"Internet-search": how a private cyberpolicy is looking for fraudsters and helps businesses in the fight against economic crimes

Not looking for easy ways

Igor Bederov is not the most typical example of a former law enforcement officer

organs.By first education he is a political scientist, by his second he is a lawyer. He began working in commercial structures even before public service. Then he moved to the operational search unit of the police, and then returned to business again. Igor headed the security departments at the Metrika hypermarket chain and headed security at the Northern Textile company.

“My work in law enforcementheld under the heading of secrecy. Contacts with public employees were not encouraged. When I headed the security service, it became necessary to assess the reliability of counterparties and employees. There were no “friends from the bodies”, so I decided to create my own rating system based on data from publicly available information sources. Today, our assessment model has been implemented in most large enterprises, and then what I did was interpreted by colleagues as heresy, ”recalls Igor Bederov.

Photo: Viktor Yuliev / "Hightech"

In 2014, Igor Bederov quit his job andlaunched his own project in the field of information and analytical support for business security, from which the Internet Search company subsequently grew. The starting investments in the business - exclusively Igor’s personal savings - amounted to only 200 thousand rubles. With this money, he rented office space, purchased three computers and information and analytical software necessary for the further work of two analysts. It took several years for Bederov’s agency’s research to be noticed by the market, and Internet Search employees began to be invited to participate in investigations of economic crimes and crimes committed with the help of modern IT.

Network crime

Number of crimes committed byIT is growing every year. According to statistics from the Ministry of Internal Affairs, over the past year, the department registered almost 223 thousand such crimes. However, only 17% of them were investigated and brought to court. The similar statistics proceeds, since 2013: the cybercrime grows, and its revealing falls.

Most at risk from fraudstersbusiness is exposed. Over the past two years, 66% of Russian enterprises have experienced fraud or economic crimes committed against them. At the same time, business losses are estimated at large sums. Losses of private individuals, if they are not famous or rich people, rarely exceed 50 thousand rubles, but usually amount to 3–5 thousand rubles.

One of the most common crimesThis kind of activity is the activity of fraudulent stores. A person makes and pays for an expensive order through an online payment in an online store. It seems that everything is fine, but there is no product, no money, and there is no way to contact the seller by phone or other channels. The bank or payment aggregator cannot help. Fraudsters create anonymous wallets and withdraw the money received to international cards or accounts. Finding them is extremely difficult, since the criminal scheme is thought out to the smallest detail. Law enforcement officers will block such a site at the request of the victims, but another one will appear, since this is easy to do.

How to deal with cybercrime

A legitimate question arises: “Who should conduct a search if the cybercriminal still needs to be found?” In addition, such crimes may be committed from abroad.

There are several ways to solve existing problems in the field of cybercrime:

  • The training of specialists in this field is the creation of a training center where employees of the responsible departments will be taught to conduct investigations in the virtual space.
  • Development of methodological materials for investigators and police officers.
  • Transforming legislation - it is slow to respond to rapid changes (new schemes and tools of fraudsters) in the field of Internet crimes.
  • The creation of an international center to combatcybercrime, for example, based on the EAEU. As a rule, many crimes are committed from neighboring countries or from abroad. Such a center would help to exchange experience and knowledge, develop a common strategy for interaction, respond to the activities of international criminal groups and so on.
  • Acquisition of specialized software and hardware to find cybercriminals in the network, respond to their activities in a timely manner and prevent such crimes.

According to the Civil Code,business activities in Russia are carried out at your own risk. With this formulation, the law enforcement system signed for the removal of responsibility for the prevention of crimes against business, said Igor Bederov. As criminals “move” to the network, the issue of a fundamental change or improvement of the law enforcement system is becoming increasingly relevant. If we talk about business and security services, they absolutely do not solve the problem of risk prevention. They practically have no opportunity to assess the reliability of individual entrepreneurs and enterprises up to a year, as they are very limited in their functionality and often are outside the legal field.

Photo: Viktor Yuliev / "Hightech"

"I myself, being a security official, could not stand the bureaucracyand work on outdated methods, - says Igor Bederov. - Power structures react very hard to innovations, transformations. Therefore, he left the authorities for the security services of a private company. But they work the same way. I understood that such a department in organizations is expensive, therefore, it would be more profitable to use third-party services. So the idea came to me to create my own project - to organize business security. ”

The Internet Search website is at the same timean Internet site and platform for providing services for collecting information, searching for fraudsters and building a business reputation. Outsourcing offers specialized services: legal support for the client, polygraph tests, activities of private detectives, services of lawyers and even debt collectors. Specialists of a narrow profile cooperate with the agency on a contractual basis, and if necessary, the client will be able to receive the full range of services related to personal and corporate security. This decision made it possible to attract clients and at the same time not to inflate the staff with specialists whose skills are in demand only from time to time.

The number of specialists involved reaches 40. Depending on the number of completed orders, employees receive up to 150 thousand rubles per month. About half of the agency's revenue comes from the routine inspections of employees, 40–50 per applicant per day.

How is the verification of individuals

According to the “Internet-tracing”, 15–20% of hiredemployees are problematic and bear unpleasant consequences for domestic policy. If a company hires a wanted person, it signs itself responsible for hiding the offender. Debt problems of the applicant impose problems on the employer. The administration of the company may be obliged to pay the employee’s debt and impose a penalty in case of refusal. A person who has problems with the law is not quite suitable for the position of a decent employee of the organization. It is important to check the identity of the criminal record (theft, robbery), as well as try to check if the person has alcohol or drug addiction. The applicant can always be a front worker who came from a rival company to research domestic policies and steal special production technologies. Therefore, orders related to the verification of individuals, as a rule, is the verification of employees hired.

Regulation of inspections by law

According to Article 9 No. 152-ФЗ “On Personal Data”, an employer may verify data with the consent of the applicant. Otherwise, a person may sue the company.

It’s easy to get agreement; many organizations enter into the contract a clause on consent to the processing of personal information, so it’s impossible to get a job without a tick opposite the line

Part 1 of article 22 No. 152-ФЗ “On personaldata ”says that the employer is not obliged to notify the service of the protection of personal data that the company is processing personal information of the applicant.

According to Articles 5–9 No. 152-FZ “On Personal Data”, the employer does not have the right to distribute the information received about the employee to third parties who are not related to the procedure.

Reception of the primary information of the potentialAn employee of the company is carried out by means of an interview. Having received the necessary package of documents and information about the person, the responsible person has the right to check the data provided for accuracy. This can be done independently, but more reliably - you can entrust verification to professionals from Internet-Tracing, who not only learn open sources of information, but can learn about a person and quite unobvious things from social networks, purchase history and location of a person on his mobile phone.

Open sources for finding information about a potential employee

  • Open resources of state organizations about the search - Interpol, FSIN, MIA, FSSP.
  • Resources that carry out the verification of basic documents (TIN, passport, diploma) - service Tax.Ru, FrDoCheck.
  • Resources providing data on debt (loans, collateral, bankruptcy) - “Register of pledges”, “No interest”, Unirate24.
  • Resource providing data on the participation of an individual in legal proceedings - GAS RF “Justice”.
  • Resources containing information on participation in business activities - “For honest business”, “OGRN.online”.
  • To check accounts social networks - Yandex. People, PIPL.

In order to verify a person’s personal data, it is necessary to comply with the law.

Igor recalls a case studyuse of open network information. A cannery asked for help, sending a large consignment of goods to a military unit in Sevastopol. The cargo to the destination did not arrive, the driver of the truck did not contact us. Verification of documents revealed the fact of forgery, the driver of the logistics company got a job on forged documents. Analysts have suggested that the stolen goods will be put up for sale. Checking the ads on the network, the staff of "Internet-search" found the seller. The police made a test purchase. By marking on the product, he was identified as stolen and returned to the rightful owner. The agency’s earnings amounted to 300 thousand rubles.

In 2018 alone, agency employees providedassistance in solving 68 economic crimes. A service for assessing the security of cryptocurrency transactions, based on the analysis of crypto wallets, is under development.

Partner ordered

Most of the clients of the "Internet-Search" -legal entity, and the most popular service is to check partners before a transaction, analyze the reputation or evaluate candidates before employment. Carrying out an order, analysts of the company use information from open sources, databases of state bodies and provide the client with detailed analytical information. The cost of one check is 1–5 thousand rubles, but you can purchase a subscription, which will cost 20–50 thousand.

Photo: Viktor Yuliev / "Hightech"

"In total in our country just under 700 sourcesinformation suitable for use in evaluating counterparties. Some of them were automated and turned into services such as SPARK, Integrum, Kontur. Focus, Seldon, Globas and others, ”says Igor. - More data is processed by us at the expense of our own systems. We identified 46 signs for verification - we study the reasons for the refusal of banks to open accounts, blocking and suspending operations on current accounts, assess related individuals (director, founders). All these risks, of course, affect the performance of the contractual obligations by the counterparty. ”

How to check legal entity

There are no specific laws in the state that oblige companies to check their business partners, but in the first proceedings inaction is the reason for tax deductions.

What causes suspicions:

  • lack of registration in the register;
  • the presence of a "mass" founder (participant), the head of the counterparty;
  • availability of the legal address of mass registration;
  • absence of expenses typical for conducting business;
  • lack of staff;
  • lack of fixed assets;
  • lack of storage facilities;
  • lack of vehicles;
  • lack of productive assets.

Information about the company can be found on the official website of the tax service, but if you need to view exclusive information, you should enlist the help of paid resources.

A legal entity is considered to be successfully verified if it meets the following criteria:

  • Documents and powers of the director along with other representatives of the organization.
  • Availability of production / technical / personnel capabilities, with the help of which the conditions of the proposed contract will be fulfilled.
  • The accuracy of the address of the company.
  • The absence of other “ephemeral symptoms”.

Sophisticated testing methods includeresearch of photographs of the company's sign, address, facilities and production itself, which allows you to verify the real existence of the enterprise. Often an audit is carried out to determine whether a company is involved in legal proceedings.

One-day events can be identified using the following features:

  • incomes in reports are close to expenses;
  • at the address specified in the Unified State Register of Legal Entities not identified;
  • the organization opens settlement accounts in opposite regions;
  • the company works less than six months;
  • The staff consists of one employee or no staff at all.

“The problem of automated checks, which,basically, everyone uses it, and often does not identify unreliable companies,” says Igor. — For example, there are companies that are rated by any service as trustworthy, but their directors are wanted. Or other examples: the founder of Nominals Nominal Nominalovich or companies with names whose meaning appears when read from right to left, like IKHOL - suckers, KODIK - scammers.”

If the audit reveals that a successful companywith a turnover of millions is registered at the address of a communal apartment, in which several other similar companies are “registered”; this is a sign of a fly-by-night or transit company serving to evade taxes. Analysts have identified fictitious directors, cases of registration of dozens of companies on the passport of a person who is unaware of his entrepreneurial activity.

Photo: Viktor Yuliev / "Hightech"

Within a few minutes the staff“Internet Search” can analyze the unfair conduct of the tender. For example, the winning company turns out to be a newcomer to the market. By comparing the registration data of the company and its management, it is established that it was created only to participate in the tender, and its owner is a classmate or neighbor of the person responsible for conducting the tender. Based on the information obtained by the agency, bona fide companies have the right to appeal the results of the tender.

Warn fraud and "hack" Telegram

In 2016, after two years of agency workBederova, Internet Search specialists created a system for analyzing email addresses and mobile phones - TelPoisk. Moreover, it took only half a month to launch it. The system analyzes open sources, identifies the owner, determines with high accuracy where he is currently located, and tracks the history of his movements. TelPoisk uses 52 sources of information, including data about the email server, linking the phone to a specific transceiver station, public information from social networks and instant messengers.

For 50% of requests it is possible to obtain completeidentification data, and in 70% of cases the owner of the mail or telephone number is identified. The program has no territorial restrictions, which means it works all over the world.

After the update, TelPoisk learned to issuethe exact address of the phone location, a list of numbers located nearby, set the registration addresses and real place of residence of the person involved, and also displays a list of bank cards linked to the number.

“We happened to take part in severalinvestigations related to fraud on the electronic platforms “AutoTransInfo” and “Sberbank-AST”. What is the risk? No electronic platform does not really check their users. You submit an application for registration, send many scans of statutory documents (at least on behalf of Gazprom), you get access - that's all. After a couple of hours you start to look for a victim. And since you are Gazprom, the delay in payment for the delivery will be easily forgiven. No one bothers to check the contacts in the electronic application. And our TelPoisk checks and prevents fraud, ”explains Igor Bederov.

In the course of the investigation it was revealedthat the attacker registered in the Sberbank-AST electronic trading system a personal account from the NefteTransService company, which is included in the rating of the most successful companies in the Russian Federation. After that he placed tender applications for the supply of expensive computer equipment with a deferred payment condition. The fraudster provided fake documents upon registration. Similar situations occur with AutoTransInfo.

The criminal scheme is simple - registered underdata of a successful organization, filed an application, received the goods and disappeared. The trading system has not worked out the security system in the field of accreditation of bidders. Therefore, any unreliable citizen can create an office, for example, from Rosneft, and make purchases for deferred payment.

Another service developed by the company“Internet Search” in 2016 - “IP search”, collects information based on the IP address. The development of Bederov's team receives information about the location of the computer right up to the building where it is installed. The initiator of the search will even receive data about the version of the operating system on this computer.

Recently, the Internet-Search company has finishedalpha testing of a new product - Telegram-Deanonymizer. The product is designed to establish the data of users of the messenger - ID, last name and first name, phone number. He can also set information about the approximate location and language group of the user of the messenger, check the activity and ownership of the phone number used to register an account in the Telegram.

Information leaks

At the beginning of 2019, Internet Search employeesa leak of information was recorded. During routine monitoring of hacker sites, company specialists came across an array containing personal data of almost 300 thousand users living in Yekaterinburg, Volzhsky, Naberezhnye Chelny, Tomsk and Yaroslavl. During the study of the array, an assumption arose that the source of the leaked data could be the federal telecom operator Dom.ru, under whose brand the ER-Telecom holding operates - it owns about 11% of the entire Russian segment of the Internet.

Was informed about the possible leakHead of the information security service of the holding Mikhail Tereshkov. He stated that the identified data set could have appeared on the darknet as a result of only one of the leaks that occurred since 2013. In this regard, work in this direction is of no interest to them, since the channels of these leaks have been eliminated. In other words, the relevant head of the telecommunications giant admitted the presence of gaps in the protection of the holding’s personal data and confirmed that Dom.ru belonged to the information published on the darknet.

On the one hand, company employees“Internet-Rozysk” took measures to remove personal data of users from the resource on the darknet. On the other hand, the carelessness of telecom giants raises fears that similar leaks will occur again and again. And, as confirmation of this idea, a few days later the Dom.ru database appeared on the darknet. Only more recent, for 2016.

Igor Bederov notes that the loss of significantinformation can occur in various ways, ranging from the theft of a phone or laptop to the disclosure of data through employees and hacking of computer systems.

Fraud against business

During the work of the staff of the "Internet-search"regularly faced with fake or cloning activities of large businesses. Criminals can create full copies of the websites of major Russian business players in order to enter into contracts on their behalf. The average damage from one such attack is 1.5 million rubles.

For example, the attackers worked according to this schemewith the manufacturer of nitrogen fertilizers Mendeleevskazot. The official website of the company is mendeleevskazot.ru, and the clone website is located at mendeleevscazot.ru.

The difference in one letter and the inattention of the consumer can entail a loss of money, and the manufacturer itself bears because of this, not only financial losses, but also reputational costs.

According to the representative of EuroChem, forThe sowing season of 2016-2017, the farms lost more than 2 billion rubles due to fraudsters. The attacker's work scheme is simple: a client enters a clone site of a large manufacturer, contacts a fake sales department, pays an invoice according to the order, but he will not see the goods, as well as cash. Money through a thoughtful chain of Russian and foreign banks is deposited in the hands of an intruder. Clone not only sites, but also corporate identity, business cards, brand. Rent an office near the "head office". They do everything to look like a subsidiary structure, a separate division. Individuals may also come across such criminal schemes.

How not to get caught and where to run, if you please

Services and databases must contain complete andreliable information about the counterparty so that everyone can assess the risk of cooperation with him. Working mechanisms are needed that security experts can create. The problem with many non-state security products is that the people who create them often have no understanding of security. For example, you can take a conventional banking system for making payments. Its development is carried out by programmers, having received a certain technical task.

Photo: Viktor Yuliev / "Hightech"

"I do not think that in the area of ​​security operationsIt will be executed perfectly, since it is not created by an expert in this field. Then there are such situations when a person purchases goods from a one-day store, realizes that he was deceived, immediately turns to the bank. There, they tell him about the uncompleted operation, and the next day the payment is made automatically, since the system does not allow marking the operation as unreliable until an internal investigation is conducted. This is a programmer’s and bank’s mistake, ”says Igor Bederov. - To defeat crime, we need new legal sources of information and the ability to freely process them. We need liberalization of personal data legislation. And we need state support in order to implement the development, so that products and ideas work for the good of Russia. ”

Instructions. What to do if a person or company is a victim of cyber fraud:

  • Urgently file a complaint with the police.For a faster response, it is recommended to contact the special department “K” of the Ministry of Internal Affairs of the Russian Federation, which deals with offenses in this area.
  • If fraud has been committed involving payment by bank card or wire transfer, then you need toapply to the bank or electronic payment systemwith a statement about the possibility of canceling the operation.
  • In case of fraud or extortionwrite a statement to Roskomnadzor.
  • You can file a complaint against a fraudulent resource using special services. They can help block such sites. For example, here.
  • If the problem concerns payment for goods on the Internet, which either does not arrive to the buyer, or what does not arrive is what was ordered,It is necessary to contact Rospotrebnadzor and the Prosecutor’s Office for assistance.
  • You can alsocontact a personal data search companyand online security for help, for example, in Internet Search.

Today, Internet Search processes at least 150 requests every day, assists in the investigation of criminal cases and the search for hiding criminals passing through the federal base.

In the near future, Igor Bederov’s company has plans to:creation of a service to help HR agencies. The online system will allow checking potential and current employees using government databases, social networks and the media. Having analyzed the ratio of vacancies and resumes for security officers, Bederov concluded that the costs of maintaining a full-fledged security staff are trending downward. Certain functions are transferred to the personnel and legal departments, so the growth of the market for services provided by the Internet-Rozysk agency will continue.