Natspolitsiya: “World cybervirus in Ukraine there are practically no”

Recently world media has bypassed the next sensation in the area of cybercrime has detected a virus called “Chinese”, which had infected around the globe many computers. And recently, we recall, was the scandal with the virus WannaCry. To know affected whether these viruses Ukraine, we turned to the head of the Department for combating cybercrime of national police of Ukraine Sergey Demediuk.

— When we together with international organizations on combating crime, in particular with Europol, began to carefully examine the nature of the virus WannaCry, we saw that these viruses are a whole family. The one that the world media called “Chinese”, also from this family. It’s called 000007 and distributed via email.

In fact, in the method of distribution is the difference between viruses within this family. One such virus is created for the former Soviet Union, referred to as X-Data. The basis is the same WannaCry. These last two are distributed by using the particular vulnerability of computers. WannaCry exploits a vulnerability of Windows. Since post-Soviet and some other countries often use a pirated version of OS, then after them went the surge of infected computers, which was a lot of buzz. The company “Microsoft” to stop it, even has released an update to the “ancient” Windows XP, which for many years were not updated, as obsolete.

INTERPRETER. “As for Ukraine, the relatively WannaCry we have not received a single statement, — says Sergey Demediuk, we have not recorded any case of infection in our country! And here is another version of the virus, which goes through one of the programs of accounting, came to us. This Is X-Data. At least one case is. We were approached by a legal person to which the virus came. However, asked only for advice, a statement of the firm’s management decided to try it. But they gave this virus to us, we are working to define ways of protection. Fortunately, this virus is already interpreter. It is also posted on our website and on the website of Europol. We also participated in the development of the interpreter, have submitted their proposals, because Ukraine is officially in the international community to combat the above-mentioned family of viruses.

The third variant of the virus, 000007, now the world is very common in Ukraine, we have documented only a few cases. Officially, a statement addressed to us only once is an individual. As I said, the virus spreads via e-mail. If the user has opened some fake email that his device is infected with a virus and can be controlled by hackers. So don’t open suspicious emails!

PARTNERS. As Sergey Demediuk mentioned the cooperation with Europol and other international organizations, “Today” asked him more about it. What the cooperation is helping us partners, give grants, etc.

— Grants, alas, don’t get a smile, Demediuk. But countries with which we cooperate, give us technical assistance. Not so long ago received assistance with equipment from Britain, Germany and the OSCE. And Germany is now ready to help us with equipment and software. USA provide access to their databases, special software that allow you to calculate cybercriminals. Britain and Germany also help exchange experiences: take our operatives to their studies and come to us of their instructor. International organizations like the OSCE, Europol and others, help those that pay for our overseas travel, on business, of course. Here is a recent my trip to the Hague was paid by Europol. Our country, unfortunately, cannot afford such trips for us. Ashamed, to be honest, but as long as… If we talk about our cooperation, about joint operations, but now we are two groups involved in financial crimes. That is, it is the Ukrainians who hack into financial accounts in the U.S. and Western Europe. Money plants in Ukraine and legalized here. We are talking about millions of dollars.

Attack! Hackers are attacking millions of computers around the world. Photo: Zuma/TASS


Especially for the “Today” head of the Department told about a major operation to neutralize the criminals.

— A Scam that we recently uncovered — creation of fraudulent websites on trade in goods via the Internet, — said Sergey. — Organized her three Kiev — two boys and a girl. They created the cloned websites promoted, branded Internet sites, just changing the domain name. People, if you are looking for a product, often ask in the name of the selling firm, and the name of the product, besides trying to find the lowest price. And the search engine lead potential buyers to fake sites for scammers put there price a little lower than at present. And in order not to arouse suspicion, why a product is cheaper, they write that, say, the sale or some action. Yes, open the count how much time is left before the end of the action, say, in a hurry to buy more tomorrow. Very plausible…

THE FAKE COMPANY. To get the money from defrauded victims, scammers bought the enterprise-ephemeral (this is possible via the Internet), gaining access to Bank accounts. On the website-bogus means that its owner is the company. Want to check please the company actually exists. After all, the man, thinking that buying, say, a washing machine, “shares”, are unlikely to transfer the money to some physical person on the map, it is suspicious. And so like everything is in order, the money goes into the account… In fact, those accounts controlled by the fraudsters. Usually they contented themselves with the advance payment.

The girl group played the role of the call center, she talked with potential buyers, talked about the conditions, and after sending the money some time fooling: they say, sorry, unexpected delay from a supplier or accidentally the wrong item sent, will soon return, etc. She had to buy time so the money came at the expense, where they were translated and then legalized crooks, you are receiving money from the cards.

Incidentally, we at one time baffled, we thought that the money, as is usually done, get the “drops” (people giving the fraudsters your Bank cards. — Ed.) we lead them. But where are the organizers? It turned out, the organizers already have become so arrogant for a few years that cost while getting money without “drops”.

FAST LIFE. This group is characterized by the fact that he worked for several years (from 2013), but with breaks. Three of the organizers, with enough, in their view, amount to a comfortable existence, had closed all their websites and businesses and just burned through life: making expensive purchases, vacationing at resorts, etc. When the money ended, the newly created fake websites and so on. When we were detained, when a search found the documents that only in 2017 fraudsters lured victims about one million hryvnias! We are now working with the year 2016, on the order of 15-th, 14-th, 13-th year. Imagine how much money passed through their hands over the years! Investigating the case police under the supervision of the Prosecutor’s office of Kiev.


Sergey shared, Demediuk with our newspaper and his thoughts about “white hackers”, who on his own initiative fight cybercrime, also revealed details about the work of his Department.

— “White hackers” are actually a lot, they often come together in community, he says. For example, the so-called IT-a hundred, which breaks the resources of the separatists and the aggressor receives the information, interferes with their work. There are other specialists of this kind. We with such communities, if necessary, cooperate. Actually, the “white hackers” we have in the structure of the Department for combating cybercrime. There are about 25 people, wages — 30-33 thousand. But in business people with these qualifications (and it, believe, very high) are paid more because it is no secret, we have a high staff turnover. Besides hackers, in the Department there are still detectives. More of them are now more than 200 people, but around 100 still missing.

The detectives zarpalaty below — from 9 to 15 thousand hryvnia. Hackers develop software, conduct operations in the network, and the detectives get the information, bring it to hackers to help in the implementation of operations. Among the detectives is a unit of, say, criminal intelligence, which deals with intelligence network content.