Barrier environment: the State Duma supported a bill to protect Russians from cybercriminals

The amount of damage caused by crimes in the field of cyberbullying increased by 36% in 2024, amounting to 200 billion rubles. A total of 486 thousand such cases were recorded. New measures are being worked out to protect citizens from online fraud, and the State Duma considered the relevant bill in the first reading. When implementing the initiative, it is important to balance the obligations of all participants in legal relations, as well as the technical and organizational and legal possibilities for their fulfillment, experts warn. Whether the new norm will help protect against intruders is in the Izvestia article.

An integrated approach

On Tuesday, March 18, the State Duma considered in the first reading a bill on the protection of citizens from cyberbullying. The initiative was introduced by the Russian government in February of this year. The document is posted on the website of the legislative support system.

The number of crimes in the field of online fraud in 2024 amounted to 486 thousand cases. The amount of damage increased by 36%, to 200 billion rubles. Thefts from a bank account account account for a fifth of crimes in this area. This is evidenced by the data of the Ministry of Internal Affairs of the Russian Federation, which was cited by the Chairman of the State Duma Vyacheslav Volodin.

Photo: IZVESTIA/Alexey Maishev

"It is important to protect people from scammers who use new technologies more and more every year. In this regard, the draft law proposes a set of about 30 measures. <...> The decision will make it possible to protect citizens and their loved ones from losing money," wrote the speaker of the State Duma in his Telegram channel.

The initiative should consolidate the possibility of online information exchange between government agencies, banks and digital platforms, introduce new rules for identifying and verifying the identity of users of communication services, as well as establish a ban on communicating with citizens and customers through messengers.

Photo: IZVESTIA/Eduard Kornienko

"Automatic monitoring will make it possible to detect suspicious actions almost instantly, block them and notify law enforcement agencies of potential crimes," the explanatory note to the bill says.

A significant innovation is the introduction of mandatory labeling of calls. It assumes that the name of the organization from which the call is being received will be displayed on the phone screen, which will allow fraudsters to be identified.

In addition, the new legislative provision will give citizens the opportunity to refuse to receive mailings, spam calls and calls from subscriber numbers that are not part of the Russian system or initiated using virtual telephone exchanges.

At Trojan horse: cybercriminals disguise themselves as bailiffs

The FSSP warned that they never send official notifications by e-mail.

A national disaster

The bill being considered in the State Duma is really necessary, since any barriers and controls complicate the lives of fraudsters, says Anton Shustikov, CEO of the CakesCats educational project and an information security specialist. The more effort an attacker spends on an attack, the lower its profitability becomes.

— Today we are witnessing a real epidemic of telephone fraud, the scale of the problem is enormous. Periodically, we see how intruders go beyond fraud itself and lead people to extremism. In such circumstances, inaction will only worsen the problem," the expert points out.

Photo: IZVESTIA/Mikhail Tereshchenko

Rampant telephone and Internet fraud has become a national disaster, confirms Timur Sadykov, head of the Laboratory of Artificial Intelligence, Neurotechnology and Business Analytics at Plekhanov Russian University of Economics. The damage caused by intruders in 2024, in his opinion, is comparable to the damage caused by the most dangerous natural disasters.

The number of fraudulent schemes on the Internet is steadily growing, and it is wrong not to work in this direction, Denis Kuskov, CEO of the information and analytical agency TelecomDaily, agrees.

— In my opinion, the authorization of calls, the comparison of passport data when registering the purchase of SIM cards, restrictions on purchases of SIM cards, viewing contracts that are self-registered on Gosuslugi, biometrics for foreigners and the impossibility of number substitution are really good measures that complement each other, — the expert believes.

How will the project be implemented

Anton Shustikov sees an important innovation in limiting the possibilities of calling customers. This, according to the expert, will reduce the level of spam and make it more difficult for fraudsters to access potential victims.

Mandatory labeling of calls is equally important. It will require close cooperation with telecom operators and the introduction of effective filtering algorithms. Subscribers will be able to immediately see who is trying to contact them, which will reduce the likelihood of participating in fraudulent schemes, says Igor Dusha, director of the ecosystem in the field of information security at Nota Kupol. In this case, it will become more difficult to identify yourself as an employee of a bank or organization. However, it is necessary to inform the public about the new feature.

Photo: IZVESTIA/Anna Selina

At the same time, mandatory labeling of calls will become an additional burden on operators, warns Eldar Murtazin, a leading analyst at Mobile Research Group.

— Commercial services turn callers into free ones by definition. And here, of course, the question arises how and who will compensate for the costs of maintaining these services," the expert notes.

Photo: IZVESTIA/Dmitry Korotaev

The measure to create a register of votes of intruders is also significant. Phonoscopic detection is a well—known and well-proven method of combating criminals, Timur Sadikov draws attention to. According to him, the human voice contains many unique frequencies that can be recognized even after conversion using digital filters. And most phone scammers, confident in their own impunity, speak with their own voices without even changing them.

— Therefore, the formation of a federal register of digital fingerprints of speech signals may allow blocking calls from intruders. The difficulty here lies in synchronizing the operation of the cellular operators' equipment to reduce the time delay required for phonoscopic identification of the criminal's voice," the expert clarifies.

Photo: IZVESTIA/Dmitry Korotaev

The complete ban on communication via foreign messengers proposed in the bill could potentially make it difficult to send important notifications to users, warns Igor Dusha. Its implementation will require a thoughtful balance between security and convenience.

The proposed norms will not save citizens from danger by 100%, but they will significantly complicate the life of intruders, Denis Kuskov believes. The key question in the case of the draft law is how these measures will be implemented in practice and how effectively law enforcement agencies and telecom operators will be able to implement and keep them up to date, Shustikov points out.

Take samples: answering machine recordings began to be used to create deepfakes

Voice data can become a dangerous weapon in the hands of fraudsters.

Responding to challenges

The implementation of the draft law requires a balance between the obligations of all parties to the relationship, as well as the availability of the necessary technical and organizational conditions, member of the Russian Bar Association, information security expert Evgenia Meshkova points out.

— For example, the creation of a database of fraudsters' voices implies the appearance of metrics and features in database structures that did not exist before. And the use of a secure unified biometric system instead of standardized authentication mechanisms in fintech will change the pool of opportunities for service users," the Izvestia interlocutor notes.

Photo: IZVESTIA/Alexey Maishev

Anton Shustikov sees the measures under discussion as quite feasible — their effectiveness depends on technical elaboration, interaction with telecom operators, banks and government agencies, and the ability to quickly adapt to new fraud schemes.

In addition, the introduction of innovations will require time and resources, warns Meshkova. And in some areas, the vector of the already achieved effect will change.

— Fraudsters will certainly take steps to circumvent the provisions of the bill. It is possible to predict the extensive use of artificial intelligence technologies from attack traffic, as well as the execution of fraud scenarios using adaptive algorithms to the development of a methodology for hiding the digital footprint in existing threat models, the expert admits.

Photo: IZVESTIA/Anna Selina

Cybercriminals will continue to use social networks and messengers in their criminal schemes, Denis Kuskov predicts. In addition, there are still a large number of "gray" SIM cards that do not have authorization, which can be used to commit online crimes.

— Fraudsters will be looking for more and more new schemes of deception, therefore this bill is just one of the steps towards comprehensive protection, including technical solutions, as well as improving the digital literacy of users, — Igor Dusha points out.