Government and banks have chosen the ways of dealing with hackers

On Friday Dmitry Medvedev held a meeting devoted to cybersecurity in the banking sector. The venue selected was the Central office of Sberbank on Vavilov street. The threat of cybercrime and banking attacks is “transnational in nature”, Medvedev said: “According to some estimates, global losses from cybercrime are about $0.5 trillion, but find them very difficult because not all losses are captured”.

Medvedev admitted that in Russia the number of such crimes is growing, and the experience and strength to resist them is not enough. “To fight such crimes virtually impossible; cyber defense is expensive. To reduce the cyber threat requires a coordinated effort”, he said.

The conference itself was held behind closed doors. It was attended by first Deputy Prime Minister Igor Shuvalov, Finance Minister Anton Siluanov, first Deputy Chairman of Bank of Russia Alexey Simanovsky, the Minister of communications and mass media Nikolai Nikiforov, Deputy interior Minister Alexander Savenkov and the heads of major banks — the presidents of Sberbank and VTB Herman Gref and Andrei Kostin, CEO of Raiffeisenbank Sergei Monin, Chairman of the Board of Rosselkhozbank Dmitry Patrushev, etc.

The meeting was held in the format of the debate, said one of the participants of this meeting: “Made by German Gref, who outlined the scale of the problem: a day on big banks committed hundreds of thousands of attacks”. According to him, Gref pointed out the biggest problem — being a hacker became fashionable, “cool”, and people, especially talented young people go to “work” in this area and proud of it. Gref cited the data that in the world now more than 40 million of cybercriminals and their number is growing. This trend must be reversed, said the head of Sberbank.

The meeting participants proposed several solutions to the problem. The first is to unite the efforts of the government and the banks in terms of educating customers of the banks, to convey to people that a problem like cyber crime exists and everyone should be vigilant. The second proposal, voiced by one of the present members of Gorbaciov, is to give more powers to the Bank of Russia, in particular to allow the controller in the case of fraud (the illegal withdrawal of funds from the accounts) to suspend interbank transactions at any time. The third proposal is to expand the existing activities in the Central Bank of the Center for monitoring and responding to computer attack in credit-financial sphere. “It was suggested to extend it’s functionality”, — confirmed after the meeting Deputy head of the main Directorate of security and information protection of the Central Bank Artem Sychev. The main objective of the centre is to create a global system of fraud, but the details yet, said Sychev .

The center for monitoring and responding to computer attacks in the financial sphere the Bank of Russia has earned 1 June 2015. Headed the new structure Dmitry Frolov, prior to that, seven years of experience in security management of the Central Bank and specialized in preventing cyber attacks and protecting information systems. The center shall notify the banks about possible computer attacks on their sites, as well as to prevent the theft of money from Bank accounts, said earlier the Deputy chief of the main Directorate of security and information protection, Bank of Russia Artem Sychev. “The challenge is to colleagues (banks ) to try to alert you to problems that may arise”, — he said (quoted by RIA news). Then Sychev said that the number of electronic payments in Russia annually grows on average by 10%, while the annual number of attacks on banks are growing at 20%. And added that the KPI for the Centre is, at least, prevent the increase in this percentage.

In addition, you need to change the law, agreed the participants of the meeting. As told Sychev now prepared a bill which will prevent the withdrawal of funds from banks. “Banks should be given the opportunity to exchange information about citizens and companies that are trying to cash stolen Bank funds. CB needs to release a policy that will give banks such a right,” said Sychev. Banks also should be a simple procedure of misappropriated funds. Now it is done by the court, but the procedure can take several years, during which time the money will simply disappear, he said.

According to first Deputy Chairman of RosEvroBank Dmitry Suzdaltsev, long banks should be given the opportunity to exchange information on suspicious customers, and their subsequent blocking. “Now some banks communicate with each other about questionable transactions, but it all takes place on an informal level. The problem is that, even if the Bank will reveal the dubiousness of the payment order, the most he can do is to suspend the execution of the order for a few days” — says Suzdaltsev. But in such a short time to start a criminal investigation units fails. It is important that law enforcement officers began to work closely with banks in the area of money laundering, more quickly responded to the message, adds the banker.

Member of the Committee on financial markets and credit organizations CCI Timur aitov said that proposals to block suspicious transactions at any stage of the chain, and to share information about the accounts of the attackers were formulated two years ago, the National payment Council and furnished in a package of amendments to the criminal code, the Civil code and laws regulating banking activities. However, two years amendments have not reached the state Duma. “Now banks can’t share information with each other about questionable clients, this prevents the Bank secrecy act. Although some banks have informal contacts with each other between the security services,” says aitov.

In 2015, the Department “To” prevent theft from banks amounting to RUB 1.5 billion, has told the head a press-management service “To” Alexander Vurasko. It’s almost 1% of the total banks ‘ profits in 2015 (192 billion). The amount of actual damage is estimated at 400-600 million rubles., but it can grow, as it is declared new victims, said, Vurasko. Crimes for which amount had not been prevented, he announced.

Hackers have developed about hundreds of different schemes for the embezzlement of funds from the accounts as the banks themselves and their customers. “They have compromised the international payment system — they found the vulnerability and wrote software that would allow to generate fraudulent payment documents, but the use of this software managed to stop it,” said Murasko. According to him, the hackers almost paralyzed the banking system, compromising the system of exchange of interbank messages (the most used by the Russian banks from the international system SWIFT, but the interior Ministry did not disclose information, it is or not).

June 1, the center of public relations of FSB of Russia reported that the FSB and MVD of Russia in a joint operation to disrupt the activities of the hacking group, suspected of stealing money from the accounts of banks. According to the FSB, with virus attackers stole more than 1.7 billion rubles from the accounts of Russian financial institutions. Law enforcement authorities arrested 50 suspects, blocked bogus payment orders in the amount of 2.3 billion rubles., conducted 86 searches in 15 regions of Russia, said in a press release. Later TASS, citing a source close to the investigation, reported that the detainees from the actions of hackers has suffered six Russian banks, including Metallinvestbank, Russian international Bank, “Metropol” and “REGNUM”.

Suffered from hackers and customers of Sberbank. In March last year, German Gref told reporters that the security service of Sberbank has revealed a network of 350 thousand infected smartphones on the platform Android, which is controlled by hackers from the Ukraine. Gref said that the figure of 350 thousand refers only to the clients of Sberbank; how many infected phones, he said.

A month later, the press center of interior Ministry reported that law enforcement authorities arrested the Creator of the virus for Android kidnaps funds of Bank customers. “It was them 25-the summer inhabitant of Chelyabinsk region. In addition to his membership of the group consisted of four people”, — stated in the message of the Ministry. Later it became known that the police detained a criminal group with the assistance of the security service of Sberbank. The attackers called their program “5th Reich”, and in the control system used Nazi symbols, and because of what this criminal group has received the code name for “Fascists”.

Hackers spread malware via TEXT which was a link to download it under the guise of Adobe Flash Player. During installation is requested administrator rights. After the installation of a Trojan program requested balance is tied to the phone Bank card, hide incoming SMS notification and the transferred money from your Bank account to account hackers.

With the participation of Catherine Hulda