RBC article on information security
I don’t know about you, but I feel a little scared when the authorities fall. At such moments, the compass needle of my preferences begins to move, and at first I have no confidence that it moves in the right direction.
In early December, I bought another issue of RBC magazine and was amazed at the low level of material I found in one of the articles.
The article is called “Threat at your fingertips” (by Maria Simonova) and it’s not about how many germs can be found on an unwashed keyboard, so stop your hand reaching for cotton wool with alcohol. The article deals with the fact that in the field of information security, with the advent of the crisis, it has become hotter than ever before.
')
No, I believe that such a faculty was. I am sure that in those days computers were under the supervision of the KGB., but there is one “but” that breaks to pieces what the author writes.
The “fight” of viruses is possible only in an environment in which there is multitasking, i.e. when a computer can reallocate processor resources between two or more programs.
That's bad luck, but the first popular version of the widespread operating environment with multitasking (Windows 3.11) was released only in the 90th year! And MS-DOS, popular in those days, is unfortunately single-tasking. You can, of course, also say about the Macs of the time. But they, too, were very poorly distributed.
Update: friends, I apologize, I really was incompetent in this matter. I beg your pardon.
Therefore, I think so, viruses fought students of the KGB Higher School step by step. Which, of course, only added to the entertainment! :)
The result of a bad translation of the article by CNews; the original is here .
And the essence of it is that according to Puerto Rican laws, the student must provide the originals or copies of some documents that are stored in the school. Allegedly, the criminals broke into 50 schools. What looks like much more believable.
And there were not 7,000 schoolchildren, but only 12,000 people, including schoolchildren and teachers.
The source was here .
The sum of 1 trillion turned out something like this - they took the cost of causing damage to one network (it is not clear what they meant by this), and then multiplied by the number of networks (again, it is not clear where it came from). Got an incomprehensible result, which is quite understandable published. But the figure is beautiful!
Artem Sychev, head of security at Rosselkhozbank, is trying to make a bold correlation between what I don’t know that my money has gone from the account and the damage to 500 thousand. And here it is? Unclear. Considering that the percentage of clients who work only through the Client-Bank system is indecently small. And also, despite the use of the Client-Bank system, I can always come to the bank and demand the issuance of a paper statement.
In addition, it should be recalled that large banks (Sberbank, for example) use technical tools that make the DDoS attack quite problematic. However, Artem Sychev, probably, such funds are unknown.
Probably from the very beginning it should be said that if you put something on the network, then the robots.txt file will protect only from the search robot. A regular user does not know about the existence of this file, and certainly will not pay attention to it.
An analogue with real life can be done like this: I put a pack of documents on the lawn and hang a sign “Do not walk on the lawn”. The safety of documents out of danger, right? If you understand that the Internet was created precisely for the information to be open, then you are already lucky. The author of this article clearly does not understand.
I do not know what to do with the enchanting nonsense about offshore subsidiaries. Anyone who has registered an offshore company at least once knows that all the documents are prepared by the hired company, which will continue to conduct the “empty” business of this company in the country of registration. And where will these documents come from in a printer in Russia?
In addition, the author of the article does not understand the essence of raiding at all, which cannot but be sympathized with. Raider seizure is always carried out for legitimate reasons, but these grounds are created with the help of forged documents.
Therefore, a few hours before the capture, you can find only traces of thorough preparation and registration of the property, but not the names of the performers "somewhere on the Internet."
As for the documents “pulled out” from the printer, then indeed, this feature was (in practice never implemented, but hilarious), but such “pulling out” even then required an eerie, almost impossible coincidence of hardware and software, which today impossible - manufacturers have long ago corrected it. Therefore, a normal person does not expect to meet such a passage (also for the authorship of a member of the board of directors).
Of course, the price list is taken from the sponsor of the article - the company Symantec. The only problem is that the table heading information (bank account details) in Russia is not particularly closed: it appears in legal entities in each invoice or invoice (I’m not talking about the contract), it is usually more hidden in individuals.
However, what gives the possession of such information? Ability to withdraw other people's money? Not. Opportunity to know their availability? Not.
Identification data (under which the article contains a non-existent “social insurance number” in Russia), about which it’s stated in the “price list” that it wasn’t a special problem to find out, but here it’s necessary to understand what data?
“Cashing services” is a complete nonsense. For a country that basically prefers cash (that is, for Russia), this service is in the “obvious-unbelievable” area.
If we are talking about "cashing" for individuals, then there is no crime. I had 100 rubles of my money in non-cash form, I made 100 rubles of cash from them (minus the commission). What is criminal?
I propose to discuss the remaining points to the readers.
Summing up, I would like to say that the cost of advertising in the RBC magazine on those bands that the article would occupy would cost about 2.5 million rubles. That is how much it costs, for example, a studio apartment in my city. How much is the work of the author - not for me to decide.
And now - the curtain.
PS Original scans of the article: one , two , three , four , five .
In early December, I bought another issue of RBC magazine and was amazed at the low level of material I found in one of the articles.
The article is called “Threat at your fingertips” (by Maria Simonova) and it’s not about how many germs can be found on an unwashed keyboard, so stop your hand reaching for cotton wool with alcohol. The article deals with the fact that in the field of information security, with the advent of the crisis, it has become hotter than ever before.
')
No, I believe that such a faculty was. I am sure that in those days computers were under the supervision of the KGB.
Update: friends, I apologize, I really was incompetent in this matter. I beg your pardon.
Therefore, I think so, viruses fought students of the KGB Higher School step by step. Which, of course, only added to the entertainment! :)
The result of a bad translation of the article by CNews; the original is here .
And the essence of it is that according to Puerto Rican laws, the student must provide the originals or copies of some documents that are stored in the school. Allegedly, the criminals broke into 50 schools. What looks like much more believable.
And there were not 7,000 schoolchildren, but only 12,000 people, including schoolchildren and teachers.
The source was here .
The sum of 1 trillion turned out something like this - they took the cost of causing damage to one network (it is not clear what they meant by this), and then multiplied by the number of networks (again, it is not clear where it came from). Got an incomprehensible result, which is quite understandable published. But the figure is beautiful!
Artem Sychev, head of security at Rosselkhozbank, is trying to make a bold correlation between what I don’t know that my money has gone from the account and the damage to 500 thousand. And here it is? Unclear. Considering that the percentage of clients who work only through the Client-Bank system is indecently small. And also, despite the use of the Client-Bank system, I can always come to the bank and demand the issuance of a paper statement.
In addition, it should be recalled that large banks (Sberbank, for example) use technical tools that make the DDoS attack quite problematic. However, Artem Sychev, probably, such funds are unknown.
Probably from the very beginning it should be said that if you put something on the network, then the robots.txt file will protect only from the search robot. A regular user does not know about the existence of this file, and certainly will not pay attention to it.
An analogue with real life can be done like this: I put a pack of documents on the lawn and hang a sign “Do not walk on the lawn”. The safety of documents out of danger, right? If you understand that the Internet was created precisely for the information to be open, then you are already lucky. The author of this article clearly does not understand.
I do not know what to do with the enchanting nonsense about offshore subsidiaries. Anyone who has registered an offshore company at least once knows that all the documents are prepared by the hired company, which will continue to conduct the “empty” business of this company in the country of registration. And where will these documents come from in a printer in Russia?
In addition, the author of the article does not understand the essence of raiding at all, which cannot but be sympathized with. Raider seizure is always carried out for legitimate reasons, but these grounds are created with the help of forged documents.
Example. Company A has an office in the center of Moscow. Individual “B” wants to get this office using raider capture. Then an individual “B”, using a nominee, prepares and submits to the tax inspectorate a statement certified by an unclean notary official to change director. The new director will be the person "B". The tax inspectorate does not legally check the conformity of documents to real things, the applicant is responsible for this and the notary supervises this. Becoming a new director, or "B" signs a contract of sale with the company "G", which immediately submits documents for registration of ownership.
After the registration is completed, the company “F” is a bona fide purchaser, so she takes the police as an assistant and goes to evict company “A” from the office. The grounds are 100% legitimate. However, the fact that the director of firm "A" was appointed by forgery is the reason for another trial. While it goes, the firm "Zh" sells property further down the chain and it becomes almost impossible to reclaim it back.
Therefore, a few hours before the capture, you can find only traces of thorough preparation and registration of the property, but not the names of the performers "somewhere on the Internet."
As for the documents “pulled out” from the printer, then indeed, this feature was (in practice never implemented, but hilarious), but such “pulling out” even then required an eerie, almost impossible coincidence of hardware and software, which today impossible - manufacturers have long ago corrected it. Therefore, a normal person does not expect to meet such a passage (also for the authorship of a member of the board of directors).
Of course, the price list is taken from the sponsor of the article - the company Symantec. The only problem is that the table heading information (bank account details) in Russia is not particularly closed: it appears in legal entities in each invoice or invoice (I’m not talking about the contract), it is usually more hidden in individuals.
However, what gives the possession of such information? Ability to withdraw other people's money? Not. Opportunity to know their availability? Not.
Identification data (under which the article contains a non-existent “social insurance number” in Russia), about which it’s stated in the “price list” that it wasn’t a special problem to find out, but here it’s necessary to understand what data?
“Cashing services” is a complete nonsense. For a country that basically prefers cash (that is, for Russia), this service is in the “obvious-unbelievable” area.
If we are talking about a “cash out” for legal entities, then this is, first of all, not a transfer of money from non-cash to cash, but tax evasion. In this case, the firm "A" pays the firm "B" the amount with which the firm "B" manages not to pay taxes. Then firm “B” quite legitimately turns its non-cash money into cash and tell me, what is illegal in such an operation?
It is clear that further money minus the percentage of "on the ice cream" is given to the firm "A", but the price of such a "cashing" varies greatly. And not like in the article, 8-50%, and then from 2-3% to 15%, with a further increase in the percentage it is cheaper to pay taxes than to “cash in”.
If we are talking about "cashing" for individuals, then there is no crime. I had 100 rubles of my money in non-cash form, I made 100 rubles of cash from them (minus the commission). What is criminal?
I propose to discuss the remaining points to the readers.
Summing up, I would like to say that the cost of advertising in the RBC magazine on those bands that the article would occupy would cost about 2.5 million rubles. That is how much it costs, for example, a studio apartment in my city. How much is the work of the author - not for me to decide.
And now - the curtain.
PS Original scans of the article: one , two , three , four , five .
Source: https://habr.com/ru/post/78462/
All Articles