On the issue of interaction of operational units with banking institutions on crimes committed using information technology, including the Internet

Sidorova Ekaterina Zakarievna ORCID: 0000-0002-3477-3816 PhD in Law Senior police lieutenant, Deputy head of the Department of criminal law and criminology, East Siberian Institute of the Ministry of Internal Affairs of the Russian Federation 664017, Russia, Irkutsk region, Irkutsk, Lermontov str., 110 eksid38@mail.ru Usov Evgenii Gennad'evich ORCID: 0000-0002-5374-8346 PhD in Law Associate Professor, Irkutsk Institute (branch) of the All-Russian State University of Justice 664011, Russia, Irkutsk region, Irkutsk, Nekrasova str., 4 eguirk38@mail.ru

Aliev Timur Firudinovich ORCID: 0000-0002-0645-931X Student; East Siberian Institute of the Ministry of Internal Affairs of Russia 664017, Russia, Irkutsk region, Irkutsk, Lermontov str., 110 timuraliev.2018@mail.ru Other publications by this author

In modern realities, information technologies, including the Internet information and telecommunications network (hereinafter referred to as the Internet), are actively being introduced into human life and help him to implement many tasks, for example, e-learning, communication on social networks, an appointment with a doctor through the reference and information Internet portal "Public Services", purchases in online stores, searching for the necessary information in browsers — all this and much more is made possible thanks to scientific and technological progress.

In this study, the author studied the works, including monographs of Russian scientists R. I. Dremlyug ^[1], A. P. Agapova ^[2], V. V. Buryak ^[3], S.P. Butko ^[4], O. A. Samsonova ^[5] and others, many of whom are recognized scientists in the field of countering crimes committed using information and telecommunication technologies (hereinafter referred to as — ITT). The methodology of this research is based on general scientific and private scientific methods of cognition — dialectical, logical, statistical, comparative legal, formal legal, legal forecasting. The authors of the article, summarizing the various points of view on the stated topic, further present their own position on the issue under study.

The development of information technologies, in particular, has affected new ways of committing cybercrimes ^{[6, p. 101]}. Unfortunately, it should be noted that digital technologies, significantly improving the life of a modern person, also carry a potential danger for him, since the number and variability of crimes in the field of information technology (hereinafter referred to as IT crimes) increase almost annually. As V.B. correctly noted. Milestones and P. S. Pastukhov, "the use of ITT by criminals as a means of committing crimes is becoming widespread, leading to the emergence of new ways of committing crimes" ^{[7, p. 131]}.

We consider the position of the President of the Russian Federation worthy of attention, who at the annual expanded meeting of the Board of the Ministry of Internal Affairs of the Russian Federation (hereinafter — the Ministry of Internal Affairs of Russia) stressed that "one of the unconditional priorities of your work is the fight against crime using information technology. By the end of 2022, the number of such crimes exceeded half a million and amounted to a quarter of all criminal offenses." Indeed, countering crimes using ITT is becoming almost a top priority for law enforcement agencies in their daily activities.

Investigation of the criminal situation in the The Russian Federation shows that the number of crimes related to ITT tends to increase ^{[8, p. 193]}, and this is confirmed by the following statistical data:

1. In 2023, the Ministry of Internal Affairs Russia has registered 677 thousand IT crimes in the country, which has become an all-time record level, as the Izvestia newspaper notes with reference to the department's database.

2. In 2022, more than 522 thousand crimes committed using ITT were identified, which accounted for 22% of the total number of illegal acts.

3. In previous years, the situation looked like this: in 2021, 706 thousand 7 crimes using ITT or in the field of computer information were registered, in 2020 — 510 thousand 4 crimes; in 2019. — 294 thousand 409 crimes

According to N. V. Viryasova and A. N. Zemlyanova, the reasons for such an abnormal increase in crimes in this area are a rapid decrease in income and, accordingly, a low standard of living for citizens; a decrease in the prestige of work; the lack of knowledge among the majority of the population about compliance with safety measures at work and the purchase of goods on the Internet; technical errors and imperfections Internet banking systems; low level of training of law enforcement officers in the field of disclosure and investigation of remote crimes; lack of proper interaction of employees of internal affairs bodies (hereinafter — ATS) with Internet service providers, mobile network operators and bank security services ^{[9, p. 49]}.

Today, the issue of embezzlement of funds from the account of the bank card holder by committing fraudulent actions against him is becoming more and more urgent. Undoubtedly, the non-cash type of payments is becoming more and more in demand for society, but at the same time it is necessary to say about the various ways of acquiring non-cash funds. These methods are continuously being improved, developed and updated, and completely new ones appear ^[10]. So, the method of stealing non-cash money using card scrimming consists in copying the data of the magnetic tape of the bank card, and then creating a copy of it in order to further receive funds (removing them from a copy of the bank card). Another method is phishing attacks, the essence of which is to replace the official website of the bank with its exact copy, while you can only notice the difference by a small typo in the website address. Another way is contactless readers, which are used to read bank card data at a short distance. It is enough to bring such a reader closer to the card by 5-10 cm, and the necessary information will pass to the attackers, who will be able to make a copy of it and will write off small amounts at high speed ^{[11, p. 190]}.

From a criminal legal point of view, it must be said that crimes using ITT, including the Internet, can be qualified under various articles of the Criminal Code of the Russian Federation (hereinafter referred to as the Criminal Code of the Russian Federation), for example:

1. organization of activities aimed at inducing suicide, involving the use of information and telecommunication networks (including the Internet) (Part 2 of Article 110.2 of the Criminal Code of the Russian Federation);

2. inducement to commit suicide or assistance in committing suicide committed in information and telecommunication networks (including the Internet) (paragraph "d" of Part 3 of Article 1101 of the Criminal Code of the Russian Federation);

3. defamation committed in public using information and telecommunication networks (including the Internet) (Part 2 of Article 128.1 of the Criminal Code of the Russian Federation);

4. violent acts of a sexual nature committed using the Internet against a person under the age of fourteen (paragraph "b" of Part 4 of Article 132 of the Criminal Code of the Russian Federation);

5. indecent acts committed using information and telecommunication networks (including the Internet) (Article 135 of the Criminal Code of the Russian Federation);

6. violation of copyright and related rights associated with unlawful access to computer information and (or) creation, use of malicious computer programs (Article 146 of the Criminal Code of the Russian Federation in conjunction with Article 272 of the Criminal Code of the Russian Federation and (or) Article 273 of the Criminal Code of the Russian Federation);

7. fraud involving the use of electronic means of payment, involving unlawful access to computer information and (or) the creation, use and distribution of malicious computer programs (art. 159.1 of the Criminal Code of the Russian Federation in conjunction with art. 272 of the Criminal Code of the Russian Federation and (or) Article 273 of the Criminal Code of the Russian Federation);

8. theft involving unlawful access to computer information and (or) the creation and use of malicious computer programs (Article 159.1 of the Criminal Code of the Russian Federation in conjunction with art. 272 of the Criminal Code of the Russian Federation and (or) Article 273 of the Criminal Code of the Russian Federation);

9. fraud in the field of computer information (Article 159.6 of the Criminal Code of the Russian Federation);

10. production and trafficking of materials or objects with pornographic images of minors committed using information and telecommunication networks (including the Internet) (paragraph "d" of Part 2 of Article 2421 of the Criminal Code of the Russian Federation), etc.

It is worth saying that fraud using ITT, including the Internet, has the following variations of manifestations:

1) fraud committed through ad sites (the "scammer — seller" scheme);

2) fraud, also committed through ad sites (the "fraudster — buyer" scheme);

3) fraud with hacking of social media pages;

4) fraud using Internet sites;

5) fraud committed under the pretext of ordering a banquet;

6) fraud committed under the pretext of bank card transactions;

7) fraud committed under the pretext of helping a relative in trouble;

8) fraud committed under the pretext of compensation for previously purchased dietary supplements;

9) fraud committed using malware on the Android operating system;

10) fraud committed using social networks (online store on the VKontakte social network), etc.

In this regard, it is worth focusing on the point of view of S. A. Noldt, who noted that the timely conduct of a full-fledged complex of operational investigative measures (hereinafter referred to as the ORM) at the initial stage of the investigation makes it possible to document the mechanism of criminal activity in a short time, identify the persons involved in its commission and obtain reliable evidence. At the same time, it is important to highlight the list of actions of the operative officer for initial and subsequent actions in the framework of detecting and solving a crime ^{[12, p. 70]}.

First of all, the operative needs to get an explanation from the person against whom this category of crime has been committed or is being committed, and find out the following information of an operationally significant nature: the attacker's phone number; information about the Internet source (for example, if we are talking about an ad on Avito, VKontakte, etc.); address the criminal's e-mail address (for example, if the correspondence was carried out in this way or he provided information about it); information about the attacker (as he presented himself to the applicant); the content of SMS messages (if any information is available), etc.

Continuing to develop the idea of the activities of operatives in uncovering the category of crime we are investigating, it is necessary to note the list of operational and technical measures carried out. Taking into account the fact that the Internet provides the possibility of data transmission through various communication channels, the operative conducts the following ORMs:

- ORM "Removal of information from technical communication channels" is carried out on the basis of a judicial permit and its essence lies in the possibility of obtaining, converting and fixing all possible types of communications (except telephone communication), scanning them and subsequently establishing the location of the event objects (intruders) and determining their subscriber numbers;

- ORM "Listening to telephone conversations" — the essence of this event is listening to acoustic information transmitted through telephone communication channels. This event can be used when listening to phone calls (including WhatsApp, Viber, etc. messengers), telex and fax messages, transmitted photographic materials, video information, etc.;

- ORM "Obtaining computer information" — the essence of this event consists in copying and removing information stored in a specialized information system or in obtaining information contained on computer media in which embedded computer devices and (or) software components, etc. were introduced in advance.

It is also necessary to note the ORM "Inspection of buildings, structures, terrain, vehicles and land plots" — the essence of which consists in openly or tacitly entering residential or non-residential premises in order to detect, physically seize objects that may be involved in the commission of crimes. For example, if there is information that the fraudster has a computer at his place of residence, from which fraudulent actions were carried out, the operative removes them in the order of the ORM "Collection of samples for comparative research" for their further study during the ORM "Examination of objects and documents".

According to Y. V. Biryukova, if we are talking about theft committed using cellular communications (when a person voluntarily provided the attacker with information about their accounts, card number, passwords from SMS messages, etc.), then the operative should conduct an OPM "Survey" and clarify the following operationally significant information ^{[13, p. 140]}:

1) details of telephone connections during the period of communication between the victim and the suspect;

2) an extended statement of cash flow on the victim's account, as well as information about the presence or absence of the connected mobile banking service, indicating subscriber numbers; all checks, receipts, online correspondence, bank account statements, bank card from which funds were stolen, a screenshot of the correspondence with the fraudster, preserved by the victim;

3) clarify with the victim which bank the funds were transferred to.

Taking into account this information, it seems advisable to obtain information about fraudulent actions of the following nature from banking institutions during the conduct of the ORM "Making inquiries":

first, information about the owner of the bank card: surname, first name, patronymic (hereinafter — Full name), date of birth, address of residence (residence permit), place of work (study), if possible, a photo with the image of the person in whose name the transfer was sent to the victims. This information is necessary to establish the identity and further "work out" the involvement of the suspect in the commission of a crime.

secondly, information about the place and time of transactions at the time of the transfer of funds by the applicant (victim), in order to study possible routes and places of use of funds transferred to the account of a potential fraudster;

thirdly, data on previous account transactions in order to determine patterns of behavior and possible preliminary actions of a potential fraudster;

fourth, information about regularly paid subscriber numbers (personal number, number of relatives or friends);

fifth, information about the subscriber numbers linked to this bank card by the mobile banking service, where and how they were connected;

Sixth, information about the address of the bank's office where the bank card was opened;

Seventh, other information that will help solve the crime: IP addresses; mobile devices used for operations; e-mail addresses, etc.

For example, when receiving information about transactions or previous transactions on the accounts of a potential fraudster, it is possible to conduct various ORMs depending on the specific situation:

1) by conducting a personal investigation (a complex of ORMs conducted personally by an operative) to "work out" the places where banking transactions were carried out (for example, grocery stores). In this situation, an operational officer visits such locations, looks at the appropriate video camera request to establish the image of the attacker, then conducts an ORM "Survey" with respect to store employees, their owners, visitors on whether they have seen this person, how often they see him, what special signs they can identify, related and other connections, possible routes, what additional information about the person being studied can be provided, etc.;

2) with the availability of specific information, the operative officer checks the possible routes of a potential fraudster by conducting an ORM "Surveillance": in which direction he went (when watching video recordings), which grocery stores are nearby; also, by means of an ORM "Survey", it is worth contacting local residents, with the so-called elders of the house, to clarify operationally relevant information about this person, whether he lived or lives and how long ago, how often he appears, with whom he lives, contact details of the person, etc.;

3) if there is information about the full name, it is possible to conduct a legendary survey in relation to specific persons. For example, if there is no clear image on the video camera recording of a person at the site of previously completed banking transactions, it is possible to scout information by conducting an OPM "Survey", while not giving away the purpose of the event conducted by an operational officer. The objects of this survey may be: relatives of a potential fraudster, friends, former convicts, etc. ORM is carried out with the motive of covertly collecting operationally relevant information without disclosing its specific purpose;

4) if there is information about the lifestyle of a person, for example, if he (the person) is dependent on alcoholic products and systematically consumes it, it is worth finding out the "local collection points" of persons who periodically gather in these places to drink alcohol; "work out" shops with alcoholic products in the nearest location (for example, Bristol, "Vinograd", draught beer store), etc.

It is worth saying that this information can be "worked out" only with the initial establishment of information about a potential fraudster, where an important role is assigned to banking institutions, because the process of solving crimes and identifying those involved in them depends to a certain extent on the timeliness of their responses to requests from operational staff.

We also agree with the opinion of E. I. Tretyakova and A. I. Belkova said that one of the most important issues in optimizing the investigation of remote fraud is determining the timing of the provision of bank data ^{[14, p. 141]}.

In this regard, taking into account the positions of D. G. Shashin, it is worth dwelling in more detail on obtaining information of an operationally significant nature from banking institutions. An employee of the operational unit, when verifying the information received, sends appropriate requests to banks and other credit organizations as part of the "Inquiry" ORM, but these institutions often refuse to respond to them, referring to Article 26 of Federal Law No. 395-1 of December 2, 1990 "On Banks and Banking Activities" (hereinafter — the law on banks and banking activities) ^{[15, p. 79]}.

It should be noted that in accordance with paragraph 6 of Article 11 of the Federal Law "On Service in the Internal Affairs Bodies of the Russian Federation and Amendments to Certain Legislative Acts of the Russian Federation" dated November 30, 2011 No. 342-FZ (ed. from 08/04/2023, with changes. dated 02/26/2024), a police officer (an operational unit of the Department of Internal Affairs) has the right to access, in accordance with the established procedure, information constituting a state secret if the performance of official duties in a position is associated with the use of such information.

Taking into account the fact that the actions of employees of operational police units in sending requests to credit institutions are conditioned by the fulfillment of their duties to identify, prevent, suppress and disclose crimes, as well as the fact that these actions comply with the rights of police officers, the provision of information classified as a professional secret, at the request of the police cannot to be regarded as its disclosure.

The existing procedure for providing information containing banking secrecy does not have a clear legal regulation, as a result of which problems arise when interacting with credit institutions. According to the current legislation, banks have the right not to provide any information regarding the accounts of legal entities and individuals, their cash flows, and the structuring of non-cash funds using bank accounts, since this information is protected by the right to banking secrecy.

It is worth noting that the issue of providing banking information to operational units is being resolved at the legislative level. Thus, according to the Federal Law "On Amendments to Article 26 of the Federal Law "On Banks and Banking Activities" and Article 27 of the Federal Law "On the National Payment System" dated October 20, 2022 No. 408-FZ, the Central Bank of the Russian Federation (hereinafter — the Bank of Russia) and police officers are required to exchange data about fraudulent actions in compliance with the rules of bank secrecy. For the Bank of Russia, this is an opportunity to prevent new fraudulent transactions.

Thus, on the basis of information received from the Ministry of Internal Affairs of Russia about illegal actions committed, the Bank of Russia will provide the police with information about cases and attempts to transfer funds made without the consent of the client. For this purpose, the Ministry of Internal Affairs of Russia has been added to the users of the Bank of Russia's Automated Incident Management System FinCERT (ASOI FinCERT). Also, an agreement has been concluded between the Ministry of Internal Affairs of Russia and the Bank of Russia regulating the procedure for information exchange, the form and list of information provided. Changes in the legislation of the Russian Federation are caused by a large number of remote embezzlement of funds, including using social engineering methods. Undoubtedly, the operational interaction of the Ministry of Internal Affairs of Russia with the Bank of Russia will effectively solve the issues of prevention, suppression and disclosure of these crimes.

However, the above-mentioned law did not regulate the deadline for providing the specified information to operational units.

The above analysis shows that the main effectiveness in obtaining information of an operationally significant nature depends on the interaction of the Department of Internal Affairs with the banking sector ^{[16, p. 152]}.

In this regard, it is also important to say that "virtual" criminals most often commit illegal acts not in their places of permanent residence, and often establishing their location and bringing them to legally established responsibility becomes less likely. The problem with the detection of these crimes lies in the fact that most of them are committed in a virtual environment, which does not allow timely identification of persons involved in the commission of such crimes.

We agree with the point of view of Yu. V. Gavrilin, referring to practice, that operational support for the investigation of criminal cases is carried out only at the initial stage, "in hot pursuit", before the identification of the person to be brought as an accused. In the future, the effectiveness of operational support within the framework of establishing circumstances relevant for proving a criminal case decreases ^{[17, pp. 147-148]}.

In accordance with the procedure for considering reports of a crime specified in Article 144 of the Criminal Procedure Code of the Russian Federation, authorized persons must make a decision on it no later than three days, with the possibility of extension, if there are legitimate grounds, up to ten and thirty days, respectively, with the permission of the extension of the officials specified in the third part of this article. norms. Nevertheless, it is worth focusing the researcher's attention on the fact that banking institutions periodically refer to business workload and postpone responses to provide the necessary information of an operationally significant nature to operational staff.

Undoubtedly, banking institutions perform important tasks for lending and other services to individuals and legal entities, conducting cash settlements and cash customer service, issuing, buying, selling payment documents and securities (accounting for bills of exchange and transactions with them; securities transactions; managing clients' property by proxy), etc. Nevertheless, it is worth focusing on providing answers to the requests of operational units, primarily for more timely counteraction to the category of crimes under consideration.

Thus, information technologies, including the Internet, in addition to their obvious advantages for humans in the context of their application in order to carry out their daily, professional and other tasks, are used by intruders to carry out illegal acts. Investigating the criminal situation, we came to the conclusion that the number of IT crimes committed tends to increase. For example, their number from 2019 (294 thousand 409 crimes) to 2023 (677 thousand crimes) increased by more than 2 times.

Taking into account the above initial and subsequent MPas conducted by employees of operational units of the territorial bodies of the Ministry of Internal Affairs of Russia, first of all, the operational officer needs to receive an explanation from the person against whom this category of crime has been committed or is being committed. At this stage, it is important to collect operationally relevant information for further activities (including operational and technical measures, for example, such as "Wiretapping", "Removing information from technical communication channels", "Obtaining computer information"). So, the operative clarifies the following operationally significant information: the method of committing the crime (through Avito, VKontakte, WhatsApp, etc.); to which bank account the funds were deposited; the attacker's phone number and information about him (as he presented himself to the applicant); the content of SMS messages (if any information is available), etc.

Subsequently, measures are being taken to identify a potential criminal, establish his location, conduct further ORM and investigative actions against him, as well as to bring him to responsibility established by law (if there are legitimate grounds). At the same time, operational support for the investigation of criminal cases is carried out only at the initial stage, "in hot pursuit", in the future, the effectiveness for establishing all the circumstances relevant to proving a criminal case decreases.

Undoubtedly, this category of crime requires police officers to develop measures to intensify their counteraction. It should be noted that virtual attackers regularly develop new schemes for committing their criminal acts and constantly change their locations, which generally complicates the disclosure of the studied category of crime. In this regard, taking into account the mobility of IT criminals, it is important to carry out measures to establish their location as soon as possible. As noted earlier, the effectiveness of the disclosure of this category of crime depends on the interaction of operational units with banking institutions, including the timing of the latest responses to requests within the framework of the ORM "Making inquiries".

It seems that in order to timely and more effectively disclose, investigate and prevent IT crimes, including the Internet, as well as identify those involved in them, it is important to work out at the legislative level the issue of specifying the timing of providing information to operational staff from banking institutions.

Taking into account the above and taking into account the lack of legislative consolidation of the deadlines for providing operationally significant information from banking institutions, the authors of the article consider it advisable to supplement Article 8 of the Federal Law "On Operational Investigative Activities" dated August 12, 1995 No. 144-FZ with the following content:

"As part of the operational search event "Making inquiries" on crimes committed using information technology, including the Internet, operational units, upon requests sent to banking institutions, make a note of the need to provide a response within 72 hours in order to timely identify and disclose this category of crimes and identify those involved in them persons, including their location."

Undoubtedly, operational units as carriers of professional information, i.e. not subject to disclosure, and, in addition, in order to more effectively and timely identify and disclose crimes committed using the Internet, it seems important to consolidate at the legislative level the deadlines for providing information to operational staff from banking institutions.