- Статьи
- Society
- To register: a unified database of digital traces of cybercriminals has been created in Russia
To register: a unified database of digital traces of cybercriminals has been created in Russia
Russia has created a database of digital traces of cybercriminals, which will help to quickly block their activities. The system will help identify serial fraudsters, shut down call centers, freeze their income, and in many cases prevent crimes. Izvestia found out how the base will work and how it will help protect Russians.
Digital footprint Database
A database of digital traces of cybercriminals has been created in Russia. It will help to quickly block their activities, Russian Prosecutor General Alexander Gutan said at a meeting of the coordinating council of CIS prosecutors General.
As Gutsan explained, the database was the product of the joint work of the Prosecutor General's Office, Rosfinmonitoring, the Ministry of Internal Affairs and the Bank of Russia.
"It is constantly being updated. It already contains information about more than 6 million phone numbers, bank details and Internet resources," the Prosecutor General said.
The functionality of the database allows you to quickly identify serial attacks by fraudsters, shut down call centers, freeze their income and in many cases prevent crimes, including in cyberspace, the damage from which in the country reaches hundreds of billions of rubles.
"Over the past five years, the share of cybercrimes in Russia has reached 40% of all [types of crimes] registered. Last year, their number exceeded 765 thousand. The damage amounts to hundreds of billions of rubles, a quarter of them are funds stolen from citizens," Gutsan said.
He noted that children and the elderly remain the most vulnerable categories. At the same time, most crimes are committed from abroad, which complicates their suppression.
What are digital footprints?
Everything leaves digital footprints on the Internet, and scammers are not unique here. These can include comments, reactions to social media posts, purchases, clicks on websites from advertisements, voice data, photos and videos.
"The second category is technical digital traces: IP address, geolocation, device type and, in the case of cybercriminals, malware samples," the Solar Group's press service explains to Izvestia. –– In legal scenarios, both categories of digital footprints are used to set up targeted advertising messages. In illegal cases, it is used for phishing attacks, including using deepfakes.
Sargis Shmavonian, an expert at Cyberprotect, attributes specific tools to the traces of fraudsters, without which their criminal scheme does not work.
–– We are talking about phone numbers from which voice phishing calls are made, bank details for accepting payments from victims, as well as online resources such as phishing sites, social media pages or messengers. Each such element leaves an imprint in the logs of telecom operators, financial institutions and hosting providers," notes Shmavonian.
Collecting these disparate data into a single database allows you to move from responding to individual incidents to a systematic analysis of the entire criminal chain.
What is the database for?
According to Sarkis Shmavonian, the process of leaving traces cannot be called a mistake or an oversight of fraudsters - it is a technologically inevitable consequence of their actions. For mass calls, they need to use SIM cards, which are registered on front persons and are actively used, which is recorded by mobile operators. Each such call leaves metadata.
To receive money, bank accounts or electronic wallets are created, the transactions of which are carefully monitored by financial monitoring. To lure victims' data, scammers are forced to create phishing sites that have unique IP addresses, domain names and are hosted on hosting sites.
–– The main purpose of creating the database is to overcome information disconnection. Before it appeared, data on fraudulent activities was fragmented: one bank knew about suspicious accounts, the telecom operator knew about the numbers used by fraudsters, and law enforcement officers received scattered statements from citizens. There was no single mechanism that would aggregate this information in real time," the expert explains.
The digital footprint database will act as a centralized hub. It will allow you to establish links between seemingly disparate events: a call from a specific number, a transfer to a specific account, and a victim's visit to a phishing site.
–"This will transform the fight against fraud from a point-based to a systemic one, allowing attacks not on individual performers, but on their entire infrastructure, making its creation and maintenance economically unprofitable and operationally difficult," concludes Sarkis Shmavonian.
How the database will work
A unified database of digital traces will speed up the process of detecting fraudulent schemes, blocking their activities and preventing new crimes, said Alexey Korobchenko, head of the information security department at the Security Code company.
This is due to the fact that many modern cybersecurity solutions have AI modules or machine learning tools that constantly update their own databases of malicious activity and block them at an early stage.
–"As soon as a suspicious indicator gets into the system, for example, a phone number or IP address, all actions related to it begin to be monitored with increased attention," the source tells Izvestia. –– The system analyzes a set of data and behavioral patterns, and if a set risk threshold is exceeded or if several warning indicators match, the operation may be blocked.
The Solar Group notes that there may be several scenarios for using the database. For example, if voice recognition technologies are used, then messengers and telecom operators could block a suspicious person based on fragments of speech.
–– Banks would be able to automatically respond to communication with such a person by blocking request transactions, loan applications, or large transfers. Public services - warn users that they are interacting with an unscrupulous person. And corporate means of protection are to signal the security officer about the appearance of suspicious persons and signs of potential threats," the press service explains.
Risks and global practice
There may be risks associated with the erroneous entry of innocent people into the database, according to the Solar Group. It is highly likely that voice and facial recognition machine learning mechanisms will be used to collect and process digital footprints. Therefore, it is important to take measures to ensure the security of both the database of ML model datasets and the accuracy of recognition by algorithms. It is necessary to ensure regular updating of the database, to eliminate the possibility of false positives.
And, of course, it is worth considering the risks of attacks that use digital counterparts of ordinary users, completely generated by AI. In this case, the criteria for including and excluding users from this database, as well as mechanisms to protect their reputation, will be extremely important, the company emphasizes.
At the same time, cybersecurity experts agree that such a system is necessary. The creation of similar databases and information exchange systems on cyber threats has become a global trend.
–– Many countries have come to understand that only joining forces can give results against transnational crime, - says Sarkis Shmavonian. –– There are industry alliances where banks and IT companies exchange indicators of compromise in near real time, such as malware hashes and phishing site addresses.
Переведено сервисом «Яндекс Переводчик»
