Organized forms of online fraud: types of fraud in the field of computer information and the use of high technologies

Polstovalov Oleg Vladimirovich ORCID: 0000-0003-4991-990X Doctor of Law Professor of the Department of Criminology, Institute of Law, Ufa University of Science and Technology 450077, Russia, Republic of Bashkortostan, Ufa, Dostoevsky str., 131 kriminalist2010@mail.ru

Galiautdinov Rushan Radikovich ORCID: 0000-0002-1205-7608 PhD in Law Associate Professor, Department of Criminology, Institute of Law, Ufa University of Science and Technology 450077, Russia, Republic of Bashkortostan, Ufa, Dostoevsky str., 131 rushan-94@mail.ru Other publications by this author

Introduction. Fraud in the field of computer information, according to the letter of the law, is the theft of someone else's property or the acquisition of the right to someone else's property by entering, deleting, blocking, modifying computer information or otherwise interfering with the functioning of storage, processing or transmission of computer information or information and telecommunications networks (Part 1 of Article 159.6 of the Criminal Code of the Russian Federation). In other words, it falls under a pure kind of theft only in the first part of the wording, since the option "or acquisition of the right to someone else's property" is assumed. At the same time, the methods of committing a crime have already been named in the law and characterized in the scientific literature ^{[1, p. 43]}. The following scientists studied the problems of online fraud: fraud in the field of computer information and the use of high technologies: Russkevich E.A., Frolov M.D., Shevchenko E.S., Tropina T.L. and others.

Organized forms of online fraud: types of fraud in the field of computer information and the use of high technologies and features of their commission. Fraud in the field of computer information and the use of high technologies has recently been gaining momentum ^{[3, p. 22]} and rather primitive forms of deception are replaced by the most sophisticated scenarios of misleading victims. If earlier telephone calls for the alleged fact that a close relative of the subscriber got into trouble (became a victim of a traffic accident or went to the police) were focused on the gullible victim and often worked with older and elderly people, now the use of neural network capabilities opens up truly limitless possibilities. From fake news, fraud and extortion for the "sale of compromising" video materials, to video calls with the simulation of an accurate image of the appearance of an allegedly calling close relative – that's just not a complete list of those areas where criminals can fully apply their criminal talent. The neural network as an artificial intelligence tool, which is capable of solving the most complex tasks, is already being used for practical jokes, creating fake news and distributing videos discrediting the honor and dignity of celebrities. Therefore, highly organized fraud will not remain aloof from these additional resources of criminal efforts. It is important to understand that there is no deception and deception traditional for fraud, but attackers still use insufficient computer literacy of users and their excessive confidence in their own information security. And so, the attackers resort to deletion (in Article 272 of the Criminal Code of the Russian Federation, the synonymous term "destruction" is used) computer information in order to achieve its loss by a legitimate user. However, the loss does not always mean that it is impossible to recover the lost data.  On the contrary, the blocking of computer information is carried out not in order to influence the qualitative and quantitative characteristics of the computer information itself, but in order to restrict access or prevent a legitimate user from accessing these resources at all. The consequence of blocking computer information is the impossibility of temporary or permanent access to this data, i.e. there is no change in the content of information that remains untouched, but becomes inaccessible ^{[2, p. 66]}. Modification as a method of committing computer fraud is a means of complete or partial modification of information. Other interference from the point of view of the implementation of intentions to carry out computer fraud in practice is often understood as unlawful access to computer information, its copying, if such lead to the theft of someone else's property or the acquisition of rights to it. 

Nevertheless, traditional computer and generally high-tech types of fraud remain in their segment the most popular among dishonest dealers ^{[4, p. 32]}. Hacking accounts allows fraudsters to get a database of friends of its owner, who, as a rule, are sent letters asking for help in a difficult life situation. At the same time, scammers do not disdain anything: the serious condition of the child after a traffic accident, a fire where all relatives and property were burned, etc. And the more monstrous the explanations for the need for donations, the easier it is for especially close acquaintances to respond and transfer funds to the account of scammers. Relatives, as a rule, try to call the victim of account hacking in social networks and then the deception is revealed.

Often, only ordinary performers from an organized criminal group come to the attention of law enforcement agencies, while the "intellectual center" represented by its leadership often fails to be identified. Maximum anonymity, the use of pseudonyms and nicknames, the "digitalization" of one's participation ^{[5, p. 65]} in the implementation of the general scheme of computer fraud create effective protection from criminal prosecution. In particular, the activities of one of these criminal groups have developed quite a standard situation for cases of this kind. Unidentified members of an organized group under the leadership of a participant acting under the pseudonym "Director", possessing special knowledge and skills in the field of computer information, with criminal intentions resorted to the distribution and use of computer programs deliberately designed for unauthorized destruction, blocking, modification, copying and neutralization of computer information protection tools. With the help of these programs, unauthorized access was provided to the local network of a certain "Director" as an object of criminal encroachment of a commercial bank, and, accordingly, to the command server of the banking LAN with personal computers of bank employees and external (peripheral) devices – ATMs. With the help of the same destructive programs, criminals gained access to the management of ATMs, including by sending them illegal commands to issue cash without using payment bank cards. The high organization of the criminal group did not provide for the mandatory personal acquaintance of a number of its participants with each other and the leader, which ensured secrecy and in no way interfered with the effectiveness of criminal activity. At the same time, the relationships of the group members were distinguished by a high level of mutual trust and cohesion. A high degree of coordination of joint efforts, the accuracy of the execution of criminal roles ensured the successful commission of planned crimes and the distribution of stolen funds from their direct recipients in ATMs to the head. The organized criminal group was characterized by stability, expressed in the stability of its composition for a long time^[1].

Characteristic of computer fraud, according to some scientists, is that in the course of its implementation and as a result of the application of criminal efforts, there is no particularly urgent need to hide the traces of a crime, since sooner or later the identification of damage becomes obvious. This opinion is shared, for example, by E.A. Russkevich and M.D. Frolov. We cannot agree with these scientists, since it is in organized forms of online fraud that the concealment of traces can be carried out through foreign information servers or GPT services. And according to the author's own law enforcement practice, sometimes traces are hidden in collusion with the employees of the online entity themselves. A conscientious and professional security officer will immediately react and behave in accordance with the job description, while the employee who participates in the implementation of the criminal scheme, even if the damage caused is obvious, will hide what happened. At the same time, the very concealment of traces is initially embedded in the ways of implementing criminal intentions, since the maximum secrecy of the main actors of the criminal group, its organizers, distancing them from ordinary performers and the absence of personal and even more intimate contacts create the necessary conditions for their protection from criminal prosecution.

Often, the difficulty in proving the involvement of specific organizers in a crime arises due to the existing tacit, but no less imperative, "corporate solidarity", which is built on the fact that the perpetrator, accomplice, and much less often the instigator, not without reason, counts on legal assistance and corrupt connections of his patron, the organizer of a criminal group. Such corporate solidarity is inherent in the majority of criminal groups of fraudsters, since often this hope for support "from the outside" turns out to be a stronger motive than the preferences provided by law, when, for example, a pre-trial cooperation agreement looks like a much less convincing incentive to assist the investigation and inquiry bodies in solving the tasks of exposing all those guilty of what they have done. In addition, loyalty to the corporate interests of a criminal group is often stimulated by the opportunity to participate in the distribution of criminal profits after release from prison. Often, ordinary members of a fraudulent criminal group who have fallen into the sphere of criminal prosecution simply cannot leave the vicious circle, since they will simply have nowhere to return to when they are released. This is especially true for national-ethnic criminal groups of fraudsters.

Conclusion. And so, in the sphere of implementation of highly organized criminal technologies of computer fraud, the following features are distinguished: 1) thorough preparation in the form of an analysis of the protection system of a bank or other business entity, the development of a plan for the implementation of criminal intentions and concealment of the fact of participation of specific persons in it, the search and debugging of appropriate equipment and software, the involvement of accomplices and the distribution of roles between them, the degree and forms of participation of each, a clear algorithmization of joint actions to achieve a criminal result, working out the division of the received criminal profit and different levels of laundering of criminal income; 2) the use of a high level of special knowledge when using computer equipment and software for criminal purposes; 3) maximum distance from personal contacts of members of the criminal group; 4) legendizing the legality of the criminal income received and money laundering obtained in this kind of criminal way; 5) the speed and high efficiency of the actions taken by fraudsters aimed at achieving a criminal result.

^[1] The verdict of the Yakutsk City Court of the Republic of Sakha (Yakutia) dated August 26, 2019 in criminal case No. 1-1462/2018 on charges of Bulakhov D.D. and Bulakhov I.D. of committing crimes under Part 3 of Article 272, Part 2 of Article 273 and Part 4 of Article 159.6 of the Criminal Code of the Russian Federation.