Search This Blog

Showing posts with label Russia. Show all posts

Hackers steal money from cards through the Uber and VTB applications


A resident of Russia Anna Kozlova, resting in Spain, lost 14 thousand rubles ($220). The money was stolen from her VTB Bank card through the Bank's mobile app and Uber.

At first, the woman was charged 2 rubles from the card, it looked like a standard check of the solvency of Uber customer, especially since the money immediately returned to the account.

However, immediately after this, 2829 rubles were debited from the card. The app’s notification said it was Uber service fee that Anna hadn’t actually used since she was sleeping.
Then notifications, according to the tourist, began to come one after another. After 22 minutes, when she woke up, the girl blocked her card, but by that time the cost of four more trips that she had not made was debited from the card.

Unknown stole from Kozlova 14 118 rubles and did not stop trying to withdraw money from her account even after blocking the card. It is curious that all write-offs were allegedly made by the international service Uber, which in Russia was merged with Yandex.Taxi.

When Anna contacted the support team of this company, the staff could not give her information about the write-offs. The VTB support service clarified that the last write-offs were made from Moscow, and then Anna appealed to Uber Russia.

The Russian company Kozlova explained that if she did not use a taxi, it means that someone received the data of her Bankcard, including CCV code, and used it for payment.
Kaspersky Lab experts explained that fraud schemes through taxi services are no longer uncommon.

According to them, there are channels in the messengers where you can order a taxi at a great discount. The scheme looks something like this: the passenger sends a message to such a channel indicating the details of the trip, and the attacker calls a taxi using the stolen account.

After completing the trip, the driver receives money from the owner of the stolen account, and the passenger transfers the money directly to the attacker. In order to remain unnoticed for as long as possible, attackers can track the owner of a hacked account on social networks and organize such trips at night when it is likely that a person is sleeping, or during the victim’s travel abroad.

The Kremlin opposed cross-border persecution of Russians in the United States


Dmitry Peskov, the Press Secretary for the President of Russia, commenting on the largest award in history appointed for Russian hacker Maxim Yakubets, said that Moscow opposes cross-border persecution of Russians by the American authorities. The State Department announced awards of $5 million for information that would help detain the Russian Maxim Yakubets. American authorities consider this citizen of the Russian Federation the leader of the hacker group Evil Corp.

"The Russian side has repeatedly offered cooperation [in the fight against cybercrime], and our proposals were undesirable and misunderstood," said the Kremlin representative.

According to Peskov, Moscow considers crimes in the cybersphere very serious, the people who committed them should bear the deserved punishment.

"We traditionally advocate for cooperation in the investigation of such crimes and the capture of criminals, but in this case, we can't speak about cooperation, this is not our fault," said the representative of the Kremlin.

On December 5, the US State Department announced its readiness to pay $5 million for information that will help detain the alleged leader of the hacker group Evil Corp (also known as the Dridex Gang) Maxim Yakubets. This award was the largest in history of all that has ever been nominated for the head of a cybercriminal. Earlier, another Russian Evgeny Bogachev was the “leader” in this indicator, for whom in 2015 a prize of $3 million was offered.

Us and UK authorities accuse Yakubets of leading a group of hackers who stole more than $100 million. According to the US Treasury, Evil Corp is responsible for the development and distribution of the malware Dridex, used to infect the computers of 300 banks and financial companies in more than 40 countries.

According to Washington, Yakubets also provided direct assistance to the Russian government. The US Treasury Department claims that Yakubets worked for the FSB of Russia in 2017, and in April 2018 was allegedly in the process of obtaining permission from the FSB to work with Russian secret documents.

Group-IB reported attempts to hack Telegram of Russian entrepreneurs


The company specializing in the investigation of cybercrime Group-IB reported that attackers attempted to hack correspondence of Telegram messenger, and Russian entrepreneurs became the target of cyberattacks.

As the experts explained, at the end of 2019 several Russian entrepreneurs turned to them for help, who faced the problem of unauthorized access by unknown persons to their correspondence in the Telegram messenger.

The incidents occurred on iOS and Android, regardless of the carrier used. Group-IB believes that the attackers were able to view and copy activation codes from SMS messages that Telegram sends when activated on a new device.

Technically, the cyber attack could have been carried out using a vulnerability in the SS7 Protocol. However, attacks on SS7 are rare.

“It is much more difficult to implement such an attack, it requires certain qualifications in the field of data transmission networks and their protocols,” explained Kaspersky Lab’s antivirus expert Viktor Chebyshev.

"The attack began when a message was sent to the Telegram messenger from the Telegram service channel (this is the official messenger channel with a blue verification tick) with a confirmation code that the user did not request. After that, an SMS with an activation code was sent to the victim’s smartphone, and almost immediately a notification came to the Telegram service channel that the account was logged in from a new device,” reported Group-IB.

It is known that other people's accounts were hacked through the mobile Internet, the IP address of the attackers was most often determined in the city of Samara.

It is assumed that the attackers used disposable SIM cards. They deliberately sent SMS with the code, intercepted it and authorized in Telegram. They could buy access to tools for hacking in the Darknet from 100 thousand rubles ($1,565).

The company drew attention to the fact that in all cases, SMS messages were the only authorization factor on devices affected by hacking attempts. Accordingly, such an attack can only be successful if the “Cloud Password” or “Two-step verification” options are not activated in the Telegram settings on the smartphone.

According to anti-virus expert Viktor Chebyshev, Telegram is consistently included in the list of applications targeted by cybercriminals in various spy campaigns. Such an attack can allow attackers to gain access to the correspondence of specific people.

Rostelecom to setup honeypot to deal with hackers


The largest Russian provider of digital services and services Rostelecom offered telecom operators to set traps for hackers - honeypots.

The concept of creating a new cyberattack warning system was presented at a meeting of the Information Security working group as part of the Digital Economy national project.

It is known that we are talking about creating special software that will simulate the vulnerability of the server, seeing which hackers try to hack the network of companies. At this time, the program will record all the actions of the attacker and send them to specialists. Experts of Rostelecom are sure that in this way it will be possible to collect information about new methods of hacking.

Operators must set these traps themselves and exchange data with other companies. At the same time, Rostelecom's concept does not imply state financing of the project, and the company does not specify the cost of the entire system.

According to the head of the Russian research center Kaspersky Lab Yuri Namestnikov, businessmen will incur minor expenses. Basically, the money will be used to select specialists and improve servers and security.

IT-experts call telecom operators one of the most interested users of honeypots.  Positive Technologies expert Dmitry Kasymov said that telecom operator can’t be called secure in principle. "During the conduction security audits, we identify many vulnerabilities that allow attackers to leave subscribers without communication, listen to their conversations and intercept SMS, use communication services at their expense and even bypass the operator's billing systems.

These security flaws are already being exploited by hackers, even for stealing money from Bank accounts," explained he.

So, many Russian mobile operators supported Rostelecom's initiative to create a system of honeypots, as the infrastructure of these telecommunications companies still suffers from cybercriminals.

However, Kaspersky Lab experts warn that misuse of the honeypot concept can be dangerous. If you do not configure this type of system properly, it can become a source of additional threats to the network infrastructure.

Russian banks discovered a new virus to steal money


From this year, hackers began to use new viruses that can enter the bank’s application on a mobile device and withdraw money from the victim’s account. Two Russian banks have already reported on this type of fraud.

Hackers use a new type of attack for the Android operating system. Fraudsters disguise viruses as applications or distribute them as links. After downloading and installing such a file, the virus begins to perform its functions without the user's knowledge. The programs are able to automatically transfer money from the victim's account to cybercriminals through the available mobile banking application.
Group-IB specialists first discovered such an attack in the spring of 2019. Then the new mobile Trojan Gustuff was modified, which appeared in December 2018 and created by a Russian-speaking hacker. This type of virus, experts noted, threatened only 100 foreign banks.

A new type of Trojan attacked at least two Russian banks in 2019 - Moscow Credit Bank and Post Bank. Representatives of the first noted that there are few cases of theft. The second confirmed one-time problems and talked about preventing fraud.

"From July 2018 to June 2019, hackers were able to steal 110 million rubles (1,7 million $) with the help of Trojans for Android," reported Group-IB.
However, compared to the same period last year, the indicator fell by 43%. It is reported that now hackers have mainly switched to the international market and only in rare cases continue to modify the application to attack the Russians.

According to the representative of Group-IB, the activity of Trojans in Russia decreased after the detention of the owners of the largest Android botnets, as a result of which hackers switched to the international market.

"However, some attackers modify applications and sell Trojans for subsequent attacks on users in Russia. This is a rare practice."

Earlier, the head of the Computer Security Association, Roman Romachev, said that data leaks will continue until banks become responsible for this.

Hackers stole half a million profiles from a Russian job search site


The hacker forums got a database of users of the portal jobinmoscow.ru. According to the founder and technical director of Device Lock, Ashot Hovhannisyan, the database has logins and passwords for 500,000 users in addition to the publicly available information.

Media noted that some logins and passwords were relevant, if you enter some of them, you could get to the pages of portal users. After the journalist informed the site representative about this, it became impossible to enter the accounts.

However, the company owning the site from which the leak occurred confirmed the information about the data leak.

"A quick analysis of the situation showed that there are no violations of the law on our part. Our experts analyze any possible threats to the technical security of the site and take the necessary steps to prevent unauthorized use of the site," commented on the leak, Forex Consulting CEO Yuri Mozgovenko.

Experts reported that the personal data of customers of the site can be used in the black market of fake employment. Scammers can call applicants and promise a job, but for the final stage of hiring, they will ask to pay a small amount.

In addition, the leak of passwords creates a vulnerability for social networks of users, they can be hacked. Experts also note that the resume contains not only personal information about the applicant but also data about former employers. As a result of such a leak, it becomes possible to replace the resume or vacancies of a particular company to damage its business reputation.

However, experts do not see significant threats in such data leaks.
According to jobinmoscow.ru, more than 566,000 vacancies from 209,000 companies were posted, as well as more than 195,000 resumes.

Thousands of Russians became victims of the Сryptominer


International antivirus company ESET reported that hundreds of thousands of users in Russia, Belarus, Ukraine and Kazakhstan became victims of the Miner Virus. Specialists could not find a special module for cryptocurrency mining for years.

According to the company ESET, the mining module is distributed by the Stantinko botnet. This is a complex threat, active at least since 2012. The botnet has self-defense mechanisms that allow operators to remain undetected.

Stantinko is most often distributed through torrents and can disguise itself as pirated software. Previously, it was used for advertising fraud schemes: security experts said that over the past five years, the botnet infected more than 500 thousand computers in Russia (46%) and Ukraine (33%).
According to ESET, the crypto mining module is CoinMiner. Stantinko is carefully compiled for the new victim, so it is difficult to detect on the device. It is also able to contact with the mining pool through a proxy, the IP addresses of which are in the description of the videos on YouTube.

It is almost impossible to detect the module on a computer without special security checks. CoinMiner.Stantinko constantly scans the processes running on the PC and shuts down when anti-virus activity is registered.

In the process of mining, a significant part of computer resources is spent. In order not to cause suspicion, the module analyzes the activity and pauses its work, for example, if the device is running on battery power.

The main goal of Stantinko is financial gain. Operators provide false clicks on advertising links: the virus installs two browser extensions (the Safe Surfing and Teddy Protection) for the unauthorized display of advertising, which brings income to operators.

Analysts note that Stantinko allows operators to not only simulate click-throughs on advertising but also to steal data from a computer, to hack control panels using password-guessing attacks for reselling, to create fake accounts, likes on pages and a photo, to fill up the list of friends on Facebook.

ICQ and Signal are the most secure messengers in Russia, says Vladimir Zykov


Vladimir Zykov believes that ICQ messenger is safer than WhatsApp, but this does not solve the problems. iOS and Android operating systems contain many vulnerabilities that are exploited by hackers.

Choosing a messenger for use, Russians are guided mainly by the advice of friends and their own feelings, said Vladimir Zykov, head of the Association of Professional Network Users and Messengers. The expert is sure that ICQ and Signal messengers are the safest in Russia. But few people use them.

In General, any messenger for a smartphone does not guarantee absolute security, because a vulnerable operating system controls the messenger.

"But if you choose secure mobile software, then the probability of hacking, of course, decreases," said the expert.

According to the expert, the situation is due to the fact that most applications run on mobile devices running the operating systems iOS and Android, developed by American companies Apple and Google. Therefore, they have access to Russian accounts.

"That is, in fact, their owners can connect to your phone and calmly watch from the screen everything that you have there," said he.

Earlier, the creator of Telegram and VKontakte Pavel Durov sharply criticized Facebook. The entrepreneur is unhappy with the protection of information in the WhatsApp messenger.
According to Durov, the application is a kind of Trojan that are not connected in any way with the messenger. This is due to the policy of the American company, which deliberately leaves security vulnerabilities.

WhatsApp, at the same time, is one of the most common messengers among Russians. In addition to it, the Viber application is popular. However, as experts say, these services do not really have high security.

The Russian Railways information system got hacked in 20 minutes


Specialists of Russian Railways will conduct an investigation after the statement of the Habr user that he hacked the Wi-Fi network during a trip on the Sapsan high-speed train and gained access to the data of all its users in 20 minutes. According to the company, the hacked network did not contain personal data, but only entertainment content.

On Friday, November 15, user keklick1337 on the portal Habr.com was returning from Saint-Peterburg, where he visited the ZeroNights information security conference, to Moscow. The programmer became bored, and he decided to check the reliability of the Wi-Fi and easily gained access to the hidden data of Russian Railways. He noted that " the same passwords and free security certificates are used everywhere, and the data is stored in text documents."

"It is not difficult to access the data of the passengers of the train and it takes at most 20 minutes", noted the author of the post.

"The server of the information and entertainment system of Sapsan trains does not store personal data of passengers. The multimedia portal provides information and entertainment content: news of Russian Railways, movies, books, music and other information, " — said the representative of Russian Railways.

According to the spokesman, for authorization in the system, the user must enter only the last four characters of the document, which he used to buy a ticket, as well as the rail car and the seat number. These data are not personal and in accordance with the current legislation of the Russian Federation are stored on the server for no more than one day.

"The infotainment system server is not connected to the internal network of Russian Railways or other internal control services on the train, it is designed exclusively for entertainment and information topics and does not store any confidential customer data," added the company.

The Russian Railways plans to conduct a technological investigation on the fact of hacking the train system Sapsan.

Earlier, E Hacking News reported that the personal data of 703 thousand employees of Russian Railways, from the CEO to the drivers, were publicly available.

Russian universities to introduce special course on working with artificial intelligence


The office of the Russian Ombudsman Tatyana Moskalkova proposed to create in Russian universities special course on artificial intelligence.  The aim of the course is training to counter the threats of artificial intelligence within the discipline of human rights protection.

Moreover, it is expected that the novelty will become part of the training program not only for law students, where the protection of human rights is one of the main disciplines. This special course is also necessary for future technical specialists.

The press service of Moskalkova's office clarified that " the course will be constantly adjusted, filled with new things in accordance with technological development." An interesting fact is that there is an express course on the philosophy of artificial intelligence at Moscow State University.

It should be noted that during the BRICS summit on November 14, Kirill Dmitriev, the head of The Russian Direct Investment Fund, a member of THE BRICS business Council, said that an Alliance for the development of artificial intelligence can be created within the BRICS.

In addition, according to Alexander Bernstein, the head of the neurosurgical Department of the Burdenko Center, artificial intelligence from 2021 will help in the planning of complex neurosurgical operations. Now artificial intelligence is already used in the medical center to remove intracerebral tumors. In the future, the scope is planned to expand.

Recall that on October 10, 2019, Russian President Vladimir Putin signed a decree on the development of artificial intelligence in Russia. This decree approves the national strategy for the development of artificial intelligence until 2030. The President also spoke about the need for maximum support for startups in the field of artificial intelligence and several times to increase the volume and quality of training for programmers, mathematicians, computer linguists and data processing specialists.

The Russian Embassy in Washington sent a note of protest to the State Department


The US Department of Justice has confirmed the extradition of Russian hacker Alexei Burkov from Israel. Accused by Americans of credit card fraud, a Russian citizen has already appeared before a federal judge in Virginia. Burkov faces up to 80 years in prison. The Russian Foreign Ministry sent a note of protest to the State Department, soon the consuls will be sent to the Russian citizen.

"In connection with the extradition of the Russian citizen Burkov from Israel to the United States, we have taken a decisive demarche regarding the “hunt” unleashed by Washington for our citizens around the world. In the note sent to the State Department, we demanded strict compliance by the American side with existing bilateral obligations," reported the press service of the Russian diplomatic mission.

The Embassy noted that Russian diplomats "will soon visit a compatriot in a pretrial detention center in Virginia."

Earlier, the US Department of Justice said that according to court documents, Burkov allegedly ran a website called Cardplanet that sold payment card numbers, many of which belonged to US citizens.
"Stolen data from more than 150,000 payment cards were allegedly sold on Burkov's website and led to fraudulent purchases made from US credit cards worth more than $20 million," stated the US Department of Justice.

It is noted that if Burkov is found guilty on all counts, he faces up to 80 years in prison.
Earlier, Russian President Vladimir Putin proposed to exchange the Israeli woman, who has dual citizenship — Israel and the United States. She was sentenced to 7.5 years in prison for smuggling hashish. Putin discussed the case with the Prime Minister of the Jewish state, Benjamin Netanyahu. However, he refused to make such an exchange.

Recall that Burkov was detained at the airport in Tel Aviv in 2015 when he came to Israel on vacation. He was later charged with crimes in the sphere of cybersecurity. He calls himself an information security specialist and denies the charges of committing the crimes imputed to him. All the time since the arrest he spent in Israeli prisons.

It is worth noting that Alexei Burkov will not be the first Russian convicted in the United States, whose return will be required by the Russian Foreign Ministry.

The Federal Security Service of Russia opposed applications with an electronic passport


Mobile applications with an electronic passport will not be able to completely replace a physical document. The FSB opposed the idea of placing the full document in smartphones.

The FSB considers it extremely unreliable to place the passport data of Russians in applications based on foreign operating systems iOS and Android, as they will not be able to guarantee the security of data and absolute access control from unauthorized persons. It will be possible to fully use the application as an identity card only when the domestic operating systems will function normally in Russia.

"There is a risk that Apple or Google developers will be able to access the data stored in the application", suggests Alexander Kruglov, senior analyst at Digital Security.

"Theoretically, there is such a possibility, since iOS or Android developers can insert a traffic analyzer into the next update of the system and collect user data", added he.

According to Kruglov, Apple, for example, refuses FBI requests to open access to iPhones of suspects.

It is worth noting that there is a Russian operating system Aurora created on the basis of the Finnish Sailfish. The state was going to supply officials and civil servants with phones with Aurora OS, they were going to spend 160 billion rubles (2,4 million $) on this. But there are practically no devices with preinstalled Aurora OS and applications for this operating system.

During a recent meeting with Deputy Prime Minister Maxim Akimov, it was decided that a smartphone app will appear and will be able to verify the identity of a citizen in most, but not all situations.

Most likely, citizens will be able to use the app only for simple services: for example, to verify the age when buying alcohol or cigarettes. But it will be possible to buy an apartment only through a card with a chip.

Earlier, E Hacking News reported that the Russian government has determined the basic parameters of the future e-passport. It will have two components - a plastic card with a chip and a mobile application. Documents of the new type will be issued to Russians from 2020 in Moscow. Paper passports will no longer be issued, but old documents will remain valid until their expiration date. The e-passport will become a universal carrier of information about a person, necessary for his identification.

5G network may appear in St. Petersburg by 2022


The representative of the Russian President on digital and technological development Dmitry Peskov said that in two years 5G mobile network could be launched in St. Petersburg. According to him, it will be certified at the World Radiocommunication Conference in the near future.

Mobile operators MTS and MegaFon have already received permission to create a test zone for testing 5G. Tests are planned to be carried out at frequencies in the range of 2.5-2.7 GHz.

Earlier, the Ministry of Defense, the FSB and the Federal Security Service opposed 5G, saying that this resource is used by government services and its transfer to civilian means of communication is inappropriate for security and defense reasons. To date, negotiations are underway to provide organizations with the necessary frequencies that belong to the special services.

In addition, representatives of MTS and MegaFon do not see an urgent need to launch fifth-generation communications, as the technology is expensive. In the near future, 5G technology will not be able to be used by residents of the whole country, but only of certain territories, since its technical maintenance is more complicated than LTE networks.

It is interesting to note that the first operator interested in new generation technology is MegaFon. In 2014, the company signed an agreement with Huawei on the creation of 5G test networks. For example, the operator will begin to test the operation of telemedicine services in medical institutions with the help of a new generation of mobile communications in Moscow from 2019. In addition, 5G speed record belongs to MegaFon. In June, the operator managed to achieve network data transfer at a speed of 35 gigabits per second. The tests were carried out in the laboratory on Huawei equipment.

It should be noted that 5G technologies are designed for higher bandwidth compared to 4G. New network will allow subscribers to connect with each other directly, and the speed of mobile Internet will grow to 1-2 Gbit / s. At the moment, the fifth generation networks are already deployed in several major US cities. Switzerland is actively implementing 5G in Europe. South Korea became the first country in the world to launch commercial services of the newest network in the spring of this year.

The first commercial quantum communication line to be built in Russia


The national program in Russia plans to improve the information security of both government agencies and private companies. Experts want to achieve this by creating the first commercial quantum network in the country. It will provide the most reliable degree of information security available today. Data centers in Russia will establish a quantum communication line between them by 2021.

It is known that experts will build a network 670 km long between data centers located in Moscow and Udoml. They have powerful servers and network equipment designed to process, store and distribute information. Currently, the communication channels leading to the centers are protected by crypto-algorithms, the disadvantage of which is the existence of a key that is stored on the physical medium. So, having a key, fraudsters can intercept and decrypt the transmitted information.

To date, the only way to solve this problem is to use quantum communications. It is a data exchange technology that is protected by the quantum distribution of encryption keys. The hacker will not be able to intercept such a key, remaining unnoticed. Photons are used as carriers of transmitted information.

"If a hacker starts copying the state of a particle, its properties will instantly change. Thus, copying data will fail. Moreover, if someone tries to intercept the media during their transmission, the user of the system will know about it," said specialists.

Since the photons change their state after 140 km due to scattering, the developers plan to build six protected intermediate nodes on the 670 km line.

The project of the quantum communication line was named Landau, and Rostelecom was appointed responsible for its implementation. The project will be launched this year. It is expected that by the end of 2020 there will be a prototype of the service, and the project will be ready in 2021. The work is carried out as part of the national program "Digital Economy". It is known that in case of successful completion of the project, no one will be able to hack into computers, which will be great news for databases of large state corporations and banks.

As a reminder, the Russian Government approved the national program "Digital economy" and allocated 1 trillion rubles (217 billion $) from the Federal budget for the implementation of the presidential task.

The Ministry of Internal Affairs of Russia to develop a mechanism for the seizure and confiscation of cryptocurrencies


Russian law enforcement agencies, together with the Ministry of Internal Affairs, to prepare proposals for the arrest of cryptocurrencies by 2021.

A representative of Group-IB confirmed the information that such a measure is being discussed together with other proposals to combat IT crimes.

"Cryptocurrency must be recognized at the legislative level as either a product or a cash equivalent so that it can be confiscated further", said Konstantin Golikov, the co-owner and CEO of the platform Dailyrich.ru.

"If the law enforcement agencies begin to discuss the confiscation of cryptocurrency, they actually launch a mechanism for the legalization of cryptocurrency in Russia. But, in my opinion, the Bank of Russia will seriously resist this," said Golikov.

However, in international practice, there are already many precedents for the confiscation of cryptocurrency by a court decision, despite the fact that the regulation of cryptocurrency is not legislatively introduced.

Even now, Russian courts and investigators have to deal with cryptocurrencies, despite the fact that virtual money does not have official status. For example, the Central Bank insisted that the hidden income from the Russian markets can be withdrawn to other countries through cryptocurrencies. In addition, in February 2019, the Plenum of the Supreme Court of the Russian Federation extended the punishment for the legalization of criminal proceeds to electronic assets.

Recall that in 2018, President Vladimir Putin said that Russia should "carefully and cautiously" monitor the sphere of cryptocurrencies. At the same time, the position of the Central Bank of Russia was that electronic money can not be a means of payment. An interesting fact is that in Belarus, in 2017, a decree “On the Development of the Digital Economy” was adopted, which recognized cryptocurrency as property.

Russia accused of making harassing phone calls to families of NATO soldiers


NATO soldiers stationed in the Baltic States regularly complain that they and their families are victims of unknown Internet trolls and receive frightening anonymous calls. The last such incident occurred with Danish soldiers in late October. The command is confident that Russia is behind the attacks. NATO is preparing to allocate additional millions of euros for the information war.

NATO International Battalion based in Estonia is led by the UK. The soldiers say that since 2017 when they were transferred to the Baltic States they received unpleasant messages from unknown persons via Facebook and Twitter, as well as on personal phone numbers.

The command of NATO believes that it is the Russian bots that troll the soldiers. At the same time, the leadership of the Alliance fears that Russian agents are armed with special devices with portable antennas that allow hacking mobile phones of military personnel to access the information contained in them.

American officers believe that while they were in Estonia, someone was tracking their geo-location on their smartphones. In turn, pilots from the Netherlands complained that during their work in the Baltic States, their wives and girlfriends received anonymous calls with provocative questions, for example, "Do you know what your husband is doing here?" or "Maybe he should leave?". Americans tend to blame the Russian special services for such intrigues. The Dutch also have no doubt that it was the Russians.

In Holland, the harassment case is being considered with "great seriousness," says Colonel Jens Hvid Lenborg.

"The case is serious, as it concerns families, and, in addition, because the callers generally know whose families they are," the military said.
Danish Minister of Defense Trine Brahmsen called it "a cynical violation of all agreements to protect civilians, women and children."

According to Russia expert Flemming Splidsboel Hansen, collecting information about soldiers and their families is part of modern war, for which any defense should be prepared.
Recall that since 2014, NATO stated that it considers Russia its strategic enemy. After that, the North Atlantic Alliance announced an increase in its military presence near the Western borders of Russia.

The Ministry of Internal Affairs of Russia to create a Department to combat crimes in the IT-sphere


The Ministry of Internal Affairs will have units to combat crimes committed using IT-technologies. Units will be formed without increasing the staff.

This decision was made by Vladimir Kolokoltsev, the Minister of Internal Affairs of the Russian Federation, at a meeting of the Collegium of the Ministry of Internal Affairs of Russia, which was held as a video conference with all regions of the country. The meeting was attended by representatives of the Central Bank of the Russian Federation, the Ministry of Finance, Roskomnadzor, Rosfinmonitoring and a number of leading financial institutions.

The purpose of the creation of such units is to increase the efficiency of the prevention and suppression of crimes in the IT-sphere, as well as improving the skills and training of the most trained employees in identifying, revealing and investigating crimes committed using information and telecommunication technologies.

According to the Ministry of Internal Affairs, every seventh crime in Russia is committed in the field of IT-technologies. Law enforcement agencies in recent years have noted an increase in the number of crimes committed using the Internet, including fraud, drug distribution, theft of funds and other crimes.

At the moment, Vladimir Kolokoltsev instructed the heads of operational headquarters to prepare documents that will determine the structure, powers and functions of the new units to combat cybercrime.

Currently, the Office “K” of the Ministry of Internal Affairs is engaged in crimes in the field of information technology. In particular, the employees of this Department are engaged in the fight against illegal trafficking in electronic equipment and special technical equipment.

Earlier, E Hacking News reported that the Ministry of Internal Affairs will create a portal for complaints against hackers. The resource will be continuously and automatically collect data about the threats.

How the Internet isolation law will change the life of Russian business


On November 1, the law on the isolation of the Runet came into force. Some companies spend millions to switch to Russian servers and local social networks, while others completely shut down business in the country.

The Runet isolation will affect all Russian business, but only Telecom operators must install special equipment to monitor cyber threats at the state’s expense. The State financed about 30 billion rubles ($ 460 000 000) for its execution.

According to Alexandra Kurdyumova, senior partner at Versus.legal law firm, we are talking about devices and software that works on the principle of DPI (deep packet inspection). The technology monitors not only where the traffic is going, but also analyzes its contents.

"If something seems suspicious to Roskomnadzor, it will be able to disable the malicious resource without the participation of Telecom operators," explains Kurdyumova.

New features of the regulator alerted the entire network business. If the company's website runs on a foreign server (for example, Amazon), uses Google Analytics for data analysis or conducts sales via Instagram or other foreign social networks, it risks losing access to usual tools, if Roskomnadzor wants it.

“I see a lot of risks in the law on the isolation of the Runet. Therefore, within six months we will transport employees to the United States and Poland. About 10% of employees will remain in Russia so far to support current customers”, said Roman Kumar Vyas, founder of the marketing Agency Qmarketing and co-owner of the cleaning service Qlean.

According to Albert Oskanov, co-founder and CEO of Oskelly clothing marketplace, the authors of the bill do not quite understand what they are going to do, do not realize the consequences. Their actions can lead to serious disruptions in the work of some Russian companies.

Sergey Demin, IT Director of IT outsourcing company G-Support, believes that the centralization of the network infrastructure does not make it more stable, but bites it. A very easy target appears for hackers. As a result, users will migrate to the Darknet and there will be constant attacks on the IT infrastructure of regulatory authorities.

Russian school hackers hacked the NATO website


Russian hackers who are members of the well-known on the Internet 2ch imageboard hacked the website of NATO Rapid Deployable Corps Italy. This is one of NATO’s most combat-ready formations on the European continent.

Unlike Russian military units and formations, NATO formations have direct access to the Internet and even their own websites linked to each other via the Internet. Russian school hackers from the 2ch portal took advantage of this loophole to guide the Italian Corps website.

Hackers renamed the name of the corps, it began to be named NATO Rapid Deployable Corps 2ch.

Then they added the name of their organization 2ch to the number of special forces that are part of the corps. And finally, the name and biography of the corps commander, Lieutenant General Roberto Perretti, were replaced with the data of the administrator of 2ch portal Nariman Namazov, better known under the nickname Abu. Thus, the Russian hacker commanded the Italian NATO corps for some time.
In addition, hackers added a video "Appeal to Obama" in the section with videos, where a drunk Russian man threatens the ex-President of the United States, and a modified anthem of Russia was set as background music.

It is hard to say how far the hackers got into the system and what were the true goals of the hacking arranged as petty hooliganism.

Note that NATO Rapid Deployable Corps Italy, whose website was hacked, is one of the nine rapid deployment corps. They include the most high-tech units of the member countries of the Alliance, including special forces units. One of these units is the Italian corps. It includes a number of Italian special forces, including the one known as Vittorio Veneto, the best special unit of the Italian Bersaglieri. In addition to the Italian parts of the corps subordinated Hungarian, Slovenian, Greek and one of the British special forces units.

The task of the Italian corps is to control southern Europe and North Africa, as well as the organization of special operations in these territories.

Russian Companies infected by a virus masquerading as accounting documents


In September, Russian companies faced the problem of malicious software disguised as accounting documents. The launch of the virus led to leaks of personal data of users and the connection their computers to the botnet. Check Point company claims that 15.3% of Russian Internet users received such letters only in a month.

According to Check Point, the Pony malware has been activated since the beginning of the business season, in September, and was in second place on the list of the most active malware by the end of the month.

The company said that Pony was distributed via email through malicious EXE files simulating accounting requests. Topics and titles of such letters were called something like this: "Closing documents Tuesday" and "Documents September". Pony is able to steal user credentials, monitor system and network operations, install additional malware and turn devices into a botnet.

Specialists of Rostelecom-Solar recorded in September phishing emails with similar titles, confirms Igor Zalevsky, the head of the Solar JSOC incident investigation department.

"The simplest and most effective defense against such attacks is content filtering on the mail gateway. It is necessary to stop sending executable files of any format by e-mail," emphasizes Mr. Zalevsky.

Attacks like Pony are standard practice, said Vladimir Ulyanov, the head of the Zecurion analytical center. According to him, such malware is easier to monetize because accountants work with important data, but are not always well aware of information security risks.

"All companies work with closing documents, but not all employees know what these documents look like," explains Mr. Ulyanov.

The expert is sure that it is necessary to deal with such attacks and raising staff awareness.

Pony belongs to spyware, and it is included in the top 3 types of malicious software used by cybercriminals. So, according to the rating, Cryptoloot is in the first place in the top of the most aggressive malware in Russia, which uses other people's computers and their resources for mining cryptocurrencies. The XMRig malware is in third place, which is also used for mining.