Cybercrime (interview with Russian police officer)

The content of the article

  • Types of crimes
  • Internet aggravates
  • Time is against you
  • How can law enforcement agencies find out about you at all?
  • Checking before the initiation of a criminal case
  • Criminal case
  • General advice on how to communicate with the investigation
  • Memo

It may seem that in the digital world it is safer to go beyond the law than in the real one: it is easier to destroy the traces of a crime, and there are not so many specialists of the required profile in the authorities. In fact, this is not the case. I served for seven years in the bodies of preliminary investigation (the investigative committee, the Ministry of Internal Affairs) and investigated many crimes in the field of information technology. In this article I will tell you what to expect and how to alleviate your fate if you come to the attention of law enforcement agencies.

Hopefully, you are reading this article out of curiosity, not out of necessity!


IT crimes are very diverse. I will highlight the main ones that have to deal with almost every day.

Theft using information technology

This category includes phishing scams, theft of funds from accounts, including carding.

Drug trafficking crimes

It was soon ten years after the illegal Silk Road market appeared, and since then the fight against anonymous marketplaces has not subsided around the world. There are still adventurers who believe that no one will find their online store. It is enough to look at the statistics, and you will see how many similar businesses are covered up every year – these are huge numbers; however you can easily serve a quarter of a century for selling drugs in the Russian Federation!

Purchase of special means

This and the next item are called “people’s articles”, and here’s why. The law enforcement system loves statistics: the more people are held accountable, the better – bonuses, awards, ranks of employees depend on this.

Several years ago, there was a bug in the legislation that made it possible to prosecute “geeks” who buy mobile phones, GPS-beacons, microcameras that are not licensed in the Russian Federation – for the purchase of funds to secretly obtain information.

Internet extremism

Everyone has heard about the terms for “memasics” or “reposts”. Now they are not so fierce, however hundreds of people have already received their, albeit suspended, sentences and convictions.

Creation, distribution of malware or illegal access to computer information

This is already a real hacker article, and quite rare. The less common a crime is, the more interesting it is for statistics. So if you come to the attention of the authorities in connection with something like that, then they will “develop” you more diligently than usual.

Distribution of child pornography

Torrent lovers run into this composition: downloaded and forgot to delete – consider that you are already committing a crime. Did you catch malware and transfer your PC to a botnet? They will come for you.

Our authorities “calculate by IP” without any jokes. Anyone who is caught in this way, most likely, turns out to be not a malicious hacker, but an innocent lover of cracked programs. Nevertheless, the matter will not do without the withdrawal of equipment.


I would like to emphasize that under the Criminal Code, fraud, theft, and drug trafficking through the Internet entail heavier sanctions than the same crimes committed without the use of information technology.

Cybercrimes are more difficult to solve, so not so long ago they were “aggravated” – now these compounds are grave and especially grave. So for the theft of two thousand rubles from the pocket of your bag, you will sit on a “recognizance not to leave” during the preliminary investigation and get off with a suspended sentence, and if you stole two thousand from your bank card account, you can easily be arrested and get a very real term of up to ten years in jail.


If you crossed the line of the law (through inattention or intentionally), then neither tomorrow nor the day after tomorrow, most likely, they will not come for you. Even operational units are burdened with bureaucratic requirements and do not always live up to their name and act quickly.

In addition, in all textbooks on operational-search activities, it is recommended not to rush, but to thoroughly gain a foothold in the evidence. If you catch the attacker too early, then all the work can go down the drain: there will not be enough evidence and he will have to be released.

Law enforcement officers are not always smarter than a criminal, but they know how to wait. I have seen cases where cybercriminals have been developed for over a year. Sooner or later, the attacker will lose vigilance and make an obvious mistake. Here it is possible to impute to him at once the totality of crimes. After all, each theft or other action is a separate crime, and it is always more profitable for the authorities to attract a person for 10–20 crimes than for one.


The first “thread” can come from anywhere: informants, data from providers, some analytical results of traffic, or messages from citizens about an illegal action committed against them.

What are the signs that you can understand that you are “under the hood”? The main tool is intuition. But there are also more objective signs.

  • Your phone started working strangely; there are suspicions that you are being bugged.
  • “New friends” appear who are interested in your activities.
  • Strangers ask your neighbors about you – they can be employees of the authorities.

If you really do something illegal, then you may still have a chance to stop in time. However, if the employees of the authorities began to interview neighbors or relatives openly, it means that “the development of you” is approaching the final stage and there is already a verification material, which they are preparing to initiate a criminal case.


Before opening a criminal case, law enforcement agencies consider the material of the check. If such material exists, it means that law enforcement agencies already have information about a possible crime.

One of the tactics is to collect all the evidence at this stage so that the investigation of the criminal case does not drag out. Sometimes, after considering the material of the check, the investigator can only process and send the criminal case to the court.

The trick is that the check lasts up to 30 days, then the employee issues a formal decision to refuse to initiate a criminal case, the prosecutor cancels this decision and the check period begins again. Thus, one can consider the verification material and look for evidence for a long time: I saw the verification materials five years ago, and this is not at all uncommon.

The criminal case, however, cannot be extended forever. Investigators aim to investigate him within two months. Only cases with a large public response are allowed to be investigated for more than a year.

A number of investigative actions can be carried out even as part of an audit:

  • inspections of the scene of the incident (for example, your apartment), within which equipment may be seized;
  • interrogation (this is not an investigative action in the full sense, but interrogation will be based on the testimony of the interrogation, also if the article is suddenly under investigation by the body of inquiry, then the interrogation can be evidence);
  • expertise;
  • obtaining samples of voice, handwriting, fingerprints and palms of hands, genotype – for comparative research;
  • inquiries to providers, banks, cellular companies and other organizations;
  • assignments to other services, including foreign ones through Interpol.


Without initiating a criminal case, a search will not work, but if you have clear traces of a crime in your apartment, then they can do everything necessary as part of a routine inspection of the scene – and even against your will. Inspection against will, still have to be legalized after the fact through the courts, so that the seized evidence is considered legal. However, investigators take such a step only if they have reinforced concrete foundations in their hands, and the courts in most cases agree to legalize such actions.

Also, if circumstances do not tolerate delay, even a search can be carried out without the prior permission of the court and legalized later.

How is a home inspection different from a search? In both cases, the action can take place against your will and be accompanied by the seizure of things, but according to the law, the difference lies in the goals. But even here there are no clear boundaries.

In practice, examinations tend to be “softer”, do not turn everything inside out, but simply explore the place. However, on inspection, employees can search anywhere and anything.


As part of the check, you can be summoned for an interview (not interrogation!). It is allowed to take a lawyer with you to the interview. This is not necessary, but it is important to realistically assess the risks. Perhaps, immediately after the interview, a criminal case will be opened against you and your problems will suddenly take on a serious turn.

In any case, arrange with a good lawyer so that he is ready to urgently come to you. If you are detained, then you will no longer be able to leave the building of the law enforcement service on your own.


If a criminal case is opened against you, you will, of course, immediately find out about it. Most likely, the investigator will inform you not even by mail, but already in his office, officially inviting you to investigative actions.

But there is a nuance – a criminal case can be initiated against an unidentified person. The investigation may not have enough evidence, or the culprit has not really been identified yet. Or maybe you have already been “identified” informally, just the investigator uses such a trick to conduct operational search and investigative measures while you remain in the dark.

Scenarios of interaction with the investigation

Scenario one: you learned that a criminal case against an unidentified person is being investigated. Personally, the active actions of the authorities do not affect you, but you took a real part in the crime (if you didn’t, then there’s nothing to worry about, I haven’t heard that the innocent was imprisoned for cybercrimes).

The second scenario: you find out that a criminal case is being investigated against an unidentified person, and you are involved in inactive investigative actions (interrogations as a witness, searches while maintaining the status of a witness, and so on); in this case, you will have less rights than in the status of a suspect, which simplifies the investigation.

The third scenario: when a criminal case is opened against you or you are interrogated as a suspect (these events are equivalent – in both you have the status of a suspect).

According to the first two scenarios, it is enough to develop a line of self-defense and, if possible, discuss with a specialist how events can develop, what could mitigate or aggravate the punishment.

In the third case, you must immediately enter into an agreement with a lawyer.

In any case, if you find out that something is being started against you, even if these are testing activities, you must stop any illegal activity as soon as possible and pull on your white hat harder, once and for all, go over to the light side. Perhaps you will be lucky and you will get off with an alarm bell and wasted nerves.

Preliminary investigation

The preliminary investigation is divided into several stages.

The first stage – the initiation of a criminal case  – we have already analyzed.


The second stage begins soon – this is interrogation. During the preliminary investigation, he gives you a criminal procedural status: witness, suspect, accused.

Each of these statuses implies its own rights and obligations within the framework of a specific criminal case, you can familiarize yourself with them in the  Code of Criminal Procedures.

If the crime is not serious, you will be summoned for interrogation, a measure of restraint that is not related to imprisonment (not to leave the place and proper behavior) will be chosen, and you will be summoned upon a call to other investigative measures.

In the event of a serious crime, you can be detained, and even before the initiation of a criminal case. Operatives of the operational services will catch you anywhere except your home (after all, you need a court decision and an open criminal case), bring you to the investigator’s office and draw up a detention report.


Employees can approach you at any time, even when you are calmly walking down the street. They will introduce themselves and tell you that you are detained. It is better not to resist, because any bruise on the body of an employee of the organs is a criminal article.

You need to call your relatives or a lawyer, but do it without aggression, otherwise the phone will be instantly confiscated during the search.

You will be brought before the investigator, and he will draw up a protocol of detention. During the arrest, the presence of a lawyer is not essential. All the same, you cannot influence the detention if it is legal. And it is legal in three exceptional cases:

  • when a detainee is caught while committing a crime or immediately after it has been committed;
  • when the victims or eyewitnesses point to him as the person who committed the crime;
  • when clear traces of a crime are found on a person or his clothes, with him or in his home.

The protocol of detention must be signed, since the mark of the investigator “refused to sign” will negatively affect the consideration of the criminal case by the court.

Check that the time of detention on the protocol matches the time of the actual arrest. From this moment, 48 hours are counted, during which the investigator must go to court with a petition for arrest and prepare materials proving why imprisonment is necessary for an objective investigation of a criminal case.

When detained, the investigator is obliged to give you a call, use this right wisely. Don’t call your accomplices, because all your conversation will be heard by employees (and will be able to trace the call), and coming up with a verbal code on the go is a bad idea.

It is better to call your relatives so that they can bring you bed linen and warm clothes as soon as possible so that you do not die in the isolation ward. The investigators will meet you halfway and wait, because then it will be much more difficult to transfer things to the detention center.


In the early stages of the investigation, an inspection of the scene of the incident or a search must be carried out, in which at least two attesting witnesses must participate. Any items of interest for investigation will be searched for and seized. You will not be allowed to leave the search area. At the end, the employees will draw up a search protocol, you can read it and make a photocopy.

If your equipment – be it a hard drive or an entire PC – is to be turned off and taken away, an IT expert (civilian or forensic expert) must be present during the search. An operational employee, even if he is from the “K” department, cannot replace such a specialist.


If you are a suspect or a witness, further examinations await you.

Expertise can be of different directions: from computer, to phonoscopic, fingerprint, biological. It all depends on the objects under study. In any case, the suspect will be familiarized with the examinations. And the witness – only when samples were seized from him directly.

Other investigative actions

  • Testimony on the spot: under video or photo recording, you will tell and show what you did and how you did it right at the crime scene.
  • Investigative Experiment: Employees will reproduce the conditions under which the crime was committed to make sure that their or your assumptions are realistic.
  • Confrontation. Even if you have built an ideal technical defense, refuse to admit guilt, and the investigation has no objective evidence, your partner can always turn you in. In this case, the investigation will conduct a confrontation between you and your partner, where he will tell you “how it was”, and you will either stand your ground or agree with him. In any case, you will have a confrontation between versions, the purpose of which is to establish the truth.


In the end, when the investigation has formed the qualification of your actions, you will be charged. You can agree with the accusation, partially agree or disagree. At this stage, you will certainly be interrogated again – already as an accused, in order to dot the “i’s” and understand your attitude towards criminal prosecution (whether you regret it or not) and the final position on your deed, with which you will appear before the court.

The final part of the preliminary investigation

You will definitely be given all the materials of the criminal case for review, and a protocol will be drawn up about it. You will be able to study all the evidence that the investigator has gathered and, together with your lawyer, choose the final line of defense for the court. In the acquaintance report, you can apply for the choice of legal proceedings (for example, in a special order or by jury).

At this stage, the investigative actions have been completed. Then the criminal case will be sent to the prosecutor’s office for approval, and then to the court.

Confession of guilt, confession and special procedure

To admit guilt or not is up to you. The main rule: under no circumstances admit to what you did not do. If you are subjected to violence or threats (“confess, otherwise we will beat you”), threaten that you will write a statement to the Investigative Committee. The threats will most likely end there, since “knocking out” testimony is a crime on the part of employees and entails serious sanctions.

When you do commit a crime, denial is the worst option if the criminal case goes to court. The court will give the maximum term, and even with imprisonment.

Conversely, criminal proceedings are very humane towards those who confess. If you committed a crime for the first time and confessed to it, there will not even be a trial, only a court fine. As a result, you will have no criminal record. This is an innovation in legislation. The application of a court fine has its own nuances, read more in the Code of Criminal Procedures.

What else will help? A confession. In the old days she was “the queen of proofs”, but now it is a life hack that allows you to knock off the maximum punishment. Even if you wrote a confession, and then the entire investigation was denied and you were found guilty at the trial, the appearance will help you out.

If the conditions for applying a court fine are not met, there is a special procedure. Admitted fully guilty? Ask for a special order. Then the court does not consider the case on the merits, but only decides the issue of sanctions. In most cases, a special order will entail a conditional sentence or (if you also appear guilty) the minimum real term.


A lawyer is your main defense tool. You can hire him yourself, “by agreement”, or use the services of a free lawyer provided by the state. The appointed attorney is not just a formality, many of them defend in good faith, and the famous “pocket lawyers of the investigator” have long been a thing of the past, since they are appointed not upon the call of the investigator, but according to the queue established in the bar association. Oftentimes, a designated defender will be sufficient, especially if your strategy is to plead guilty. In this case, it will be more efficient to spend money not on a lawyer, but on damages.

If you understand that you are being charged more than you did, hire a lawyer by agreement. A good defender is expensive, and will never guarantee you that you will not be responsible and will even warn you about it directly. Of course, if it is really a professional, and not a marketing lawyer who will imitate hectic activity and make promises for your money. Unfortunately, there are no ratings of the professionalism of lawyers, you have to focus on word of mouth, previous experience in the right category of cases and reputation.


Do not conflict with representatives of the state, they always have more powers. This is especially true of the investigator, because this is the only employee who can really influence the fate of a criminal case in the range from “not proven” to “maximum term and worse conditions in the temporary detention center and in the zone”.

Subordination is an important point. How many times have I seen a suspect pay bitterly for his cheeky behavior with a female investigator? Conversely, seeing respect and understanding on your part, the investigator is likely to respond in kind.

You shouldn’t give in to the investigation either, because their job is to send criminal cases with the heaviest possible compositions to the court in order to improve statistics.

The optimal behavior model is to negotiate. For example, an investigator often forgets to familiarize a suspect with rights before initiating an investigative action. It is much better not to write a complaint, but to mention it with understanding, ask him to meet you halfway, to soften your guilt. Your complaint would not be satisfied anyway, but the location of the investigator would come in handy.

The investigator is also a human being and strives to do his job fairly. If you see that the investigator is torn between conscience and the demands of his superiors to improve indicators in terms of the severity and number of trains, show your best sides. Let him know that you just made a mistake, but now you are ready to become another “Kevin Mitnick” and teach young hackers not to make mistakes and not to break the law.


  • Online crimes are punished more severely.
  • The police know how to wait, and the criminals lose their guard.
  • If you smell burning, immediately stop dark deeds.
  • Each violation is a separate crime.
  • Watch for signs that you are being developed.
  • They can dig under you without initiating a criminal case.
  • Consult with a lawyer about tactics and arrange an urgent departure in advance.
  • Witness status does not guarantee your safety.
  • An accomplice can set you up.
  • Do not resist arrest.
  • Do not call a dealer, call a lawyer or relatives.
  • Ask your relatives to bring you warm clothes for the isolation ward.
  • Check the time of your arrest and sign the protocol.
  • A special order, confession, and confession will reduce your punishment.
  • Do not confess to what you did not do – even under pressure.
  • A free lawyer is not always useless.
  • A paid lawyer is not always good, choose according to reviews.
  • Do not conflict with the investigator, but negotiate with him!

What do you think?

46 Points
Upvote Downvote
Red Hat Professional

Written by Admin

NewbieAvatar uploadFirst contentFirst commentPublishing content 3 times


Leave a Reply



Intercepting HTTPS on Android

Competition in Privacy. Testing the browsers