To investigate, you don’t need to hack anything, as we are shown in TV series about hackers. “If a bank robber puts on a mask and hood to hide his appearance, they still find him later, but on other grounds,” Alexander Vurasko states. — The same thing is quite valid in the Network. In order to search for a cybercriminal, it is not necessary to know his IP address, there are a lot of other traces. In the same “darknet” you can get information that will contribute to the investigation of the case in other ways. As a group of operatives arrives at the crime scene, and they search every corner there, in the same way, if there are any clues, we collect as much information as possible that will allow us to investigate this case.”
An illustrative example is the investigation of the case of the American Ross Ulbricht, the founder of SilkRoad, a platform where 70 percent of the goods were prohibited psychoactive substances. Ulbricht was an expert in the field of information security, but his forum entries made a few years before ruined him. In October 2013, he was arrested by the FBI on drug trafficking charges, and in May 2015 he was sentenced to two life sentences.
“In any case, money comes to some accounts, if they have passed through the chain of wallets, there are always traces that will lead to an attacker, even if he believes that everything is covered,” the expert explains. — Of course, operatives also use technical methods, the investigation of every modern high-tech crime is associated with dozens of computer examinations. This difficult work is performed only by highly qualified specialists, who are also very busy. I often encounter outrage that a website selling computer viruses is functioning, and “no one is doing anything.” But this is only from the point of view of the layman. People don’t think that the one who made this site, 15 minutes after its closure, will create another one. We need to bring to justice a person who is engaged in illegal activities, for this we need to collect evidence that will convince the court.”
If there is a criminal group of persons, it is required to document their relationship with each other.
While the investigation is underway, the site is functioning, but already “under the supervision” of operatives.
“Last year we revealed the activities of one of the largest Russian forums of pedophiles and manufacturers of child pornography, he was just in Tor,” notes Alexander Vurasko. — People were advanced, used an uncensored network for storing Freenet data, wrote each other manuals on information security — it didn’t help. We have been “developing” this forum for about two years. The first priority was to save the children who were in sexual slavery, and for this it was necessary to find them. Only after all active participants were identified and detained, the forum was liquidated.”
In his opinion, legislatively regulating the functioning of each rapidly changing technology is a dead—end option: “We have a “profile” chapter 28 of the Criminal Code, and it is quite enough. There is nothing wrong with the legislation here. Rather, the question here is that the methods of conducting examinations and research are constantly being improved. But there are a lot of ridiculous initiatives about “close, ban, slow down”. Practice shows that the further away a person is from this topic, the more ambiguous statements he makes.”