As it became known to Kommersant, the Investigation Department of the Ministry of Internal Affairs of the Russian Federation completed the investigation of the criminal case of the so-called international group of hackers REvil, information about which Russia was provided by the FBI. According to its results, the investigation was able to charge eight alleged attackers with only two remote theft of funds, and even then it was not known who, where and for what amount committed in the United States: there were no victims, as well as damage, in the criminal case. Lawyers for the defendants say that two weeks would be enough for them to study the materials, but the procedure seems to be delayed.
According to a Kommersant source close to the investigation, the police have completed an investigation into the “REvil case”. In the final version, all the defendants in this case were charged with 24 episodes of “manufacturing and selling fake credit or payment cards” (Article 187 of the Criminal Code of the Russian Federation), and the alleged leader of the group, a resident of St. Petersburg, Daniil Puzyrevsky, was also charged under Art. 273 of the Criminal Code of the Russian Federation, which provides for liability for “the creation or use of computer programs for the destruction or blocking of computer information, as well as the neutralization of the means of its protection.” One of the programs installed in the laptops of Petersburgers was recognized by the investigation as malicious.
The volume of the criminal case is 83 volumes, but all these materials, as one of the defenders explained to Kommersant, are well known to the accused and their lawyers. Formally, all eight defendants and the same number of their defenders could familiarize themselves with the case in two weeks, but in reality everything turns out much more slowly. According to Kommersant’s interlocutor, the problems are related to the poor organization of the familiarization, which is carried out in the investigative department. Defenders dissatisfied with the delay, according to a Kommersant source, literally flooded the Prosecutor General’s Office with complaints, but so far it has not been possible to speed up the procedure.
The lawyer of one of the defendants in the case, Viktor Smilyanets, told Kommersant that none of the alleged “members of REvil” admitted his connection with the group, as well as involvement in the rest of the crimes charged.
According to the lawyer, the charge of illegal circulation of means of payment, including his client, is based solely on “a set of 24 16-digit numbers” seized from a server in St. Petersburg.
The investigation, as the defender explained, believes that these lines reflected the bank card numbers of US citizens, which the defendants remotely took possession of by making copies of them. At the same time, according to the defender of Smilyanets, the investigation was unable to establish the owners of the cards and even the names of the branches of foreign banks that issued them. In the criminal case, accordingly, there are no victims and the damage caused to them is not indicated in any way.
It is worth noting that, according to investigators, two US citizens of Mexican origin, some Otilia Pevez and Otilia Sisniega Pevez, became the victims of the alleged OPS.
From their cards, the defendants, according to investigators, remotely stole a certain amount of money, spending it on the purchase of goods in online stores. However, for obvious reasons, it was not possible to find unknown citizens of Pevez, and now it is unlikely to succeed.
Viktor Smilyanets also considered the accusation of using malware to be at least unfounded. According to him, Art. 273 of the Criminal Code of the Russian Federation provides for criminal liability only for the use of ransomware applications for personal gain, and not for their presence on the hard drive. “The investigation may have confused Art. 273 from art. 222 of the Criminal Code of the Russian Federation, punishing for the very fact of storing weapons, ”the defender joked about this.
Recall that the FSB of the Russian Federation officially announced the “liquidation of the organized criminal hacker community REvil” in January last year. According to the intelligence service, the events were carried out in connection with a report by “the competent authorities of the United States (FBI. -” Kommersant “)” about a certain “leader of an organized crime group” allegedly hiding in Russia and his accomplices who encroached on “information resources of high-tech companies by introducing malicious software and extortion of money.”
At the same time, eight alleged participants in REvil were detained in Moscow and St. Petersburg: Daniil Puzyrevsky, who was assigned the role of leader by the investigation, the likely developer of criminal software Roman Muromsky, as well as ordinary participants in the scams – Mikhail Golovachuk, Andrey Bessonov, Ruslan Khansvyarov, Artem Zayets, Dmitry Korotaev and Alexey Malozemov. All of them were arrested by the Tverskoy District Court of Moscow and are still being held in custody.
Meanwhile, the investigation found that the defendants did not commit a single crime in Russia, and the State Department of this country did not provide the promised evidence of their possible involvement in financial scams in the United States.
As a result, the alleged members of the “liquidated organized crime group REvil” were accused only of illegal use of bank cards and storage of a malicious program. It was not possible to find out the origin of the cash seized from the accused in the amount of 426 million rubles, $600 thousand and €500 thousand, and the experts did not even undertake to evaluate the cryptocurrency belonging to the likely hackers.
As a source close to the investigation explained to Kommersant, the defendants, if they were related to the international hacker group REvil, could only be among its many clients. The fact is that the conspiratorial group itself does not specialize in “computer” crimes, but only develops and sells the software necessary to commit them. Her business is a kind of IT platform hosted on the darknet, which allows the client to remotely infect the networks of the selected company with a virus, conduct confidential negotiations with the “victim” and, finally, securely receive a ransom from her. It was REvil’s clients who over the years made successful cyber attacks on Quanta Computer, the main supplier of components for Apple Corporation, the largest meat producer in the world JBS, Colonial Pipeline, which owns oil pipelines in the United States, again the American IT company Kaseya and about two dozen other major international corporations. At the same time, the hacker group itself remained in the shadows all this time. It was also not possible to liquidate it following the results of the Russian-American special operation carried out in January. In any case, throughout 2022, REvil continued its activities on the dark web and even reported three new cyber attacks committed by community partners using the software provided to them.