Search This Blog

Showing posts with label Russian Cyber Security. Show all posts

Group-IB reported attempts to hack Telegram of Russian entrepreneurs


The company specializing in the investigation of cybercrime Group-IB reported that attackers attempted to hack correspondence of Telegram messenger, and Russian entrepreneurs became the target of cyberattacks.

As the experts explained, at the end of 2019 several Russian entrepreneurs turned to them for help, who faced the problem of unauthorized access by unknown persons to their correspondence in the Telegram messenger.

The incidents occurred on iOS and Android, regardless of the carrier used. Group-IB believes that the attackers were able to view and copy activation codes from SMS messages that Telegram sends when activated on a new device.

Technically, the cyber attack could have been carried out using a vulnerability in the SS7 Protocol. However, attacks on SS7 are rare.

“It is much more difficult to implement such an attack, it requires certain qualifications in the field of data transmission networks and their protocols,” explained Kaspersky Lab’s antivirus expert Viktor Chebyshev.

"The attack began when a message was sent to the Telegram messenger from the Telegram service channel (this is the official messenger channel with a blue verification tick) with a confirmation code that the user did not request. After that, an SMS with an activation code was sent to the victim’s smartphone, and almost immediately a notification came to the Telegram service channel that the account was logged in from a new device,” reported Group-IB.

It is known that other people's accounts were hacked through the mobile Internet, the IP address of the attackers was most often determined in the city of Samara.

It is assumed that the attackers used disposable SIM cards. They deliberately sent SMS with the code, intercepted it and authorized in Telegram. They could buy access to tools for hacking in the Darknet from 100 thousand rubles ($1,565).

The company drew attention to the fact that in all cases, SMS messages were the only authorization factor on devices affected by hacking attempts. Accordingly, such an attack can only be successful if the “Cloud Password” or “Two-step verification” options are not activated in the Telegram settings on the smartphone.

According to anti-virus expert Viktor Chebyshev, Telegram is consistently included in the list of applications targeted by cybercriminals in various spy campaigns. Such an attack can allow attackers to gain access to the correspondence of specific people.

Rostelecom to setup honeypot to deal with hackers


The largest Russian provider of digital services and services Rostelecom offered telecom operators to set traps for hackers - honeypots.

The concept of creating a new cyberattack warning system was presented at a meeting of the Information Security working group as part of the Digital Economy national project.

It is known that we are talking about creating special software that will simulate the vulnerability of the server, seeing which hackers try to hack the network of companies. At this time, the program will record all the actions of the attacker and send them to specialists. Experts of Rostelecom are sure that in this way it will be possible to collect information about new methods of hacking.

Operators must set these traps themselves and exchange data with other companies. At the same time, Rostelecom's concept does not imply state financing of the project, and the company does not specify the cost of the entire system.

According to the head of the Russian research center Kaspersky Lab Yuri Namestnikov, businessmen will incur minor expenses. Basically, the money will be used to select specialists and improve servers and security.

IT-experts call telecom operators one of the most interested users of honeypots.  Positive Technologies expert Dmitry Kasymov said that telecom operator can’t be called secure in principle. "During the conduction security audits, we identify many vulnerabilities that allow attackers to leave subscribers without communication, listen to their conversations and intercept SMS, use communication services at their expense and even bypass the operator's billing systems.

These security flaws are already being exploited by hackers, even for stealing money from Bank accounts," explained he.

So, many Russian mobile operators supported Rostelecom's initiative to create a system of honeypots, as the infrastructure of these telecommunications companies still suffers from cybercriminals.

However, Kaspersky Lab experts warn that misuse of the honeypot concept can be dangerous. If you do not configure this type of system properly, it can become a source of additional threats to the network infrastructure.

Russian banks discovered a new virus to steal money


From this year, hackers began to use new viruses that can enter the bank’s application on a mobile device and withdraw money from the victim’s account. Two Russian banks have already reported on this type of fraud.

Hackers use a new type of attack for the Android operating system. Fraudsters disguise viruses as applications or distribute them as links. After downloading and installing such a file, the virus begins to perform its functions without the user's knowledge. The programs are able to automatically transfer money from the victim's account to cybercriminals through the available mobile banking application.
Group-IB specialists first discovered such an attack in the spring of 2019. Then the new mobile Trojan Gustuff was modified, which appeared in December 2018 and created by a Russian-speaking hacker. This type of virus, experts noted, threatened only 100 foreign banks.

A new type of Trojan attacked at least two Russian banks in 2019 - Moscow Credit Bank and Post Bank. Representatives of the first noted that there are few cases of theft. The second confirmed one-time problems and talked about preventing fraud.

"From July 2018 to June 2019, hackers were able to steal 110 million rubles (1,7 million $) with the help of Trojans for Android," reported Group-IB.
However, compared to the same period last year, the indicator fell by 43%. It is reported that now hackers have mainly switched to the international market and only in rare cases continue to modify the application to attack the Russians.

According to the representative of Group-IB, the activity of Trojans in Russia decreased after the detention of the owners of the largest Android botnets, as a result of which hackers switched to the international market.

"However, some attackers modify applications and sell Trojans for subsequent attacks on users in Russia. This is a rare practice."

Earlier, the head of the Computer Security Association, Roman Romachev, said that data leaks will continue until banks become responsible for this.

Hackers stole half a million profiles from a Russian job search site


The hacker forums got a database of users of the portal jobinmoscow.ru. According to the founder and technical director of Device Lock, Ashot Hovhannisyan, the database has logins and passwords for 500,000 users in addition to the publicly available information.

Media noted that some logins and passwords were relevant, if you enter some of them, you could get to the pages of portal users. After the journalist informed the site representative about this, it became impossible to enter the accounts.

However, the company owning the site from which the leak occurred confirmed the information about the data leak.

"A quick analysis of the situation showed that there are no violations of the law on our part. Our experts analyze any possible threats to the technical security of the site and take the necessary steps to prevent unauthorized use of the site," commented on the leak, Forex Consulting CEO Yuri Mozgovenko.

Experts reported that the personal data of customers of the site can be used in the black market of fake employment. Scammers can call applicants and promise a job, but for the final stage of hiring, they will ask to pay a small amount.

In addition, the leak of passwords creates a vulnerability for social networks of users, they can be hacked. Experts also note that the resume contains not only personal information about the applicant but also data about former employers. As a result of such a leak, it becomes possible to replace the resume or vacancies of a particular company to damage its business reputation.

However, experts do not see significant threats in such data leaks.
According to jobinmoscow.ru, more than 566,000 vacancies from 209,000 companies were posted, as well as more than 195,000 resumes.

The data of Alfa-Bank's clients is sold on the black market


The data of Alfa-Bank credit card holders, as well as Alfa Insurance customers came up for sale in the Darknet. The bank confirmed the leak saying that it affects a few customers and does not pose a threat to the money in the accounts.

Seller who published the ad on a hacker forum said that he has up-to-date data on about 3,500 Alfa-Bank customers and about 3,000 Alfa Insurance customers. The ad was published on October 31, the seller registered there on the same day.

To verify the data, the seller suggested to look at 23 contracts. They contained the full name, mobile phone number, passport data, registration address, the amount of credit limit or issued insurance, the subject of insurance, as well as the date of conclusion of the contract. According to the seller, all contracts of Alfa-Bank are issued in October.

When the investigator tried to transfer money by phone number, in 11 of the 13 credit card contracts, the names and first letters of the surnames matched. Also he phoned up nine customers, most of them confirmed that they had recently issued a credit card at Alfa Bank. Fraudsters have already managed to make a call to one of the clients, after which he blocked the card.

Alfa-Bank confirmed the leak. "At the moment, it is reliably known about the illegal distribution of personal data of 15 clients. The occurrence of this situation is not the result of a violation of the protection of the corporate information system of the Bank, " - said the representative of the Bank.

According to him, the leak does not pose a threat to customer accounts, as it does not have data to access them.

Indeed, the contracts do not contain card numbers and CVV-codes, so fraudsters will not be able to get direct access to the money. However, they can use the information to call a customer under the guise of a Bank and find out the necessary information to steal money.
Alfa Insurance has introduced additional security measures and is investigating the publication of customer data.

Recall, in early October Sberbank confirmed of credit card accounts, which affects at least 200 customers of the Bank. It was announced that 60 million credit cards were in the public domain.

The Ministry of Internal Affairs of Russia to create a Department to combat crimes in the IT-sphere


The Ministry of Internal Affairs will have units to combat crimes committed using IT-technologies. Units will be formed without increasing the staff.

This decision was made by Vladimir Kolokoltsev, the Minister of Internal Affairs of the Russian Federation, at a meeting of the Collegium of the Ministry of Internal Affairs of Russia, which was held as a video conference with all regions of the country. The meeting was attended by representatives of the Central Bank of the Russian Federation, the Ministry of Finance, Roskomnadzor, Rosfinmonitoring and a number of leading financial institutions.

The purpose of the creation of such units is to increase the efficiency of the prevention and suppression of crimes in the IT-sphere, as well as improving the skills and training of the most trained employees in identifying, revealing and investigating crimes committed using information and telecommunication technologies.

According to the Ministry of Internal Affairs, every seventh crime in Russia is committed in the field of IT-technologies. Law enforcement agencies in recent years have noted an increase in the number of crimes committed using the Internet, including fraud, drug distribution, theft of funds and other crimes.

At the moment, Vladimir Kolokoltsev instructed the heads of operational headquarters to prepare documents that will determine the structure, powers and functions of the new units to combat cybercrime.

Currently, the Office “K” of the Ministry of Internal Affairs is engaged in crimes in the field of information technology. In particular, the employees of this Department are engaged in the fight against illegal trafficking in electronic equipment and special technical equipment.

Earlier, E Hacking News reported that the Ministry of Internal Affairs will create a portal for complaints against hackers. The resource will be continuously and automatically collect data about the threats.

How the Internet isolation law will change the life of Russian business


On November 1, the law on the isolation of the Runet came into force. Some companies spend millions to switch to Russian servers and local social networks, while others completely shut down business in the country.

The Runet isolation will affect all Russian business, but only Telecom operators must install special equipment to monitor cyber threats at the state’s expense. The State financed about 30 billion rubles ($ 460 000 000) for its execution.

According to Alexandra Kurdyumova, senior partner at Versus.legal law firm, we are talking about devices and software that works on the principle of DPI (deep packet inspection). The technology monitors not only where the traffic is going, but also analyzes its contents.

"If something seems suspicious to Roskomnadzor, it will be able to disable the malicious resource without the participation of Telecom operators," explains Kurdyumova.

New features of the regulator alerted the entire network business. If the company's website runs on a foreign server (for example, Amazon), uses Google Analytics for data analysis or conducts sales via Instagram or other foreign social networks, it risks losing access to usual tools, if Roskomnadzor wants it.

“I see a lot of risks in the law on the isolation of the Runet. Therefore, within six months we will transport employees to the United States and Poland. About 10% of employees will remain in Russia so far to support current customers”, said Roman Kumar Vyas, founder of the marketing Agency Qmarketing and co-owner of the cleaning service Qlean.

According to Albert Oskanov, co-founder and CEO of Oskelly clothing marketplace, the authors of the bill do not quite understand what they are going to do, do not realize the consequences. Their actions can lead to serious disruptions in the work of some Russian companies.

Sergey Demin, IT Director of IT outsourcing company G-Support, believes that the centralization of the network infrastructure does not make it more stable, but bites it. A very easy target appears for hackers. As a result, users will migrate to the Darknet and there will be constant attacks on the IT infrastructure of regulatory authorities.

Russian Companies infected by a virus masquerading as accounting documents


In September, Russian companies faced the problem of malicious software disguised as accounting documents. The launch of the virus led to leaks of personal data of users and the connection their computers to the botnet. Check Point company claims that 15.3% of Russian Internet users received such letters only in a month.

According to Check Point, the Pony malware has been activated since the beginning of the business season, in September, and was in second place on the list of the most active malware by the end of the month.

The company said that Pony was distributed via email through malicious EXE files simulating accounting requests. Topics and titles of such letters were called something like this: "Closing documents Tuesday" and "Documents September". Pony is able to steal user credentials, monitor system and network operations, install additional malware and turn devices into a botnet.

Specialists of Rostelecom-Solar recorded in September phishing emails with similar titles, confirms Igor Zalevsky, the head of the Solar JSOC incident investigation department.

"The simplest and most effective defense against such attacks is content filtering on the mail gateway. It is necessary to stop sending executable files of any format by e-mail," emphasizes Mr. Zalevsky.

Attacks like Pony are standard practice, said Vladimir Ulyanov, the head of the Zecurion analytical center. According to him, such malware is easier to monetize because accountants work with important data, but are not always well aware of information security risks.

"All companies work with closing documents, but not all employees know what these documents look like," explains Mr. Ulyanov.

The expert is sure that it is necessary to deal with such attacks and raising staff awareness.

Pony belongs to spyware, and it is included in the top 3 types of malicious software used by cybercriminals. So, according to the rating, Cryptoloot is in the first place in the top of the most aggressive malware in Russia, which uses other people's computers and their resources for mining cryptocurrencies. The XMRig malware is in third place, which is also used for mining.

Credit histories of a million Russians were in the public domain


The microfinance company’s database with passport data, phone numbers and residential addresses was made publicly available.

Credit histories of more than 1 million Russians with data of mobile operators obtained from the Bureau of Credit Histories (BKI) were in the public domain since the end of August. Independent cybersecurity researcher Bob Dyachenko first discovered this data on October 10. According to him, he reported a problem to the BKI, after which the database was closed.

However, it is not known whether anyone had time to download the publicly available information. As Dyachenko noted, specialized search engines indexed it on August 28.

According to media reports, the database could belong to GreenMoney microfinance company, which gave the online loans. It contains passport data of borrowers, other documents, addresses of registration and actual place of residence, phone numbers, information about loans.

GreenMoney CEO Andrei Lutsyk said that an audit is being carried out on what happened. According to him, the company complies with all requirements for the storage and processing of personal data provided by law.

Information security expert Vitaliy Vekhov noted that any leak of personal data carries risks for its owners. In this case, he believes, it is important to understand exactly what information appeared on the Internet.

"For example, passport data alone do not carry anything. According to a photocopy of the passport, as you know, nothing can be issued. If we are talking about the data of Bank cards, they can be used only if there is a CVV code, and it is not in the data of credit histories," the expert explained.

According to Vekhov, at the same time attackers can freely use any data with the help of certain resources.

It is interesting to note that the company GreenMoney in mid-September was deleted from the register of the Monetary Financial Institutions (MFIs) for numerous violations.

The data of almost 9 million customers of Russian mobile operator Beeline was in the public domain


The database of 8.7 million former and current Beeline mobile customers was in the public domain. The test showed that the data is relevant. This database contains data of customers who connected Beeline home Internet. According to the press service of the mobile operator reported that the data leak was recorded in 2017, and the perpetrators were identified. Beeline assured that now most of the information is outdated data.

According to experts, the information in the database is enough for attacks using social engineering methods, and there are still no ways to deal with fraudsters of this kind.

According to the Beeline press service, the company immediately established an operational headquarters to investigate the situation.

"Part of the information in the distributed archive does contain the data of the subscriber base of customers, however, a significant part of the information is outdated and irrelevant," the company said.

They also noted that Beeline’s customer base at the end of the second quarter of 2019 was 2.5 million subscribers, and not eight million, as attackers say.

The company assured that they are making every effort to ensure that this does not happen again.

"We appealed to all file-sharing resources where information about customers was posted. Many of them immediately agreed to remove it," Beeline said.

It is noted that the criminals are trying to re-publish the data, which indicates their desire to discredit the company.

"Our security service is investigating this incident, we will be grateful for any information that will help this work, both from our customers and from colleagues in the market," the press service said.

It also reported that the company is working closely with the competent authorities and agencies to prevent the disclosure of personal data not only of its customers, but also customers of all Telecom operators.

The company assures that outsiders do not have the opportunity to carry out transactions with the accounts and tariffs of their customers.

Russia planning to introduce tax on cryptocurrencies


The Russian Banking Community has found a way to legalise cryptocurrencies. To do this, it is necessary to legally recognise the mining of digital money as an analogy of the occupation of property or treasure.

"Legally, it could be argued that the first owner of the cryptocurrency "found them", because the receipt from an anonymous system can be conditionally considered a finding,”— EhakingNews quoted the ARB report on «The Concept of Decentralized Cryptocurrency Turnover». Discussion of this document is scheduled for 8 October.

However, the acquirer of digital money does not just seize or find them as a ready-made object. Cryptocurrency arises as a result of mining, that is, human activity. In fact, he creates it himself, explained Anatoly Kozlachkov, the author of the report, Vice-President of ARB.

Based on this, cryptocurrency can be introduced into Russian law as “newly created” (includes property independently produced by a citizen).

Then it can be used in barter transactions and taxed, said Anatoly Kozlachkov.

This is a fair approach, said Andrey Ermolaev, partner of KPMG. According to him, it is impossible to equate cryptocurrencies with ordinary money because it is an investment, and the growth of the value of the paper is always considered as a taxable base.

According to a legal expert Elena Avakyan, an example is a German model involving the payment of tax in the cryptocurrency in which the income is received.

Yuri Brisov, founder of LFCS (Legal Support), called the ARB proposal "the biggest mistake in the list of initiatives of all the time".

"Cryptocurrency received as a result of mining is a payment of remuneration, but not a finding," explained Brisov.

Synergy Research Group Deputy Director-General for Legal Issues and Technologies, Peter Lyalin, also sharply criticized the proposal of the Association of Russian Banks (ARB). He proposed to equate mining to the production of goods, as is practiced, for example, in Australia and Canada.

"I consider the initiative unworked and superficial. It seems that such a proposal was made without taking into account the specifics of the mining as a cryptocurrency mining activity," the expert suggested.

Experts agreed that the initiative of the Association of Russian Banks (ARB) requires further refinement.

Roskomnadzor began the installation of equipment for the isolation of the Russian Internet (Runet)


The Federal Service for Supervision of Communications, Information Technology and Mass Media (Roscomnadzor) started testing the equipment for implementation of the law on the isolation of Runet. The pilot project is planned to be completed by mid-October.

According to the head of Roskomnadzor Alexander Zharov, all major mobile operators in Russia have joined the Roskomnadzor project for testing the equipment and now the equipment is being installed.

Zharov said that the experiment will be carried out on the equipment of the manufacturer that has already passed all the tests. Now there is an experiment with two more manufacturers, he added. According to Zharov, among them is company RDP.ru. It is interesting to note that the development of the company RDP.ru was recognized as the most effective in the tests of blocking the Telegram messenger.

"We will be testing it for several weeks from the end of September," Zharov said. According to him, the experiment will not be conducted in all of Russia, but testing will take place in one of the regions. The name of the region was not disclosed.

The head of the Service said that they would tell about the results of the experiment in mid-October, but so far he cannot disclose all the details.

"My reluctance to speak is due solely to information security issues," he stressed.
Also, during the conversation with journalists Zharov said that the creation of a Center for monitoring and managing a public communications network is proceeding as planned.

In November, the law on the isolation of the Runet, adopted in the spring, will come into force. According to the document, Roskomnadzor will be able to control all data transmission points abroad and traffic routing using special equipment. Although the law will enter into force in November, Roskomnadzor began to prepare in advance the rules for its application.

Recall that on May 1, Vladimir Putin signed a law on the isolation of the Runet. According to this law, Roskomnadzor assumes all the authority for managing networks in case of threats to the Russian Internet. In addition, Roskomnadzor has the right to directly block websites with prohibited information.

The Kremlin called the document a precautionary measure. Federation Council speaker Valentina Matvienko stressed that the authorities do not intend to restrict Internet access to Russians.
The Ministry of Сommunications has identified a list of threats in which the Runet can go into a centralized control mode. In particular, when there are threats to integrity (when it is impossible to establish a connection between users), stability (when part of the equipment fails or natural or man-made disasters occur) and security (when someone tries to break into the equipment of providers or has a “destabilizing internal or external information impact” on communication network).

Russian hacker accused the ex-employee of Kaspersky Lab of forced hacking


Hacker, who has been in the pretrial detention center for the fifth year, made a statement to the head of the Investigative Committee of Russia. He insists that his case was fabricated with the participation of a Kaspersky Lab convicted of high treason along with FSB officers.

Russian hacker Dmitry Popelysh, accused of stealing money from the accounts of Sberbank and VTB together with his twin brother Eugene, said that he sent a complaint to the head of the Russian Investigative Committee. According to the hacker, the criminal case against him and his twin brother was fabricated.

The hacker said that ex-employee of Kaspersky Lab Stoyanov blackmailed and threatened him. Later, he demanded that brothers Popelysh provide technical support to some servers.

It is reported that mentions of an unknown employee who forced the hackers to commit hacks is in the surrender of Popelysh for 2015. However, this information was not verified by the investigation.

Previously, Stoyanov was the head of the computer incident investigation Department at Kaspersky Lab. He also participated in the examination of case of Popelysh.

The representative of Kaspersky Lab told that the company is not aware of Dmitry Popelysh’s appeal to the Investigative Committee.

Recall that in 2012 the brothers Popelysh were convicted of embezzlement of 13 million rubles from customers of banks. In 2015, they were again detained and accused of creating and actively using malware. According to the case, the men stole about 12.5 million rubles ($195,000) in two years. In the summer of 2018, they were sentenced to eight years. In 2019, the sentence was canceled in connection with "violations committed during the preliminary investigation." In total, they have been detained for four years and four months.

It is interesting to note that Dmitry Popelysh is already the second Russian hacker who publicly stated that experts investigating his criminal case forced him to commit hacks. Konstantin Kozlovsky, who has been in a pretrial detention center since May 2016 on charges of organizing a hacker group Lurk, claimed that he was recruited by FSB in 2008 and done various cyber attacks for a long time. He also mentioned that his supervisor was FSB major Dmitry Dokuchaev.

Putin's spokesman acknowledged the security of communications on Telegram


Communicate on Telegram is safer than on WhatsApp, said Dmitry Peskov, the special representative of the President of the Russian Federation on digital and technological development.

Recall that on September 16, Edward Snowden, a former employee of the US National Security Agency (NSA), who was granted asylum in Russia, said in an interview with a French radio station that senior officials should not use the WhatsApp messenger due to the low level of encryption. However, he added, both WhatsApp and Telegram are better than SMS or other unencrypted messages.

According to Peskov, Telegram messenger is superior to WhatsApp in terms of security, although there are no means of communication that guarantee absolute security.

"Absolutely safe means of communication does not exist. Until we made a quantum messenger, there are no safe means, " Peskov said.

Peskov also said that there is no ready-made solution for the domestic messenger for civil servants in Russia, however, there is a sense in such an application, and it will be useful.

"If we understand the physical possibility, then, of course, we will create messengers based on quantum technologies for civil servants in the Russian Federation. But for now, this is too long a story," Peskov added.

Peskov noted that at the present time Mail.ru and Sberbank are working on the creation of the Russian messenger. According to Peskov, "there are some serious developments of the domestic messengers: much work is being done in the company Mail.ru and there is a big project in Sberbank. I have not seen a solution that would be ready for implementation now."

"But, choosing between using the WhatsApp solution and using the Telegram solution, the choice of the Telegram solution from the point of view of communication security is completely obvious," said the special representative of the President of the Russian Federation.

He added that he uses both messengers.

The Central Bank of Russia will fine banks for weak cyber defense


On September 12, 2019, it became known that the Central Bank has a new punishment for banks for poor cyber defense.  By the end of the year, the Central Bank will launch a new feature for credit institutions, it will be the risk profile on the level of information security.

This indicator, according to Artem Sychev, the first Deputy Director of the Information Security Department of the Bank of Russia, will show the likelihood of problems for the Bank due to non-compliance with cybersecurity standards.

The risk profile will be formed on the basis of four characteristics, including the share of unauthorised card transactions and the bank's readiness to repel an attack. In addition, the risk profile will be taken into account in assessing the economic situation of the bank along with the amount of capital, profitability, liquidity, quality of management, etc.

Depending on the risk profile on the level of cyber security, the Central Bank will give recommendations to banks.

The calculation of the risk profile will allow us to evaluate how the bank’s management responds to emerging cyber threats, the Central Bank added.

A financial institution that receives a low-risk profile will have consequences ranging from enhanced supervision to penalties. Moreover, this will affect the loan terms at the interbank market.

Sychev stressed that the Bank of Russia sees a connection between the way the Bank relates to information security issues and its financial stability.

Nobody before in the Russian Federation or in other countries has determined such indicators that help the regulator (the Central Bank) to form an opinion about the situation, whether it achieves the goals of the regulation or not from the point of view of information security,” Sychev explained.

It is worth noting that on September 12, the Bank of Russia recorded a “rather serious” cyber attack on Russian banks from Brazil, said Artem Sychev.

According to him, it was a BIN-attack, in which bank card numbers are generated using a special program.

Sychev noted that the direct interaction of each of the attacked banks separately with the representative of Brazil did not give results. The attacks stopped only after the interaction of the Central Bank with the Brazilian regulator.

Russia suspects Western countries interfered with Internet resources of Russian government agencies


Russia suspects that the Western countries have interfered with the work of Russian government agencies websites, said Russian Foreign Minister Sergei Lavrov, speaking to students and faculty of Moscow State Institute of International Relations and to the Diplomatic Academy of the Ministry of Foreign Affairs. He also confirmed that the topic of information security over the past couple of years has become quite popular.

In addition, Lavrov recalled that Russia was repeatedly accused of hacking American Internet resources. The US authorities are convinced that the Kremlin interfered in the 2016 US presidential election.

According to the Russian Minister, the accusations against Moscow “have not been convincingly confirmed.” Nevertheless, the myth of Russian intervention "continues to spread through the American and Western media and some Western politicians continue to raise this topic."

“We also have a reason, and more serious, to suspect that our Western colleagues are paying increased attention to our Internet resources. And this happened more than once. Representatives of the Central Bank of Russia, Sberbank and other government agencies also spoke about this.” But Lavrov did not give examples of alleged Western intervention.

Recall, the State Duma has prepared a mirror response to accusations of alleged Russian interference in the electoral process in the United States. In August, speaker Vyacheslav Volodin announced the creation of a parliamentary Commission to investigate the facts of foreign interference in the internal Affairs of the Russian Federation. Deputies found two examples of “cynical interference”, these are tweets of Deutsche Welle and the US State Department, which the Foreign Ministry considered calls to participate in unauthorized actions in Moscow. However, Mr. Volodin promised to present other "materials", mentioning, in particular," manuals", which allegedly "were distributed by employees of foreign embassies."

An expert in International Relations doubts that the West will listen to Russian statements about intervention, as Russia does not accept similar accusations of the West.

Ivan Timofeev, the Director of the Russian Council on Foreign Affairs, suggests that in the end there will be people in the West who will say: "Look, Russia is creating the scandal out of nothing. Surely they do it to distract attention from their own interference in other people's elections.”

Russia developed a new protected computer “Elbrus 801M”


Russian developers from the concern "Avtomatika", part of the Russian State Corporation" Rostec", presented a new high-performance monoblock computer “Elbrus 801M” at the XIV International Aviation and Space Show (MAKS)-2019.

According to the developers, “Elbrus 801M” meets all the usual requirements for a modern office computer, but at the same time, this machine is superior to foreign analogs in terms of cybersecurity.

As the developer’s representative explained, the new computer is protected from most hacking methods known today.

According to Rostec, the main users of this monoblock will be government agencies, as well as companies from the defense sector, oil, energy and transport industries.

According to experts, new monoblock “Elbrus 801М” will be in demand by users due to the high level of performance, cyber security and ergonomic characteristics. Experts said that the performance of the monoblock exceeds 120 GFlops. It is noted that the monoblock was created on the basis of the Russian eight-core Central microprocessor “Elbrus-8”.

“We are already ready to take orders for the production of such computers. Our monoblocks based on Russian-made processors are interested in those who need computer equipment with domestic processors, with a high level of protection against cyber attacks,” - said the developer’s Assistant, Konstantin Trushkin.

According to him, the development of the monoblock cost ten times cheaper than foreign industry leaders.

It’s important to note that the motherboard, processor, peripheral controller of the computer are created in Russia. Domestic software is also used: BIOS and Russian-made operating system Elbrus Linux. It is known that “Elbrus 801M” is compatible with 32-bit operating systems, such as Microsoft Windows.

“Most of the known hacker methods of hacking against “Elbrus” do not work. The original command system of monoblock requires the creation of new viruses, which today simply does not exist, they have not yet been developed,” said Trushkin.

By 2020, it is planned to sell several thousand pieces of equipment. In addition, in 2020, an improved “Elbrus” model with a next-generation processor should appear.

Data of almost all employees of Russian Railways were publicly available


The personal data of 703 thousand employees of Russian Railways, from the CEO to the drivers, were publicly available. A few hours later, the site administrator who published the data closed access to it, but this did not prevent their further distribution. The Russian Railways announced the beginning of the inspection.

Note that according to the report for the first half of 2019, the number of employees of Russian Railways amounted to 732 thousand people, thus, in the public domain were full names, addresses, Individual insurance account number (SNILS), phones and even photos of 96% of employees.

However, the representative of Russian Railways assured that the personal data of the passengers were not stolen: "The Ticket Sales System has the protection of personal data of a high degree of reliability.”

The founder and technical director of the company DeviceLock, specializing in the prevention of data leakage from corporate computers, Ashot Hovhannisyan on Tuesday, August 27, reported in his Telegram-channel "Information Leak" and in his blog on the Habr.com that unknown posted in open access personal data of 703 thousand people. At the same time, the attackers added a note to the publication: Thanks to Russian Railways for the information provided by careful handling of personal data of its employees."

The data of Russian Railways employees was published on the website infach[.]me under the title "Slaves of the Railways". At the moment, the website doesn’t work. The infach[.]me domain was registered in February 2018, it allowed users to anonymously publish personal data of other people.

According to the results of the first inspection of the Russian Railways, it became known that the data of the company's employees got into open access after hacking the system. According to one version, cybercriminals hacked servers on which the Personnel Department stored complete information about its employees, including their names, surnames, SNILS, mobile phones, tax identification number. According to another version, attackers hacked the database of the Corporate University of Russian Railways, where almost all employees study. The company said that the incident is an attempt to discredit, but its purpose is still unknown.

It should be noted that the day before also became known about the leakage of data of hundreds of Russians, presumably through the Russian System for Operative Investigative Activities (SORM), with which the security services can read the correspondence of citizens.

Russian-speaking hacker group silence stole 272 million rubles from banks in three years


Russian-speaking hacker group Silence has damaged financial institutions around the world, including Russia, in the amount of $4.2 million over the past three years. This is stated in the report of the international company Group-IB, specialising in the prevention of cyberattacks.

According to Group-IB, for three years (from June 2016 to June 2019), Silence attacked financial institutions in more than 30 countries in Europe and Asia, including Russian banks. As a result, the hacker group was stolen at least 272 million rubles.

As Group-IB noted, the company's specialists continuously monitor the activity of Silence since 2016. As a result, Group-IB discovered that in 2019 the geography of Silence attacks became the largest ever.

Recall that hacker groups Silence and Cobalt performed a large-scale attack on Russian banks in late 2018, they managed to steal $ 20 million.

In addition, in January this year, the hacker group Silence made about 80 thousand malicious mailings to employees of Russian Banks, credit and financial institutions and payment systems. Hackers started sending phishing emails on behalf of "Forum iFin-2019" with an attached ZIP archive, inside of which there is an invitation to the banking forum, as well as a malicious attachment Silence.Downloader aka TrueBot.

On February 7 a hacker attack was committed on the IT Bank of the Russian city Omsk. Hacker group Silence stole 25 million rubles.

During 2018, the General Directorate of protection and information security at the Bank of Russia (FinCERT) repeatedly recorded targeted attacks on credit and financial institutions, which were committed by two major criminal groups - Cobalt and Silence.

For example, cybercriminals performed a large-scale attack on Russian banks in late 2018, they managed to steal $ 20 million. The scammers on behalf of the FinCERT division of the Central Bank sent out malicious documents with macros. In addition, a compromised account of an employee of the company Alfacapital was used.

It is interesting to note that, according to Group-IB, the attackers have now come up with another method for more successful attacks in the future.

Cryptographer hacked an online voting system in Moscow


According to the results of the meeting of the technical working group on electronic voting, it became known that the French cryptographer, who pointed out the shortcomings in the electronic voting system, will receive a reward of one million rubles (15 000$).

Last week it became known that Pierrick Gaudry, an employee of the French National Center for Scientific Research, said that the encryption used in the Russian electronic voting system is “completely unsafe” and can be hacked by attackers in about 20 minutes.

Recall that the Russian Government offered a cash prize of 1.5 million rubles (23 800 $) to a hacker who can hack the electronic voting system.

However, according to Artem Kostyrko, the Deputy Head of the Moscow Department of information technology, nobody, including the French cryptographer, managed to hack the system. However, since Pierrick Gaudry pointed out the weakness of the system and drew attention to its testing, he will receive a reward of one million rubles, provided that no one will be able to hack the system during the next testing on August 21.

Other sources reported that Pierrick hacked the system, as he managed to restore all three secret keys. He has published a command-line script, so anyone can hack the voting system. Therefore internet users repeated the experiment and the calculations took the same amount of time - a little more than 20 minutes. When the private keys are known, decrypting the message becomes a trivial task.

It is interesting to note that before Pierrick published his work, Stanislav Smyshlyaev, the Deputy General Director of the company CryptoPro, stated that any laboratory accredited by the FSB of Russia would have found such a vulnerability. At the same time, Artem Kostyrko at one of the meetings of the technical working group mentioned that the Internet voting system was checked by experts from the FSB. Alexey Venediktov, the member of the Public Chamber of Moscow, claimed that military hackers from the GRU were involved in testing the voting system. However, none of them found the vulnerability.

According to forecasts, about 3 percent of the total number of voters will be able to take advantage of electronic voting in the elections to the Moscow City Duma on September 8. By the way, this is 1 percent more than during the experimental electronic voting in Estonia.

Previously, Ehacking News reported that the team of the Ukranian president Vladimir Zelensky promised to hold the next presidential elections in Ukraine using Estonia's experience in electronic technologies.

It is known that the widespread introduction of electronic technologies has become a kind of visiting card of Estonia and its know-how in the eyes of the world community.