Sergey Yarets. "I taught the investigator a lot." The "hacker" from Rechitsa, detained during a special operation by the FBI, escaped imprisonment. $ 10 million in moral damage to Microsoft and "not a single victim in the States"

We met with the sensational "hacker from Rechitsa", on whom Microsoft "hung" $ 10 million, and the FBI and Interpol officers came to the arrest. We publish their material.

Sergei Yarets, known as the "hacker from Rechitsa," says his case, which was tried on August 9, is an example of how an elephant can be blown out of a fly. He admits that he read with horror about himself as "one of the most prolific cybercriminals in Europe."

“In the pre-trial detention center, they said: if you were shown on TV, you won’t get off with a“ convention ”. And I was shown four times. The articles were labeled. It's clear: journalists need views. Who then thought that the judge, having read all this, could easily throw a year or two for an “outstanding hacker”, ”Sergei notes with annoyance.

dev.by met with Sergei Yarets at the LVEE conference, where he gave a blitz report on cyber security, and was the first to listen to his story from start to finish.

Reference. Sergey Yarets was born in 1983. He worked as a chief engineer at a local TV company. He was an administrator on the damagelab forum, where he was known under the nickname Ar3s.

For three years, until December 2015, he was involved in technical support for the Andromeda loader, which was considered "one of the largest botnets on the Web."

He was detained on November 27, 2017 by employees of the Investigative Committee of Belarus and the Department "K" of the Ministry of Internal Affairs, together with the FBI and Interpol. He was charged first under Part 2, and six months later - under Part 1 of Article 354 of the Criminal Code ("Development of computer programs or making changes to existing programs for the purpose of unauthorized destruction, blocking, modification or copying of information").

On August 9, the Rechitsa District Court issued a verdict: Sergei Yarets was found guilty, and he had to pay a fine of 120 basic units. Since the man had spent about six months in a pre-trial detention center before that, he will not pay the fine.

"Went to FidoNet like other kids go to the circus"

I got carried away with computers at school. There was no one of our own - they wandered with friends and acquaintances. There was no literature either. I remember that my teacher either bought or borrowed from someone for a while Figurnov's book "IBM PC for the user". I went for two weeks for her - begging for her to read. She ended up lending me a book for one night. I did not close my eyes, read voraciously, and outlined the most interesting moments.

These were the times when the world was changing before our eyes: new technologies appeared. Mother said: "Son, go to the surgeon - and you will do a good deed, and you will not be left without money." And I wanted to become a computer scientist.

He assembled his own computer himself: he saved up money - an insane amount of $ 400 for that time, went to Minsk alone, without his parents, and bought the necessary spare parts and components. He was immensely happy.

As a PC user, I joined FidoNet. This was the beginning of my interest in the "dark", as they were called in articles on my case, forums. Fido held echo conferences and discussed security issues. I went there with the same feeling with which other children go to the circus: literate techies willingly shared their knowledge, told how what was arranged from the inside, revealed interconnections - and I followed, read and absorbed like a sponge.

Yes, I was still a schoolboy, but at FidoNet everyone was ageless. There were real experts in their field, or, as they were also called, hackers. They studied the systems, found vulnerabilities in them, and not only wrote to the administrator about a breach in the system, but ideally also sent instructions on how to close it. Old school specialists, in a word.

"A good expert is always a good cracker"

With the spread of the Internet, a real forum boom began. I somehow got to the forum, which later became damagelab, and stayed there for a long time. Young people between the ages of 14 and 17 were discussing such complex technical issues that I was a little embarrassed. I realized: here I have room to grow.

It is worth explaining why I was interested. I often tweaked the protection of different systems, and wanted to know how the "attack" works. And I will note this: if some cybersecurity expert tells you that he is all so correct - do not believe it! A good expert is necessarily a good burglar; he knows the inside of the kitchen. They just don't talk about it.

As the years passed, generations changed on damagelab, and the fans remained - those who lived it. At some point, the admin who was running the forum announced that he was closing it - he was tired. I suggested that he give me administrator rights to keep damagelab alive.

Hacker forums are constantly under attack, and in order to fight back, I had to pay for bulletproof hosting and domain, for a certificate that cannot be bought in a real name. Amounts fired from such. They were sometimes not even compensated by advertising.

The press wrote that I was invited "as an independent expert" to evaluate malware. In fact, I did the usual reviews so that users would not fall for the bait of "throwing", driving tyap-blooper-cobbled products, including on our forum. I negotiated with the owners of the programs: I write only the truth, if I find flaws, I will not keep silent, but I will also tell you about the advantages.

This is how I got to know the developers who were later detained by the FBI and Interpol. Unusual people, I must say. Not like everyone else.

"Ddoser are the most unbalanced people I know"

At one time damagelab was known as a cyber laboratory and as a "buy-sell-forum", but when I became an administrator, we left dangerous topics. For example, carding was banned: I cleaned the forum from messages of this kind and promised that every creator of such a topic will receive a "bath" and leave the forum.

I did the same with the DDos theme. Ddoser are the most unbalanced people I know. They are sure that they can "overwhelm any site", they think of themselves as supervillains, but in reality they are a bunch of youngsters going through the difficulties of adolescence. These are not interesting to me. By removing them from damagelab, I made sure I did it right. For more than two months they bombed the forum in revenge - it simply did not rise.

A group of developers formed around the themes that I developed and supported. It is generally accepted that if a programmer sits on a hacker forum, he writes malware - but this is not the case. Low-level programming was cultivated on our forum, and there are very, very few real specialists in this.

The last few generations of members of the forum did not make me happy, the general level fell: people came who only wanted to "quickly cut the dough." They did whatever - they wrote a blunder, and immediately began to sell it, threw themselves into crap, like carding, did not shy away from such dirt as lockers and scramblers.

I figured them out after the fact, when I read on some site that a new utility with such and such flaws appeared. And I remembered a user who asked on the forum about this function, and about this, and made exactly the same mistakes. With a probability of 99.5%, this is it.

Now it is sad at all forums: young people do not want to study. This can be seen in the posts, according to the messages. They want quick money. And this is very annoying.

Acquaintance with the author of Andromeda: "Loader sellers in my memory have never been detained"

I'll tell you how I met Waahoo - the author of the Andromeda loader. He came out the winner in a hack quest that I conducted on the forum. I hoped that the quest would last a maximum of a day, but the participants completed the tasks for more than three days - it was both difficult and interesting.

By that time, Andromeda already had a name, and Waahoo had a certain number of clients. He turned to me with a proposal: they say, I don't have time for everything, let me continue the development, and you will take care of technical support and you will receive a percentage of the sale.

I have been in this environment for a long time: I saw how much money people were earning, what things they did, and I stopped perceiving the loader as something dangerous. Yes, harder malware can be launched through this harmless program, but here my conscience is clear, I reassured myself.

Yes, I did it for the money. Officially, I earned $ 300-350, barely enough to live on, and then my little daughter was so sick that my wife did not climb out of the hospitals with her.

I understood that I was walking on a razor's edge: I was encrypted, I used security systems, but I knew that there are places where it is impossible to clean up after myself - everyone has traces. In addition, I was somehow reassured by the fact that loader sellers had never been detained in my memory. Wrong scale!

Of course, we followed the stories of high-profile arrests. Discussed: "Damn, but what a mistake in defense!" - together they decided how all this could be avoided. And those, whose mistakes we discussed, often came from our forum themselves.

Everyone wants to have their own secret, the Zorro mask in the closet between the T-shirts. My secret was my "shadow life" - and I liked it.

By the way, I still have a question for those who called me "the most prolific cybercriminals in Europe": guys, what have I done so? He did not release software, mostly wrote reviews, but there are thousands of them every day - there are a lot of bloggers.

Working with Waahoo: "When he went into a binge, a genius woke up in him"

I've worked with Waahoo since 2012 for three years. In the articles he is called "crazy alcoholic". Yes, he was drinking - but this is not a reason to offend a person. When Waahoo went into a binge, a genius awoke in him. He wrote amazing things in such a state - no one could have thought of such a thing.

There was a case, he released a new version. I wrote to Waahoo to fix one function, "but overall good." And he replied that he could not understand how it works: according to all the laws of programming, it should not. You see, in a normal state, he could not understand his own code.

I respected him as a professional. And yes, we have not met - on hacker forums this is the rule: you know the less, you sleep better. During the investigation, I was asked to name which of the local hackers I know. And I honestly answered: "Nobody."

Or maybe we’ll go to a polygraph worker?

Let's go!

I didn’t bend my heart. Sometimes it was possible to guess where my members of the forum live: someone slipped Ukrainian "i" and "sho" or Russian "che". But this is just my guess.

First, a provocation from Dzhigurda, and then: "The men came to check the fire extinguishers"

Do not think that it was easy to do technical support for Andromeda: once - and in your pocket 250 bucks (I earned half of the sale). I came home from work in the evening, turned on the computer - and the rest of the time I was solving the problems of clients, mostly English-speaking. At one o'clock in the morning, he staggered to the bed, fell and fell asleep. And exactly at 7:00 the alarm clock rang - and the daughter had to be taken to school. And so for three years.

I was completely exhausted. And when Waahoo once again disappeared from sight, I closed the project.

On that memorable day, someone under the nickname Dzhigurda wrote to me. He wanted to buy Andromeda back in early 2017 - he annoyed me with requests, and when I refused, he asked me to give him at least a piece of Andromeda's source code so that he could show it to his programmer. I took out the brain for a whole month, until I agreed to cut some pieces.

And so he drew again: "I need another piece of code - the builder." I understood that something was wrong here, I answered evasively: "I will look." "How much will it cost?" I wrote from the bulldozer: "300 bucks." And then the watchman comes running to me: “Some men came there. They said to check the fire extinguishers. " And I had a check just the other day - everything is in order. I'm going out. There are two big guys in overalls: "Are you such and such?" - "Yes, he is." They wrung their hands behind their backs, handcuffed them and took them back to the office.

Further into my office, as many people flew into my office as there weren't when they were born: one from the FBI, one from Interpol, three people from the main investigation department of the Investigative Committee, and the same number from department "K", at least five riot police. And someone else walked.

Ironically, in my office there was a pile of technology: mountains of hard drives, old, broken computers - go figure out what was involved and what was not. Department "K" wool my work computer, and there is nothing there: I kept everything on another computer.

Four hours later, they said: “I'm tired! We will take everything that is here, we will sort it out. " Next to it is the control room - if they turn off the servers, the people with whom I worked side by side for 15 years will be left without work, and the whole city without television for three to four weeks. I raised my hand and said: “There is no need to confiscate equipment. I'll tell and show everything now. "

That's how I started to confess. We had a friendly team, and I didn't want everyone to have problems because of me alone, a fool. I still have to look these people in the eye. In addition, at that moment I already perfectly understood that I would not get out: if the FBI and Interpol arrived, and also the "K" department - they have something for me.

"The FBI decided I was in charge of the attack."

That evening I was taken to Minsk. In the temporary isolation ward, they were too lazy to get the instep supports - they just took the shoes. And I walked barefoot on concrete, which is why I immediately got out of chronic diseases.

Immediately after breakfast I was taken for interrogation to the investigator. Then they put me back in the paddy wagon - sometimes I sat and waited there for three hours, sometimes five, and it's November outside, it's cold. After lunch, a FBI man talked to me. He asked how I chose my nickname, how I got carried away with computers - about nothing, in short. I expected it to be a toothy techie who would start pressing me, crushing people and asking questions about Andromeda, but that was not the case. The investigator showed himself to be a much more competent specialist, and, unlike him, asked questions on the topic.

Three days later I was transferred to Volodarsky (pre-trial detention center - ed.) - and I never saw the FBI officer again. But before that I learned a lot of interesting things. A long time ago, a member of an English-language forum with the nickname Old Warrior wrote a builder for our product. And this version began to be used to the right and to the left. With this Andromeda, as I understand it, the Trojan was also loaded, due to which an epidemic of banking software occurred in the States. The FBI thought I was in charge of the attack.

I told the FBI: “I don't know anything about this. Even my clients have nothing to do with it, because they did not have access to the builder - I closed everything. " He answered: "It's okay, we'll find out!" I don't even know if they found out.

To be honest, what annoyed me most of all was that I allegedly stole $ 10 million in the States. Everybody wrote about it. The amount is so beautiful! Everyone in my environment just said: "You are with the bubble!". And I didn't even understand where the legs grow from.

By the way, I asked a question to the FBI:

Why are you here now? The project has been closed for two years, there are no sales, - the answer was brilliant:

It's a long way to go to Belarus.

Prison life and probable term: "What are you, seven is a good number"

I just "drove" into the cell, and immediately the question:

Who are you? - I have named the article, what is the name. They've already explained to me how to introduce myself.

Who took you?

FBI and Interpol, Section "K", General Investigation Department ...

Well, well, how!

And then a week later a story came out in "Zone X". The face is blurred, but in the plot I was wearing the same brown sheepskin vest that I was wearing on the day of "arrival". And then, besides me, 14 people were sitting, looking at the screen, then looking at me, again at the screen, and again at me: "Oh, fuck it, so you didn't drive ?!" Nobody believed, they thought, another storyteller. But it turned out that everything is true.

The first two weeks were scary. I did not fully understand what was happening to me: it seemed that I was just watching a movie in 3D. But gradually I began to get used to it. In prison they like to "joke" - when some newcomer asks: "What will I get for this?" - in response you say the same thing that you were told: "What are you, seven is a good number." It’s wild right away, and then it’s okay. Here is some local humor. Although the same could shine for me, and even more - up to ten years.

Initially, I was charged with the second part of the article, which speaks of "especially grave consequences." I found comments on my article, and it was listed there that this is "a violation of governmental and intergovernmental communications, postal communications, the consequences that led to an environmental disaster or the death of a person through negligence or as a result of inaction."

My lawyer and I asked the investigator why I had the second part, and not the first, if there were no particularly grave consequences. And he answered: "Well, I'm sorry, you have 10 million infections."

We “butted” with these millions of infections as best we could. The press wrote that I taught the investigators a lot. Yes, I actively try to speed up the process. He said: “Guys, to prove it, look here. To perform the forensics, you need to disable Andromeda's protection: do this and that. " Each examination is two months. I understood: if everything drags on for up to a year, I will go crazy.

A week before my detention was approaching six months, the case was re-qualified, and I was sent home under a signature.

Court and verdict: “You don't have to pay anything. You went to zero at all! "

At home I sat like a mouse, even tried not to go outside. Then there was the trial. The judge lifted me up and said that a lot was written in the file, but he would like to hear this story from me.

He listened very carefully, and when I finished, he said: "It's another matter - now everything has become clear!" It seems to me that he was just humanly interested.

When the judge announced the verdict: such and such a fine, and such and such, and many more words - I was in a daze. "Did you understand?" he asked me. I just shook my head, thinking that I didn’t have any conditions, because I had already served six months.

We leave the hall. My lawyer is happy:

You understand? Understand? - And I figure out in my mind where else to find 1.5 thousand dollars (I'm not sure if this is the correct figure, at that moment I roughly counted) in order to pay the fine. Even before the trial, I paid all the "illegally obtained income" - all the amounts that appeared in the case. He got into debt, but paid off every penny. And now I was not happy that I had left, but I only thought: "Where can I get the money?"

The lawyer realized that it had not yet reached me, and explains:

- You don't need to pay anything! You know that the more strict absorbs the less strict. You went to zero at all!

And here I was covered. Sometimes events happen in life when it seems to you that you are born again. I had just such a feeling - it seemed that wings had grown behind my back, I flew for two days. I could not believe that everything worked out, because it began with ten years of the zone.

About the fate of Waahoo and members of the forum: "At first I was afraid that they would make a decoy duck out of me"

I do not know anything about the fate of Waahoo. On the final acquaintance with the materials of the criminal case, I found in the case the name of a person who could be hiding under this nickname.

Despite the fact that I memorized her, I did not try to find and contact this person. Thank God, he served his sentence. Yes, in debt, as in silk, but at home, with my family. Waahoo must have read about my arrest: they wrote about it everywhere.

At first I was very afraid that they would make a decoy duck out of me - they would force me to write to my friends something like: “I have problems. Come! "To find someone of the hackers. The Zen of tranquility overtook me that evening, when "Zone X" came out... I realized: not a single person will answer my message anymore, because they will think that this is a set-up.

The investigator asked the next day:

Why are you in such a good mood?

You understand, from now on I will not be able to frame anyone, even if I really want to.

$ 10 million in moral damage to Microsoft and "not a single victim in the States"

They wrote on the Internet about some allegedly "stolen" $ 10 million. Getting acquainted with the materials of the case at the very, very end, I finally understood what kind of money it was.

Microsoft has issued a "note" that Andromeda's actions have dealt a blow to their reputation, and they are demanding $ 10 million in moral compensation from me. This is what the 5-7 sentences said on a piece of paper signed by some Microsoft regional manager. And I always wondered: "Where did this amount come from?"

But here's the paradox, my investigator told me that he turned to the FBI:

Guys, how many infections do you have?

Up to four million a month.

Provide us with 20-30 victims with certain amounts - we will include these materials in the case.

They twisted and twisted for a long time - as a result, a document appeared in my file stating that one computer was infected in the USA, from which an attempt was made to transfer money from a bank account in the amount of $ 19,000. But the transaction was rejected by the bank, and there was no theft. And in the end, I don't have a single victim in the States.

And in the CIS, I couldn't have them, because I didn't want my product to even indirectly make it possible to steal money from our people - we all live end-to-end anyway. Therefore, we introduced a restriction: Andromeda did not run on those computers on which Russian, Belarusian, Ukrainian and Kazakh languages ​​were installed.

Now put all the pieces of the puzzle together: everything that was written about in the press was not done by me, and there was no damage. I have a lot of questions for Microsoft: their antivirus detected Andromeda in memory once or twice from day one, without any problems. So where does the damage come from? Where do 10 million infections come from? Most likely, infection attempts blocked by antivirus were taken into account, and this is a completely different story.

On data security: "Google Corporation, without hesitation, gave out my addresses to the FBI"

I think that the path to both the States and Europe has been closed to me. There are fears that if only I cross the border of Belarus, they will immediately lead me under white hands to find out where the 10 million that Microsoft demands from me.

But nothing, but I came here to LVEE - I'll tell you how easily Microsoft, Google and Facebook give out data to people, and also how to get rid of this data.

When you tell your acquaintances: “ You have Android - you are being followed", - they often answer:" So what? " Yes, "so what", as long as it does not concern you directly. But in fact, this applies to everyone.

The tendency in the modern world is such that the settings are hiding further and further, so that you do not limit, do not prohibit the collection of information - do not climb there at all. And I want to show today at the LVEE conference where you can see which application "can". And at the same time tell about your experience of life "without Google".

A huge amount of information is being collected. If earlier I thought that the "good corporation" Google staunchly adheres to its principles, and for some "Andromeda case" would never give out information about me to the FBI, it turned out that this happens simply by clicking.

When the FBIs arrived for the arrest, they knew everything about me. For some reason, they proved that I kept everything on a server that was registered under my name and phone number. But I remember exactly what data I indicated. It was just that someone took and entered the necessary data - and then they provided it as evidence.

I had an e-mail on Gmail, to which my phone is tied - and a corporation Google, without hesitation, gave all my addresses, all FBI data.

I can tell you something else: I had a Skype account - I talked with colleagues at work, with acquaintances, but never with Andromeda customers. Already under a subscription, I somehow climbed in and changed my password. At three o'clock in the morning, I received a notification from Microsoft that my account was logged in from another device.

I logged into my Microsoft account - nothing in the logs. I changed the password again - and the situation repeated itself. Most likely, the Americans logged into my Skype account with the password they just received from Microsoft. They cleaned up the login logs in the user interface, but forgot about the robot that responds to deviceID and sends notifications.

I no longer use Skype... I decided that I would not communicate with friends and acquaintances using this program, because someone's eyes will always be watching us. And I left Android. For a long time walked with Nokia 3310, and now I'm thinking of moving to Ubuntu.

They ask me what I'm going to do next. I was offered to take on a project to launch IPTV: this is for a few months - just so that my pants don't fall off. Perhaps, then I will deal with cybersecurity, I will open a company that will deal with audit.

As they say, I am "in active search."

A special operation against him was carried out by the American FBI and the Belarusian Ministry of Internal Affairs and the Investigative Committee.

The victims of hackers are more often Windows and Android users. But do not worry - each of us will become the object of a cybercrime at least once in our life, says a cybersecurity expert in an interview for Radio Svaboda.

An "outstanding" hacker is called the 33-year-old Sergei Yarts, who was detained a couple of weeks ago in Rechitsa.

The person against whom the FBI and Belarusian law enforcement officers conducted a joint operation was identified by cybersecurity experts from Recorded Future.

For many years, the Belarusian was hiding under the nickname Ar3s and, according to Reuters, was behind the largest and oldest botnet Andromeda.

He talks about hackers and the main rules of cybersecurity Andrey Borisevich, Director of Advanced Development at Recorded Future.

Why hackers infect our computers

- What is Andromeda served by a Belarusian hacker from Rechitsa?

Andromeda is a botnet. This is a large network of infected computers all over the world, controlled by either one person or a criminal structure. To manage the entire network or individual computers, there is a single control panel. Through it, you can send instructions to the infected computer - for example, install malicious software or start sending spam via e-mail.

The most common way to use infected computers- elementary theft of users' personal data. A keylogger is installed on the computer - a special program that intercepts everything that is typed on the keyboard. If a person logs into his bank account via a mobile phone, enters a password, this information is intercepted and sent to the attacker. Access to individual infected computers can be sold to other cybercriminals.

How data is used? One of the ways is illegal online shopping. Modern online stores have been fighting hacker crimes for a long time and successfully, as they are easy enough to recognize. For example, if someone enters the store from the IP of another country. To get around this, an attacker gains access to a random computer in the United States, logs into the site of the same Amazon or PayPal from it and makes an illegal transaction. An online store, payment system or bank sees this as a transaction from a familiar country.

But there are many ways to use infected computers. Almost any cybercrime that we hear about - either they stole money from a bank account, or attackers gain access to the networks of financial institutions and steal money simply from banks, or steal money from people from computers, from electronic wallets, cryptocurrency and so on, personal data - all this, as a rule, is done through the creation of a botnet.

The one who controls this network, of course, both earns a lot and causes very significant harm.

[From the sandbox] Running / debugging Python scripts in LXC / LXD containers from under VS Code https://t.co/6rxJsdBKwd

- If almost every area of ​​our life has already been digitized, can we say that each of us will face cybercrime?

- This is a really huge problem, and it did not appear today or yesterday. Botnets as large as Andromeda began to appear 10-15 years ago. For the criminal world, this is something everyday. There are certain risk groups that are most likely to face this problem. First of all, these are Windows users because most of the harmful software is written for Windows or Android if we talk about mobile phones.

Historically, attackers practically do not attack MacBook and iPhone users... First of all, because Apple products are the most secure and less vulnerable to external threats. And secondly, simply because there are many more Windows and Android devices than Apple's. For attackers, the number of potential victims is much more important than quality.

Almost any person will sooner or later fall into the hook of intruders. This does not mean that they will attack you personally. Most likely, this will happen through a massive infection. But sooner or later your information will be sold to someone.

Ordinary citizens have suffered great financial losses for a long time. The ranks of cybercriminals are growing.
A computer infected with the Petya ransomware virus. Illustrative photo If 5 years ago there was an unspoken rule among cybercriminals not to attack citizens from the CIS space, but now everyone turns a blind eye to this. We see that attacks on Belarusian, Russian, Ukrainian banks and financial institutions continue. Such attacks are quite successful, when tens of millions of dollars are stolen from banks. They are constantly trying to spread ransomware viruses. Such a virus blocks access to your device and demands a ransom from you for returning data.

Statistics are stubborn things, and they show that sooner or later everyone will face such a problem.

What did the Rechitsk hacker get caught on?

- What is so exceptional about the personality of the Rechitsa hacker? And how could such an authoritative person in the world of cybercrime get caught on the fact that ICQ was registered to a real MTS number?

- Determining who is behind this nickname, in fact, has not become a big problem. It only took a few days. We did this about six months before his arrest.

As a rule, people make such mistakes at the very beginning of their criminal career, when they are still young, ignorant. They make minor bloopers, but they remain on the Internet forever. It only takes time and a little effort to look a little further in time - and you can find moments when a cybercriminal either used his real phone number, or used a nickname under which he registered a long time ago on a social network, potentially highlighting his photo or even his name ...

Cybercriminals, especially inexperienced ones, often use real Skype. And for law enforcement agencies there is no difficulty in gaining access to record Skype.

In our case, this character did just that. Even before the start of his criminal career, he communicated in the circles of programmers, often asked questions in various non-criminal forums. He left his data when registering on the forums, his real year of birth, e-mail, and in one place ICQ, which he continued to use for many years, after switching to the "dark side".

How the Belarusian hacker was detained:

It often happens that these are fairly simple people with whom you live in a neighboring house and cannot imagine that this is one of the most famous hackers sought after all over the world. You don't have to go far for examples.

There is a young man from England Markus Hutchins, who was arrested by the FBI in the summer... He was already known as one of the most respected cybersecurity professionals in the world. He stopped the spread of the WannaCry virus, which at that time was attacking Russia, Ukraine, and European countries with great speed. He was considered a hero... A month or two later, he was arrested by the FBI on suspicion of distributing one of the most powerful Trojans, which was distributed in criminal forums and in the criminal underground.

If we return to our character, then we found out that since 2004 he was the administrator of one of the most respected criminal forums technical orientation. Criminal forums are of different types. There are those where the majority is engaged in carding - stealing money from credit cards, bank accounts, hacking online stores.

And there are technical forums where they discuss the most modern malicious software (malware), sell it, do everything related to its support. Exactly like this the forum was hosted by Ar3s, our Sergey Yarets... He was the chief administrator, and one of the most famous specialists in the criminal environment.

After all, even if new malicious software (software) appeared on other sites, he was invited as an independent expert.

He got access to the new version of the software, researched, tested and passed his verdict. If Yarets said that the software works as stated, then the success of this product was predetermined. Then the sales of these harmful programs went "with a bang", and the criminals no longer had any doubts about him.

"A hacker's modest lifestyle doesn't mean low income"

- If these forums exist so publicly, and the guy himself led a fairly open lifestyle - take, for example, his active Twitter - then at what point does this interest in malicious software become a crime?

- At that moment when people come and ask a question about him, and at the same time everyone understands that the ultimate goal is to harm either individuals or organizations. Often newcomers release their virus software for sale and for some reason believe that if they write in the contract that the software is “developed and sold exclusively for research purposes,” then this will somehow save them.

Yes, a hacker can write: my software is not designed to attack people and organizations. But everyone understands that it is distributed on hacker forums, money is taken for it. It is known that it will be used to attack ordinary citizens. This is already a crime. This does not protect future hackers from criminal prosecution.

- How much could S. earn on this? His acquaintances do not believe in such a "brilliant" career and say that the guy lived very modestly.

- If I'm not mistaken, the license itself cost $ 2000. But this particular botnet consists of two elements: a control panel that allows you to manage all infected computers, and the second part - the so-called payload, that is, the malicious file itself that will be sent to the computer - object of attack. For example, it might be an email attachment that looks like a harmless .jpg file. You click it and your computer gets infected.

Antivirus programs learn very quickly to recognize such harmful documents. And for such software to work effectively, they need to be constantly cleaned. This is called support. And this is one of the services that Ar3s provided. For this he received $ 50. With widespread malware distribution, this should be done almost daily. Having bought a license for 2000 dollars, you need to give another 1500 monthly for support.

Therefore, I think Sergei's modest lifestyle does not mean that he had a small income. He had a legal job, in the eyes of many people he was an ordinary citizen, but at the same time he was also involved in criminal cases. And for many years.

"The fact that society does not see hackers as big criminals is due to Hollywood."

- How many such hackers can there be in Belarus?
- There were a lot, as technical education in Belarus is one of the best in the world. But many "talented" hackers left at one time in places that were safer for them. Including to Russia, Ukraine, as in Belarus the law enforcement bodies acted much more professionally in relation to them. It is well known that in Belarus it is difficult to give a bribe, to fight off criminal prosecution. And in neighboring countries it is all over the place.

How do you feel about the fact that hackers are still considered almost "role models", they have a heroic-romantic image, and when they get out of prison, they willingly give interviews about their "cyber exploits", and many people are fond of them?
- In modern society, hackers are not considered bandits. But the time has long passed when ordinary people did not suffer from them. Until now, the impression remains that banks somehow compensate for the money stolen by hackers, but this is not true. It has long been difficult for banks to recover money if it is stolen from credit cards and bank accounts. Even in the US it is difficult for people to get their money back. Today's hackers inflict enormous damage on ordinary people.

Modern attacks also use ransomware viruses that attack everyone and everything - personal computers, medical institutions, police, courts, government agencies. Now these cybercrimes have crossed all reasonable limits and are more reminiscent of the situation in the Wild West of the 18th century than the modern society of the 21st century.

Society still does not see big criminals in hackers and this is partly due to Hollywood. He continues to churn out movies, TV series about hackers, where he shows what "robin hoods" they are, how they manage to remain elusive, travel the world, be one step ahead of the police.

But those times are long gone. The same Sergei, who was arrested in Belarus, is one of the dinosaurs. He has been in this business since he was 18. In today's world, cybercrime is already linked to organized cybercrime.

Modern cyber attacks, especially on banks, are carried out by powerful cyber groups who have huge financial and administrative support, the corruption component from the police, when they can be covered and taken care of their safety.

In America, cybercrime often overlaps with street crime. This is no longer just a hacker in a hooded bike, but people who have 2-3 prison trips behind them, who rob, kill and, at the same time, steal money from their accounts. The way society sees cybercrime has long been untrue.

6 cybersecurity rules from an expert

Install an antivirus. This, of course, is not a panacea. If the hacker chose you, the antivirus may not help. But it will help weed out most opportunistic attacks that aim to infect as many computers as possible.

Don't open email attachments... First of all, if you do not know who this letter is from. Hackers have now learned how to manipulate consciousness well through various methods of NLP - neurolinguistic programming. Having bought the compromised databases, they know your name, and you receive an email with an infected file addressed to you personally. We live in a fast pace, we have no time to reason, we open emails without hesitation. And this is absolutely not worth doing. If you know the person from whom the suspicious letter came, take the time to send him an SMS and ask if he really sent this.

Don't click on links in emails, where you are offered bonuses, a lucrative job, or they say that you have won some kind of prize. Now this is a very common method of hackers, and as a result, your computer becomes infected.

Have different passwords for absolutely all services that you are using. Literally every website, application.

Install a password generator, it helps you create random passwords. There are special programs, they can cost $ 10 a year, but it's worth it. Such a program will save you a lot of time and effort, which you can spend in the future on restoring your data and getting your money back.
Criminals know that people are lazy, they invent 1-2 passwords and use them for everything. Fraudsters have long understood this. At least one password of any person in the world can be found on the Internet and then, by simple selection, get access to important resources - a bank account, credit card, e-mail, and so on.

Use Google two-factor authentication... Hackers have not yet learned how to bypass this particular method of protection.

For the first time in Belarus, a cybercrime trial took place. The Rechitsa District Court was examining a high-profile case that caused a lot of noise. The "hacker Ar3s" (in Russian - Ares) was on the dock. In fact, he is a 35-year-old resident of the regional center Sergei Yarets, a respectable family man, no previous convictions, an executive and responsible employee of the small regional television and radio company "Televid". However, Sergei was accused of a crime, the victims of which were millions of people around the world, calling him "one of the most prolific cybercriminals in Europe."

FOR EACH SALE OF ANDROMEDA - $ 500

According to the investigation, Rechichin was a member of an international cybercriminal group and was distributing the Andromeda computer virus. It is a botnet, a program that attacks Windows computers. Once in the system, it paralyzes the work of the filters that protect the computer. The Trojan then downloads other programs to the hard drive from the Internet. Most often - viruses, with the help of which it is possible to obtain personal data of users, access to bank accounts, block the operation of the system.

After millions of computers were infected with Andromeda, US and European law enforcement officers carried out a large-scale operation to eliminate the criminal group. The hackers were hunted by the FBI, Interpol, Europol's cyber division ...

And so the US FBI officers contacted a certain Ares, who turned out to be a citizen of Belarus. An employee of the American bureau contacted Ares and agreed that he would sell him part of the Andromeda code. At the next correspondence about the sale of the remaining part of the code, the Belarusian was detained.

The Investigative Committee charged the Rechian with administering forums where cybercriminals communicated. According to the investigation, the man helped his interlocutors buy and update Andromeda, and also provided technical support services for the Trojan. He received $ 500 for each virus sale, and $ 10 for each update.

THE VIRUS DEVELOPER LIVED IN RUSSIA AND CONSTANTLY Drank

Ares himself agreed to talk to Komsomolskaya Pravda. He spoke about his version of what happened:

I was the administrator of a forum where I taught programmers. Many asked to teach them how to become hackers, and helped them to develop, and as a result, people got jobs in well-known companies. I reviewed the programs on the forum, and the Andromeda developer, who lives in Russia, asked me to review this bot. And then - to help in the distribution of the program, because he himself did not have time to develop and sell it.

Sergey explained how Andromeda works. He claims that the program does absolutely no harm to the computer:

It all depends on the buyer. Among my clients were companies that installed Andromeda on their employees' computers in order to update the necessary programs. And someone could set up a botnet to download viruses. I personally did not steal a penny from anyone - I was just selling the program.

By the way, Andromeda was configured so that it would not run on computers in the CIS countries. Sergei claims that this was done on principle - so as "not to shit in the place in which you live." And according to the investigation, the matter is not at all about patriotism - the criminals only cared about their safety, believing that the US and European authorities would not be able to find them here.

According to Sergei, the development partner often went into long drinking bouts. Once a Belarusian asked a hacker to send him the source code so that in case of another binge he could do something himself. So he got access to the code, some of which he sold to the FBI, which he got caught on.

In 2015, I decided to close the sale of Andromeda and its services, because the developer continues to drink heavily. But someone posted a program on the Internet, making it available for free download. Therefore, Andromeda began to spread at a frantic pace. But I have nothing to do with this, and I have no idea who posted the program on the Internet, ”replied Sergey. However, the investigation believes that he is still involved in the free distribution of the Trojan.

BY THE RESOLUTION OF THE COURT, ARES DOES NOT HAVE ANYTHING AND WILL RETURN TO WORK

As Sergei said, Microsoft has sent a document to the Belarusian authorities stating that it estimates its damage from Ares' actions at $ 10 million. But such a claim was not brought against Sergei in the Belarusian court. Only the illegally obtained income was demanded from him - from the sale of "Andromeda". The largest sum that appears in the episodes of the case is 11 thousand Belarusian rubles.

The Rechik paid all the damage during the trial, so the prosecutor and the court were lenient towards him. Moreover, the "cybercriminal" repented of everything, fully admitted guilt and even helped the investigation in formulating the accusation and disclosing the entire mechanism of action of "Andromeda".

The prosecutor of the district Nikolai Belorusov acted as the state prosecutor in court, he asked to punish Sergei Yarts with two years of imprisonment, but conditionally, as well as a large fine. The court considered differently: it sentenced the programmer to a large fine, but given that the resident of Rechik spent six months in jail, it is no longer necessary to pay the fine. Being in custody is equivalent to imprisonment, therefore it absorbs a less severe punishment. Therefore, Sergei came out of the court joyful - it turned out that he did not owe anything to anyone else. Now he again gets a job at Televid. But he hopes that after such a resonance he can be offered a more prestigious job.

The special operation, led by FBI officers, took place in the fall of 2017 in Rechitsa. It was a joint operation of the Investigative Committee and the International Bureau of Investigation to identify hackers working in Belarus.

On a signal from an informant who worked under the nickname Dzhigurda, officers of the Investigative Committee detained Sergei Yarets. He was charged with manufacturing and distributing malware, and organizing and managing a site where hackers shared their experience in breaking information systems.

It turned out that Yarets, who was known on the web as Ar3s, was associated with the Andromeda botnet. The arrest was preceded by the purchase of software by the FBI, which, when checked by specialists, turned out to be malicious.

A year before the start of the special operation, Microsoft announced that up to four million processors every month are infected with similar software. The company's specialists have estimated the losses from the influence of virus programs at ten million dollars.

The defendant's lawyer made incredible efforts to get the court to meet the accused. But the person under investigation himself, during the course of the investigative measures, not only began to cooperate with the investigation, but also tried to help the employees of the Investigative Committee to expose himself.

The lawyer says that the investigator himself was quite experienced in information technology, but he did not understand everything either. Some things were generally unprovable, but the suspect himself literally chewed the intricacies of his bells and whistles to the investigator. The defender of Yartz says that he has never met such an unusual investigation. Here it is already necessary to speak about the “invaluable assistance” that his client rendered to the investigation.

All this was taken into account when the verdict was passed. In addition, the lawyer constantly convinced the investigation that such a knowledgeable specialist as his client would be more useful in the wild than in prison. And Yartz, according to the FBI, was at least 10 years old. The defendant repented and confidently stated that he was not going to the West, including the United States.

His trial took place on August 9. Immediately in the courtroom, the accused presented a receipt for payment of tax on profits obtained as a result of illegal activities. The receipt contained a record of 11 thousand rubles paid. The case was re-qualified according to its first part - “profits obtained by criminal means”. Thus, the defendant paid the taxes due to the state budget and compensated for the fine of 2940 rubles due to his imprisonment in the remand prison. The suspect spent 6 months there.

Sergei's lawyer claims that he is the only one to be arrested by the FBI. He also clarifies the principled position of his client, who throughout his illegal activities did not harm users in the post-Soviet space.

The prosecution speaks of the fully proven guilt of the defendant and demands from the court 2 years of imprisonment for Sergei Yarts, conditionally. At the same time, it asks to appoint the defendant a year of probation. The prosecution disagrees with the lawyer's assertion that her ward is innocent before the people of Belarus.

The prosecutor stressed that the crime is international in nature and the consequences of his actions were quite tangible for citizens of other countries. In addition, it has been proven that the defendant was selling his products, which were deliberately infected with a virus. Therefore, there is no talk of removing guilt and liberation.

In addition, the prosecutor sees in the actions of the defendant not signs of nobility, but fear of exposure. Therefore, he simply did not dare to conduct his destructive activities on the territory of Belarus and the Russian Federation.

Yarets himself repented in the last word and said that he was not the creator of Andromeda. This site, according to him, was created by an "alcoholic genius" whose place of residence is unknown to him. Sergei only helped him in administering the site.

He explained the presence of the program code by the fact that his owner often went into a binge, and then did not come out of it for a long time. Therefore, it was an understandable necessity to keep the access code with you.

At one time, before the arrest and stay in the pre-trial detention center, Yarets was engaged in the protection of information: the development and installation of software. Officially, he worked on the security of three organizations. After the end of the trial, he intends to return to the Televid company, where he served as chief engineer. He says that they are already waiting for him there, and they are waiting impatiently.