Read the original article at 112.ua
In Ukraine, the Department of Cyber Poliсe was established in October 2015, but in fact experts worked on uncovering crimes committed in the network since 2014. The activities of the department are highly valued, in particular in the Ministry of Internal Affairs. "Separately I will mention the Department of Cyber Police. I did not expect that they would show themselves so well in such a short time. The team, headed by Serhiy Demedyuk, was highly appreciated by our international partners, experts in the field of combating cybercrime," adviser to the Minister of the Interior Zoryan Shkiryak told in an interview to 112.ua.
We decided to figure out what and how cyber police of Ukraine are fighting on the Internet. To our great regret, the head of the department, Serhiy Demedyuk, did not have time to talk, and the department staff kindly provided answers in hard copy. The official language of the answer will never replace live communication, but we tried to make the most interesting text from the answer of the cybercops.
Cybercrime is a crime committed in virtual space. That is, in the information space created with the help of computers, where the personal data of the users are located. A cybercrime can include a hacked page in a social network or a hacked phone, stolen passwords from bank cards or interference in the operation of the bank system, unauthorized access to computers of the Security Service or the FBI. At the same time, the purposes of such crimes can be very different: steal money from the bank card, or by hacking the phone of a Hollywood star, publish her intimate selfies on the Internet, steal strategic documents or crash the stock market.
There is nothing surprising that crime followed us in the virtual space. But every crime must inevitably be followed by punishment. And as a response to this challenge, not so long ago, the Ukrainian Police established the Department of Cyber Police.
Among the tasks of the department is "to organize effective counteraction to the manifestations of cybercrime and to ensure effective influence on the operational situation, namely: the prevention, detection, termination and disclosure of criminal offenses, the mechanism of preparation, commission or concealment which involves the use of computers, telecommunications systems, computer networks and telecommunication networks, as well as other criminal offenses committed with their use," says the department.
About cyber police and its employees
The cyber police differs from the State Special Communications Service because it investigates crimes committed in the sphere of the use of payment systems, e-commerce and economic activity, intellectual property and information security, while the State Service for Special Communications and Information Protection ensures the formation of a policy in the field of protecting state information, telecommunication and information-telecommunication systems of cryptographic and technical protection.
To date, cyber police employs 329 people or 80% of the staffing level.
In addition, the department is staffed by "white" hackers. They work in the groups of technology and programming, which are part of the department. In total there are four such departments: in the western, southern, eastern and central regions.
"White", or "ethical" hackers, as a rule, look for vulnerabilities in computer systems, hacking them, not for the purpose of stealing or accomplishing forgery, but in order to eliminate the vulnerability.
In the National Police, the "white" hackers conduct an in-depth examination and/or examination of seized digital evidence for the purpose of identifying them. "First of all, we are talking about the recovery of remote information and its analysis. The "open source intelligence"- OSINT. The use of OSINT allowed us to establish the complete data and location of criminals in resonant criminal proceedings. The analysis of digital data of large volumes (Big Data) in criminal proceedings in order to establish the links between them," they say in the cyber police.
"These employees have sufficient knowledge for reverse engineering of malicious programs, in view of carrying out a study to understand the principles of work (in this case, the virus.) In practice, using this method we have made the timely identification of pathways of the Petya virus. Another example is the establishment of an outgoing point (control server) of the botnet that completely controlled personal computers located not only in Ukraine but also in the 6 countries of the world," the department proudly says.
Employees of the cyber police department around the clock communicate with colleagues around the world, providing the process of immediate exchange of identified traces of criminal activity based on the results of the response to cyber attacks and cyber incidence for operational analysis, with further generalization of the results obtained and their use for investigation and countering cyber threats.
How do Ukrainian cybercops fight?
The biggest "pain" for the Ukrainian cyber police today is cyber fraud. "Most of the criminal offenses in the payment sector occur during financial operations, one of the most common types of fraud with payment cards in Ukraine and around the world is fraud committed with the help of special devices such as a skimmer,” cyber police states.
Skimming is a theft of card data using a special "skimmer" device. This type of fraud involves the copying of all the information by the attackers from the magnetic tape of the card, while the PIN-code scammers receive by using mini-cameras or overlays on the keyboard.
No less common in Ukraine is phishing - a fraud, the purpose of which is to receive from trusting or inattentive Internet users their bank account details.
"It is worth noting that the crimes related to the use of ATMs are identified by the department's employees through proactive search, but most of the crimes connected with payment cards are documented in the framework of checking appeals from financial institutions and victims of criminal activity of fraudsters."
Also, the department's employees monitor the Internet on a daily basis to fight selling illegal drugs and items: drugs, psychotropic drugs, precursors, firearms, ammunition, and explosives.
"We are constantly working to identify crimes related to trafficking of prohibited items and drugs, namely: we study ads, accounts and other identification information of users of social networks, thematic blogs, forums, information resources, mail servers, trading platforms "Darknet" and etc.," the Department of Cybercrime says.
At the same time, throughout 2017, 945 so-called death groups were identified in social networks, of which 760 were blocked. The number of accounts that could be identified as registered from the territory of Ukraine is 58 848.
Based on the results of the information analysis during the monitoring, special materials were sent for further verification and response to other units of the National Police (Department of Criminal Investigation, Department of Preventive Activities, Department of Drug Control).