house arrest.
Despite the complicated documenting mechanism associated with imperfect domestic legislation in the cyber sphere, the SBU operatives together with investigators from the State Bureau of Investigation and prosecutors of the General Prosecutor’s Office of Ukraine managed to gather necessary evidence of the involvement of the defendants in the commission of serious crimes.
During the authorized investigative actions on the territory of a private house near Odessa, a real data center was found with a backup autonomous power source, security, powerful Internet access channels and even an elevator. The center was carefully hidden.
“Almost one and a half hundred servers were confiscated, on which thousands of hacker resources were placed, some of them remained encrypted, many resources were configured in such a way as not to keep traces of criminal activity,” the Acting Nikolai Kuleshov, head of the department of counterintelligence protection of state interests in the field of information security.
A preliminary study of network equipment and an assessment of the ranges of IP addresses used by the group indicates at least three autonomous systems reserved for enterprises of the Russian Federation. Considering the counter-intelligence regime existing in the Russian Federation, as well as the technological features of the organization and construction of SORM-3 (a system for recording calls to the Internet, developed with the participation of the FSB), ownership and management of this numbering resource could not occur without control and protection from the Russian special services.
“This information allows the SBU to get a clearer picture of cyber attacks on Ukrainian critical infrastructure, the role of the Russian special services in cyber attacks on other countries. Cybersecurity in the international dimension is a collective task, and no single country alone can effectively defend against cyber threats, ”said Ivan Bakanov.