"Internet-search": how a private cyberpolicy is looking for fraudsters and helps businesses in the fight against economic crimes

Not looking for easy ways

Igor Bederov is not the most typical example of a former law enforcement officer.

organs. According to the first education political scientist, the second lawyer. In commercial structures began to work even before the public service. Then he moved to the operational search police unit, and then returned to the business. Igor headed the security divisions at the Metrica hypermarket chain, and managed security at the North Textile company.

“My work in law enforcementheld under the heading of secrecy. Contacts with public employees were not encouraged. When I headed the security service, it became necessary to assess the reliability of counterparties and employees. There were no “friends from the bodies”, so I decided to create my own rating system based on data from publicly available information sources. Today, our assessment model has been implemented in most large enterprises, and then what I did was interpreted by colleagues as heresy, ”recalls Igor Bederov.

Photo: Viktor Yuliev / "Hightech"

In 2014, Igor Bederov quit his job andlaunched its own project in the field of information and analytical security of business, from which Internet-Search was subsequently developed. Starting investments in the business - Igor’s personal savings only - amounted to only 200 thousand rubles. With this money, he rented an office space, purchased three computers and information and analytical software necessary for the further work of two analyst employees. It took several years for the research of Bederov’s agency to be noticed by the market, and the employees of Internet Investigation were invited to participate in the investigations into economic and crimes committed with the help of modern IT.

Network crime

Number of crimes committed byIT is growing every year. According to statistics from the Ministry of Internal Affairs, over the past year, the department registered almost 223 thousand such crimes. However, only 17% of them were investigated and brought to court. The similar statistics proceeds, since 2013: the cybercrime grows, and its revealing falls.

Most at risk from scam actionsexposed business. Over the past two years, 66% of Russian enterprises have experienced fraud or economic crime against them. At the same time business losses are estimated in large sums. The losses of private individuals, if they are not known or rich people, rarely exceed 50 thousand rubles, and usually amount to 3-5 thousand rubles.

One of the most common crimesthis kind of activity - shops scam. A person makes and pays an expensive order through an online payment in the online store. It seems that everything is fine, but there is no product, there is no money either, and by phone and other channels you cannot contact the seller. In the bank or the payment aggregator can not help. Fraudsters create anonymous wallets, display the money received on international cards or accounts. It is extremely difficult to find them, since the criminal scheme is thought out to the smallest detail. Militiamen will block such a website on the statement of the victims, however, another one will appear, because it is easy to do.

How to deal with cybercrime

A legitimate question arises: “Who should conduct a search if the cybercriminal still needs to be found?” In addition, such crimes may be committed from abroad.

There are several ways to solve existing problems in the field of cybercrime:

  • The training of specialists in this field is the creation of a training center where employees of the responsible departments will be taught to conduct investigations in the virtual space.
  • Development of methodological materials for investigators and police officers.
  • Transforming legislation - it is slow to respond to rapid changes (new schemes and tools of fraudsters) in the field of Internet crimes.
  • The creation of an international center to combatcybercrime, for example, based on the EAEU. As a rule, many crimes are committed from neighboring countries or from abroad. Such a center would help to exchange experience and knowledge, develop a common strategy for interaction, respond to the activities of international criminal groups and so on.
  • Acquisition of specialized software and hardware to find cybercriminals in the network, respond to their activities in a timely manner and prevent such crimes.

According to the Civil Code,business activities in Russia are carried out at your own risk. With this formulation, the law enforcement system signed for the removal of responsibility for the prevention of crimes against business, said Igor Bederov. As criminals “move” to the network, the issue of a fundamental change or improvement of the law enforcement system is becoming increasingly relevant. If we talk about business and security services, they absolutely do not solve the problem of risk prevention. They practically have no opportunity to assess the reliability of individual entrepreneurs and enterprises up to a year, as they are very limited in their functionality and often are outside the legal field.

Photo: Viktor Yuliev / "Hightech"

"I myself, being a security official, could not stand the bureaucracyand work on outdated methods, - says Igor Bederov. - Power structures react very hard to innovations, transformations. Therefore, he left the authorities for the security services of a private company. But they work the same way. I understood that such a department in organizations is expensive, therefore, it would be more profitable to use third-party services. So the idea came to me to create my own project - to organize business security. ”

Internet Tracing site is simultaneouslyInternet platform and platform for the provision of services for the collection of information, the search for fraudsters and the formation of business reputation. Outsourcing offers specialized services: legal support for the client, polygraph testing, the activities of private detectives, the services of lawyers and even collectors. Specialists of the narrow profile cooperate with the agency on a contractual basis, and if necessary, the client will be able to receive the full range of services relating to personal and corporate security. This decision allowed us to attract customers and at the same time not to inflate the staff with specialists whose skills are in demand only from time to time.

The number of specialists involved reaches 40. Depending on the number of completed orders, employees receive up to 150 thousand rubles per month. About half of the agency's revenue comes from the routine inspections of employees, 40–50 per applicant per day.

How is the verification of individuals

According to the “Internet-tracing”, 15–20% of hiredemployees are problematic and bear unpleasant consequences for domestic policy. If a company hires a wanted person, it signs itself responsible for hiding the offender. Debt problems of the applicant impose problems on the employer. The administration of the company may be obliged to pay the employee’s debt and impose a penalty in case of refusal. A person who has problems with the law is not quite suitable for the position of a decent employee of the organization. It is important to check the identity of the criminal record (theft, robbery), as well as try to check if the person has alcohol or drug addiction. The applicant can always be a front worker who came from a rival company to research domestic policies and steal special production technologies. Therefore, orders related to the verification of individuals, as a rule, is the verification of employees hired.

Regulation of inspections by law

According to Article 9 No. 152-ФЗ “On Personal Data”, an employer may verify data with the consent of the applicant. Otherwise, a person may sue the company.

It’s easy to get agreement; many organizations enter into the contract a clause on consent to the processing of personal information, so it’s impossible to get a job without a tick opposite the line

Part 1 of article 22 No. 152-ФЗ “On personaldata ”says that the employer is not obliged to notify the service of the protection of personal data that the company is processing personal information of the applicant.

According to Articles 5–9 No. 152-ФЗ “On Personal Data”, the employer does not have the right to distribute the received information about the employee to third parties who are not related to the procedure.

Reception of the primary information of the potentialAn employee of the company is carried out by means of an interview. Having received the necessary package of documents and information about the person, the responsible person has the right to check the data provided for accuracy. This can be done independently, but more reliably - you can entrust verification to professionals from Internet-Tracing, who not only learn open sources of information, but can learn about a person and quite unobvious things from social networks, purchase history and location of a person on his mobile phone.

Open sources for finding information about a potential employee

  • Open resources of state organizations about the search - Interpol, FSIN, MIA, FSSP.
  • Resources that carry out the verification of basic documents (TIN, passport, diploma) - service Tax.Ru, FrDoCheck.
  • Resources providing data on debt (loans, collateral, bankruptcy) - “Register of pledges”, “No interest”, Unirate24.
  • Resource providing data on the participation of an individual in legal proceedings - GAS RF “Justice”.
  • Resources containing information on participation in business activities - “For honest business”, “OGRN.online”.
  • To check accounts social networks - Yandex. People, PIPL.

In order to verify the personal data of a person, you must comply with the law.

Igor recalls a case studyuse of open network information. A cannery asked for help, sending a large consignment of goods to a military unit in Sevastopol. The cargo to the destination did not arrive, the driver of the truck did not contact us. Verification of documents revealed the fact of forgery, the driver of the logistics company got a job on forged documents. Analysts have suggested that the stolen goods will be put up for sale. Checking the ads on the network, the staff of "Internet-search" found the seller. The police made a test purchase. By marking on the product, he was identified as stolen and returned to the rightful owner. The agency’s earnings amounted to 300 thousand rubles.

Only in 2018, the agency staff providedAssistance in the detection of 68 economic crimes. A service for evaluating the security of cryptocurrency transactions based on the analysis of cryptotographs is in the development stage.

Partner ordered

Most of the clients of the "Internet-Search" -legal entity, and the most popular service is to check partners before a transaction, analyze the reputation or evaluate candidates before employment. Carrying out an order, analysts of the company use information from open sources, databases of state bodies and provide the client with detailed analytical information. The cost of one check is 1–5 thousand rubles, but you can purchase a subscription, which will cost 20–50 thousand.

Photo: Viktor Yuliev / "Hightech"

"In total in our country just under 700 sourcesinformation suitable for use in evaluating counterparties. Some of them were automated and turned into services such as SPARK, Integrum, Kontur. Focus, Seldon, Globas and others, ”says Igor. - More data is processed by us at the expense of our own systems. We identified 46 signs for verification - we study the reasons for the refusal of banks to open accounts, blocking and suspending operations on current accounts, assess related individuals (director, founders). All these risks, of course, affect the performance of the contractual obligations by the counterparty. ”

How to check legal entity

There are no specific laws in the state that oblige companies to check their business partners, but in the first proceedings inaction is the reason for tax deductions.

What causes suspicions:

  • lack of registration in the register;
  • the presence of a "mass" founder (participant), the head of the counterparty;
  • availability of the legal address of mass registration;
  • absence of expenses typical for conducting business;
  • lack of staff;
  • lack of fixed assets;
  • lack of storage facilities;
  • lack of vehicles;
  • lack of productive assets.

Information about the company can be found on the official website of the tax service, but if you need to view exclusive information, you should enlist the help of paid resources.

A legal entity is considered to be successfully verified if it meets the following criteria:

  • Documents and powers of the director along with other representatives of the organization.
  • Availability of production / technical / personnel capabilities, with the help of which the conditions of the proposed contract will be fulfilled.
  • The accuracy of the address of the company.
  • The absence of other “ephemeral symptoms”.

Sophisticated verification methods includeresearch of photographs of the company's signage, address, capacity, and production itself, which allows one to be convinced of the real existence of the enterprise. Often carried out checks on the participation of the company in litigation.

One-day events can be identified using the following features:

  • incomes in reports are close to expenses;
  • at the address specified in the Unified State Register of Legal Entities not identified;
  • the organization opens settlement accounts in opposite regions;
  • the company works less than six months;
  • The staff consists of one employee or no staff at all.

"The problem of automated checks thatbasically everyone uses them and often does not reveal unreliable companies, ”says Igor. - For example, there are firms that are valued as trustworthy by any service, but their directors are wanted. Or other examples: the founder of the Nominal Nominal Nominalovich or companies with names whose meaning appears when reading from right to left, like IHOL - suckers, KODIK - kiddo ”.

If the check reveals that a successful companywith millions of turns registered at the address of a communal apartment, in which several similar firms are “registered”, this is a sign of a one-day or a transit company that serves to evade taxes. Analysts reveal fictitious directors, cases of registration of dozens of companies for a passport of a person unaware of their business activities.

Photo: Viktor Yuliev / "Hightech"

Within minutes the staff“Internet-tracing” can analyze the unfair tendering. For example, the winning company is a novice in the market. Comparing the registration data of the company and its management, it is established that it was created only for participation in the tender, and its owner is a classmate or neighbor of the person responsible for conducting the bidding. Based on the information obtained by the agency, bona fide companies are entitled to appeal the tender results.

Warn fraud and "hack" Telegram

In 2016, after two years of agency workBederova, Internet-Investigation specialists created a system for analyzing email addresses and mobile phones - TelPoisk. And at its launch took just half a month. The system analyzes open sources, identifies the owner, accurately determines where he is at the moment, and tracks the retrospective of his movements. TelPoisk uses 52 sources of information, including data on the email server, phone mapping to a specific receiving and transmitting station, public information of social networks and instant messengers.

By 50% of requests it is possible to get completeidentification data, and in 70% of cases the owner of the mail or phone number is set. The program has no territorial restrictions, which means it works all over the world.

After the update, "TelPoisk" learned to issuethe exact address of the location of the phone, a list of numbers located nearby, set the address of registration and the real residence of the person involved, and also displays a list of bank cards attached to the number.

“We happened to take part in severalinvestigations related to fraud on the electronic platforms “AutoTransInfo” and “Sberbank-AST”. What is the risk? No electronic platform does not really check their users. You submit an application for registration, send many scans of statutory documents (at least on behalf of Gazprom), you get access - that's all. After a couple of hours you start to look for a victim. And since you are Gazprom, the delay in payment for the delivery will be easily forgiven. No one bothers to check the contacts in the electronic application. And our TelPoisk checks and prevents fraud, ”explains Igor Bederov.

In the course of the investigation it was revealedthat the attacker registered in the Sberbank-AST electronic trading system a personal account from the NefteTransService company, which is included in the rating of the most successful companies in the Russian Federation. After that he placed tender applications for the supply of expensive computer equipment with a deferred payment condition. The fraudster provided fake documents upon registration. Similar situations occur with AutoTransInfo.

The criminal scheme is simple - registered underdata of a successful organization, filed an application, received the goods and disappeared. The trading system has not worked out the security system in the field of accreditation of bidders. Therefore, any unreliable citizen can create an office, for example, from Rosneft, and make purchases for deferred payment.

Another service developed by the company“Internet Search” in 2016 - “IP Search”, collects information based on IP-address. The development team Bederova receives information about the location of the computer until the building where it is installed. The initiator of the search will receive data even on the version of the operating system on this computer.

Recently, the Internet-Search company has finishedalpha testing of a new product - Telegram-Deanonymizer. The product is designed to establish the data of users of the messenger - ID, last name and first name, phone number. He can also set information about the approximate location and language group of the user of the messenger, check the activity and ownership of the phone number used to register an account in the Telegram.

Information leaks

At the beginning of 2019, the staff of the "Internet-tracing"recorded a leak. During the routine monitoring of hacking sites, the company's specialists came across an array containing the personal data of almost 300 thousand users living in Yekaterinburg, Volzhsky, Naberezhnye Chelny, Tomsk and Yaroslavl. In the course of studying the array, it was suggested that the source of the merged data could be the federal telecom operator Dom.ru, under whose brand ER-Telecom operates - it owns about 11% of the entire Russian segment of the Internet.

The fact of a possible leak has been informedMikhail Tereshkov, head of the information security service of the holding. He stated that the identified dataset could appear on the darknet as a result of only one of the leaks occurring in the period from 2013. In this regard, the work in this direction is of no interest to them, since the channels of these leaks have been eliminated. In other words, the profile manager of the telecommunications giant acknowledged the existence of gaps in the protection of the holding’s personal data and confirmed that Dom.ru belonged to the information published on the darknet.

On the one hand, company employeesThe “Internet Search” took measures to remove personal data of users from the resource on the darknet. On the other hand, the carelessness of the telecom giants inspires fears that such leaks will occur again and again. And, as a confirmation of this thought, a few days later the Dom.ru database appeared on the darknet. Only more recent, for 2016.

Igor Bederov notes that the loss is significantInformation can occur in various ways, ranging from theft of a phone or laptop and ending with the disclosure of data through employees and hacking of computer systems.

Fraud against business

During the work of the staff of the "Internet-search"regularly faced with fake or cloning activities of large businesses. Criminals can create full copies of the websites of major Russian business players in order to enter into contracts on their behalf. The average damage from one such attack is 1.5 million rubles.

For example, according to this scheme, the attackers workedwith the manufacturer of nitrogen fertilizers "Mendeleevkazot". The company's official site is mendeleevskazot.ru, and the clone site is located at mendeleevscazot.ru.

The difference in one letter and the inattention of the consumer can entail a loss of money, and the manufacturer itself bears because of this, not only financial losses, but also reputational costs.

According to the representative of EuroChem, forThe sowing season of 2016-2017, the farms lost more than 2 billion rubles due to fraudsters. The attacker's work scheme is simple: a client enters a clone site of a large manufacturer, contacts a fake sales department, pays an invoice according to the order, but he will not see the goods, as well as cash. Money through a thoughtful chain of Russian and foreign banks is deposited in the hands of an intruder. Clone not only sites, but also corporate identity, business cards, brand. Rent an office near the "head office". They do everything to look like a subsidiary structure, a separate division. Individuals may also come across such criminal schemes.

How not to get caught and where to run, if you please

Services and databases must contain complete andreliable information about the counterparty, so that everyone can assess the risk of working with him. Working arrangements are needed that security experts could create. The problem with many products of the non-state security industry is that the specialists who create them often have no understanding about security. For example, you can take a conditional banking payment system. Programmers are engaged in its development, having received a certain technical task.

Photo: Viktor Yuliev / "Hightech"

"I do not think that in the area of ​​security operationsIt will be executed perfectly, since it is not created by an expert in this field. Then there are such situations when a person purchases goods from a one-day store, realizes that he was deceived, immediately turns to the bank. There, they tell him about the uncompleted operation, and the next day the payment is made automatically, since the system does not allow marking the operation as unreliable until an internal investigation is conducted. This is a programmer’s and bank’s mistake, ”says Igor Bederov. - To defeat crime, we need new legal sources of information and the ability to freely process them. We need liberalization of personal data legislation. And we need state support in order to implement the development, so that products and ideas work for the good of Russia. ”

Instructions. What to do if a person or company is a victim of cyber fraud:

  • Urgently file a complaint with the police. For a quicker response, it is recommended to contact the special department “K” of the Ministry of Internal Affairs of the Russian Federation, which deals with offenses in this area.
  • If there was a fraud involving payment by credit card or bank transfer, then apply to the bank or electronic payment system with a statement about the possibility of cancellation of the operation.
  • In fact fraud or extortion write a statement to Roskomnadzor.
  • On the fraudulent resource, you can file a complaint for special services. They can assist in blocking such sites. For example, here.
  • If the problem concerns the payment of goods on the Internet, which either does not come to the buyer, or comes not what is ordered, It is necessary to contact Rospotrebnadzor and the Prosecutor’s Office for assistance.
  • You can also contact a personal data search company and security on the net for help, for example, in the “Internet Search”.

Today, the “Internet-Search” daily fulfills at least 150 inquiries, assists in the investigation of criminal cases and the search for hiding criminals passing through the federal base.

In the near future, the company Igor Bederova -creating a service to help HR agencies. The online system will allow you to check potential and existing employees in public databases, social networks and media. After analyzing the ratio of vacancies and resumes for security officers, Bederov concluded that there was a tendency to reduce the cost of maintaining a full-fledged staff of security officers. Separate functions are shifted to the personnel and legal departments, so the growth of the market for services provided by the Internet-Search agency will continue.