SBU jointly with foreign colleagues blocks activity of powerful hacker group (video)
The SBU officers in cooperation with US colleagues blocked an activity of a powerful hacker group. The SBU Acting Head Ivan Bakanov reported at briefing.
The SBU operatives established that the group members organized and for a long time (since 2007) provided hackers and other criminals with virtual services, enabling them to conduct free illegal activity on the Internet in the territory of Ukraine. The criminals used Dark Net - a part of the Internet hidden from ordinary users, where it is possible to anonymously buy weapons, drugs, etc.
Many have heard of Dark Net - a part of the Internet network hidden from ordinary citizens, where it is possible to anonymously buy weapons, drugs, etc. Unlike ordinary citizens, the law enforcers usually are entitled to disclose a perpetrator by asking the necessary information from the Internet service provider. But it is not about Dark Net, which is based on the so-called "bulletproof web hosting", that is, a hosting that does not respond eighter to the law enforcers requests, nor to the rightholders complaints. This hosting is almost impossible to find because of complicated masking technologies (both physical and virtual) and interface features.
For several days, those who not only heard, but also used Dark Net are panicking and attempting to contact the organizers of "bulletproof web hosting", which we recently neutralized in Odesa, “since hundreds or even thousands illegal Internet attempts against citizens of Ukraine, the USA, Japan and Europe, their authorities and management, objects of critical infrastructure were blocked", - Ivan Bakanov said.
The SBU operatives established that the organizer of the group is a citizen of Ukraine, who got his first hacking experience in Moscow in the mid-2000s. Already in 2007, he began to provide his services to hackers around the world through Ukrainian networks, carefully hiding the actual location of his equipment from law enforcement and special services of any country. The equipment was from time to time exposed by Ukrainian, Russian, American law enforcers, they seized it, temporarily stopped activities, but the hacker group soon continued to operate.
Today, the group consist of about 10 key participants and dozens of associates, intermediaries in a number of countries, as well as thousands of customers. "They are worried about the fact that hundreds of terabytes of data are in the hands of special services, which could appear to be evidence for hundreds of criminal cases all over the world. According to our estimates, it may be about 40% of Russian-language Dark Net segment,“ said the SBU acting Head.
Only in the United States, legal proceeding for total imprisonment term amounting to 50 years has been issued against this citizen of Ukraine. He is accused of fraud, unauthorized interference, personal data theft and a number of other crimes under American Criminal Law.
In Ukraine, the organizer and another group member were served notice of suspicion of committing crimes stipulated by Part 2 of Art. 361 and Part 3 of Art. 301 of the Criminal Ukraine, and a house imprisonment was chosen as a measure of restraint.
In spite of complex documenting mechanism related to imperfect domestic legislation in the cyberspace, the SBU operatives together with the investigators of the State Investigation Bureau and prosecutors of the General Prosecutor's Office of Ukraine managed to gather the necessary evidence regarding the involvement of criminals in grave crimes committing.
During authorized investigations was found real data centre with self-contained back-up power source, security, and strong Internet access channels, which was thoroughly hidden in the private residence near Odesa. “Almost 150 servers were seized from this data-centre. It hosted thousands of hacking resources, some of them remained encrypted, many resources were configured in such a way as not to keep traces of criminal activity," said Mykola Kuleshov, the head of the SBU Cyber and Information Security Department.
A preliminary examination of network equipment and estimation of range of IP-addresses used by the group indicates at least three self-contained systems reserved by Russian enterprises. Taking into account present counter-intelligence regime in Russia, as well as the technological features of SORM-3 organization and construction, the possession and management of this number resource by the group could not take place without the control and cover of Russian special services. This information allows the SBU to get a clearer picture of the schemes of cyber attacks on Ukrainian critical infrastructure facilities, about the role of Russian special services in cyber attacks against other countries.
Cyber-security in the international space is a collective task and there is no country that can alone effectively defend itself against cyber threats. “The SBU is ready to cooperate with our foreign partners. We are grateful to the FBI representatives and the United States Secret Service present in this room, who immediately expressed readiness for full assistance in our investigation”, - Ivan Bakanov mentioned.
SBU Press Centre
For the Attention of the SBU Head