Use of information and telecommunication networks for criminal purposes

The article is not devoted to crimes related to violations of the integrity, availability and confidentiality of information, but rather to the spread of criminal acts through information and telecommunication networks. Only some of the ways of using the Internet and other information and telecommunication networks for purposes considered by the legislation of the Russian Federation as crimes entailing different types of liability will be considered.

Distribution of prohibited substances in information and telecommunication networks

The distribution of prohibited substances in global networks poses a serious threat to society. Narcotics, psychotropic substances and other illicit drugs can be easily purchased online, creating opportunities for criminals and drug dealers to evade punishment and expand their operations internationally.

This section describes gaining initial access to drug trafficking and trading platforms, rather than the entire process of their operation and functioning. It is quite problematic for an ordinary person to gain initial access to online trading platforms if he does not know about their existence in advance. Therefore, to gain initial access, street stickers, stickers, business cards, graffiti, inscriptions on walls, pillars, transport stops, asphalt, underground and overpasses, etc. are often used (examples can be seen in Figure 1). Criminals indicate a telephone number that can be contacted, a QR code of the criminal’s user or a chatbot in the Telegram messenger. You should be careful, as some such contacts, with offers of easy money, or even shift work, can ultimately lead a person into slavery.

Figure 1 – Illegal inscriptions/stickers leading to connection with a criminal

Figure 1 – Illegal inscriptions/stickers leading to connection with a criminal

If you switch to a chatbot, you select the category of your activity: buying, selling, work. All further actions can also take place in a chatbot, however, there are often cases when this chatbot is created and works solely for the purpose of deceiving users and making illegal money. A distinctive feature of the chatbot, which will highlight its transparency, is the transition to a well-known drug trafficking network platform to complete a transaction via the Internet.

Also, initial access to trading platforms can be provided through the administrator (curator). This means work in this area. In a personal message on the Telegram messenger, the criminal asks a couple of clarifying questions, and then asks to fill out a standard form according to the following points: age, city of residence, experience in this field, availability of a driver’s license, motivation, career growth, knowledge of methods and means of anonymity in networks (Proxy, VPN, Tor), wishes for work. It is worth noting that criminals do not ask to create a secret chat in the messenger and communicate quite frankly.

Then registration takes place on a well-known drug trafficking network. These services take care of security; first you need to go through a captcha, then register with a password according to high security standards, without identifying a person by his phone number or email, then go through the captcha again. The system can use two-factor authentication, a public PGP key and other security measures.

Such sites use many “mirror” sites to avoid stopping activity after the main site is blocked, and can also be used for load balancing. A copy of the main website, stored on a different domain, server, or has a different URL from the main one, while all of them will link to the same main server to obtain data about users, etc. Abrupt blocking of all sites and struggle states with these services leads to the emergence of other similar platforms, including using the Telegram messenger.

After registration, the criminal asks to go to the “Work” section and select his community (group). All financial transactions take place through cryptocurrency, usually Bitcoin (BTC). The Bitcoin wallet ID is a unique identifier for sending and receiving funds and consists of 40–50 characters. It can also be purchased using regular bank cards of well-known payment systems on this trading website, in the “Exchange” section. For the first job, it is necessary to pay a deposit, usually from 3 thousand to 5 thousand rubles, depending on the quantity and quality of the goods, in order to avoid deception by the newcomer. The newcomer receives information about the receipt of the goods and where it should be hidden. A client, having purchased a product on the trading platform, automatically receives its coordinates on a map of the area.

Such organized crime services (often referred to as the “darknet”) provide access not only to the purchase of illegal substances, but also to other criminal activities: forged documents, network attacks, surveillance of a person, contract killings and much more. They are implemented not only through the Internet, but also through the popular anonymous network Tor.

Now, in the age of information technology, it is not necessary to meet with criminals directly, all communication is anonymized and encrypted, financial transactions are almost impossible to track, and finding goods on the street will not be difficult. Thus, it is quite easy to gain access to drug trafficking, buy goods or work in this area, which increases the crime rate in the country.

False job vacancies

False vacancies are used on popular online recruiting services for malicious purposes, deceiving victims for financial gain. Often, such vacancies claim high wages with minimal workload, flexible hours, work from home, lack of bureaucracy, etc.

Typically, such vacancies offer the following types of work: sorting or handicraft at home, creating a business for growing miracle berries and fruits at home, transcribing audio recordings, working as a “courier”, typing, reselling goods on marketplaces, testing games, fraudulent vacancies, writing comments / reviews, work as a secret shopper.

The methods of deception are approximately identical: to receive your first income, you must enter all your bank card information on the phishing service. Otherwise, attackers can threaten their victims in various ways, use articles of the Criminal Code of the Russian Federation or Federal laws as arguments, put psychological pressure on people, carry out network attacks against the victim, compromise actions on behalf of the victim, and blackmail.

It is also not uncommon for an official employer to ask you to complete several test tasks (for example, a lot of monotonous work) to determine the competence of an applicant for a position. After completing the task, the employer either does not respond or declares a low level of skills, thereby facilitating the internal work of the company, which is carried out for them by supposed candidates for the position.

Some methods of social engineering in social networks and ad services

Social media. On social networks, attackers create an ideal store page: they create fake reviews, make notes about the sale and profitability of purchasing a product, and indicate the location of their warehouse or store. You can distinguish a fake store by the following signs:

  • All entries on the community page were made in one or two days.

  • Reviews, likes and comments are created by fake pages of network users (they can also be identified by the first point, as well as by the perfection of filling out all sections of the open page).

  • There are no contacts for the community administrator.

  • There are no contacts for the community itself (or do not respond to messages).

  • The feeling of an idealized page is created.

  • Product prices are at least half lower than the average market value.

  • This store cannot be found on the Internet.

  • This store is not located in the premises indicated on the page.

Advertisement services. After publishing a product on some popular classifieds services, messages from buyers arrive within an hour. They claim that they have already transferred money to the service to purchase the goods, and the seller only needs to receive it. The attackers, having studied the pattern of customer relationships (namely, this is how the purchase of goods occurs), offer to follow a link (to a phishing site with a similar domain) and enter all the bank card details there in order to supposedly receive money for the goods. Then the attackers try to psychologically put pressure on the victim that the money was transferred, and the victim is trying to deceive him, or they claim that they have found a more profitable option for the product.

We can conclude that the correspondence is conducted not by bots, but by people, since they enter into a direct, meaningful dialogue and use the errors in grammar inherent in people. Advertising services make attempts to expose and block malicious activities and accounts, but do not have a general policy and preventative warnings for this type of fraud.

Distribution of exchange files bypassing legitimate services

File hosting services are often used to distribute unlicensed or licensed software, bypassing the official legitimate service of the copyright holder. They are also used to distribute film content, bypassing paid video hosting sites and content rights holders. To achieve such goals, special services and network protocols, Proxy servers, virtual private networks (VPN), as well as “multi-mirror” sites on the Internet that violate copyright laws were invented. The organization of systems and networks on which these services operate is given below.

BitTorrent is a peer-to-peer (P2P) network protocol for cooperative file sharing over the Internet. Often in a peer-to-peer network there are no dedicated servers, and each node (peer) is both a client and performs server functions. Unlike the client-server architecture, this organization allows the network to remain operational with any number and any combination of available nodes. All nodes are participants in the network. Files are transferred in parts, each torrent client, receiving (downloading) these parts, at the same time gives (uploads) them to other clients, which reduces the load and dependence on each source client and ensures data redundancy (an example is shown in Figure 2). Each client has the ability to temporarily block transfers to another client. Preference is given to peers that have themselves transferred many segments to this client. Thus, peers with good upload rates encourage each other according to the principle “you give me, I give you.”

Figure 2 – Example of receiving/distributing files

Figure 2 – Example of receiving/distributing files

μTorrent is a cross-platform BitTorrent client (web interface), characterized by its small size and high speed with quite a lot of functionality. In January 2011, the number of monthly users reached 100 million. An example of the μTorrent web interface is presented in Figure 3.

Figure 3 – Web interface of μTorrent 3.0

Figure 3 – Web interface of μTorrent 3.0

Tor is free and open source software for implementing the second (V2) and third (V3) generations of so-called onion routing. The network is independent and is not part of the Internet. It is considered as an anonymous network of virtual tunnels that provides encrypted data transmission through several random nodes (proxy servers). With Tor, users can remain anonymous on the Internet when visiting websites, blogging, sending instant messages, email, and other applications that use the TCP protocol. Traffic anonymization is ensured through the use of a distributed network of servers – nodes. Tor technology also provides protection against traffic analysis mechanisms that compromise not only online privacy, but also the confidentiality of trade secrets, business contacts, and communications in general. Tor operates on the network layers of onion routers, allowing anonymous outgoing connections and anonymous hidden services.

I2P is an anonymous computer network. The I2P network is overlay (that is, it works on top of another network – the Internet), resilient (disabling a node will not affect the functioning of the network), anonymous (it is impossible or difficult to determine the IP address of a node) and decentralized (does not have a central server). When transferring data between network nodes, encryption is used. Inside the I2P network, you can host any service (forum, blog, file sharing, email, instant messaging (chat), file sharing system, VoIP, etc.) while maintaining the anonymity of the server. The I2P network runs http servers; website addresses are in the pseudo-domain space “.i2p”. Peer-to-peer (P2P) networks can be built on top of the I2P network, such as BitTorrent, eDonkey, Kad, Gnutella, etc. Uses garlic routing, which is a complement to onion routing.

Thus, malicious use of file sharing services is a serious problem that can lead to theft of personal information, the spread of malware, and copyright infringement.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *