Information Security Center of the Russian FSB, DESAC (Department of Economic Security and Anti-Corruption), Investigative Department of the Russian Ministry of Internal Affairs, with the assistance of expert organization Group-IB and security department of Sberbank carried out an operation to arrest members of an organized group of cyber criminals.
This group was using malicious software to gain access to customers’ accounts and under the guise of bank employees was extorting SMS authorization codes required to steal the money.
During the operation it was found that the group was controlled by the twin brothers who lived in the city of St. Petersburg, and at the time of the crime they were under probation period on the same articles of the Criminal Code.
The criminals started to work again in the end of 2011, and they were only identified in the middle of 2012. Starting from the moment of identification, law enforcement agencies with the support of Group-IB and their Bot-Trek Cyber Intelligence system were continuously collecting the evidence. The fraudsters were involved in illegal activities even when their first trial was in process. At the time of the first trial Group-IB’s experts and the police already knew that the fraudsters were stealing money again but at the time it was impossible to prove they were guilty. The process of evidence collection took three years.
On the 20th of May, 2015, a mass arrest of the criminal group and their accomplices took place. During the search in the twin’s flat, it became clear that the criminals were well prepared for the appearance of law enforcement: the apartment had an armored door, electromagnetic transducer to destroy computer equipment, the brothers also prepared special SMS alerts to secretly tell other members of the group to destroy evidence. In panic, the twins tried to destroy all the evidence and flushed down the drain all their money, USB storage devices and mobile phones.
In spite of this, a well-prepared special operation allowed the police to collect the evidence and get computer equipment in order to conduct further examinations in Group-IB’s forensics lab.