30 Апреля, 2019

Find and neutralize "anonymus"

Игорь Бедеров


Igor Bederov's office
In the summer of 2018, Russian merchants for the first time encountered a fraudulent bot paralyzing the work of firms due to the mass sending of applications to their sites, phone numbers and feedback forms. The founder of the Internet-Search company , Igor Bederov , told how the products he created help the business to calculate the attackers by phone number, email address or Telegram account.
Prehistory
Igor Bederov’s business journey began with competitive intelligence. Having gained experience as a security manager for a large network of hypermarkets, in 2014, Bederov created the project “Business Intelligence | CABIS. The main task that the entrepreneur had to solve was the search for legal sources of information to ensure business security, which would not be inferior to closed bases of law enforcement agencies. Subsequently, he founded the “Internet-Search” - information and analytical company that specializes in the prevention and investigation of crimes in the field of economic activity. This is how products “TelPoisk” , “IP-Search” and “Telegram-Deanonymizer” appeared.
"TelPoisk"
It took just two weeks for the founder to launch a pilot version of the TelPoisk service in 2016. Since August 2018, an updated version of the program has been available for users, through which the client can obtain information about any phone number or e-mail worldwide. Based on an analysis of open sources, the system tells you who the intended owner of the number or email address is, and also calculates its probable location. TelPoisk is also useful in ensuring the security of individuals, for example: if you received an SMS message about an allegedly blocked bank card, this is a typical trick of fraudsters. Unlike analogs, TelPoisk processes a greater number of information sources - there are 60 in total.
The following data arrays are analyzed:
telephone switching information and email server;
information from social networks and instant messengers;
data of bulletin boards, vacancies and resumes, telephone directories;
information from banking services.
In addition, the service is not limited geographically - in whatever corner of the planet the owner of the phone is located, it is possible to establish the owner of the number in 70% of cases. Full identification is done for half the requests.




TelPoisk
An extended version of the analytical system provides the exact addresses where the GSM-subscriber has been registered, and also displays a list of telephones located near it. For collection services and collection agencies, the report on the telephone number provides information on the address of registration and the actual addresses of residence, as well as on which bank cards the number is attached to.
The business model of the project is based on the provision of paid services. The user gets access to his personal account and can set up automated information retrieval.
“IP-Search”
Functionally, the IP Search service is close to the previous one, but the computer’s IP address is used as a starting point for gathering information. The advantage of the system developed by Bederov is that it not only calculates the city as similar WHOIS services, but also calls the intended physical location of the vehicle. To a specific building. The site owner, who was logged in from any IP address, can check the data on the type of device, the name and version of the operating system and browser, and also calculate whether the user has not used anonymization tools such as VPN or TOR. All this helps, for example, in determining the exact site traffic. The system shows the real share of increased web page traffic as a result of promotional activities. It is no secret that traffic from the same China will give nothing to a local entrepreneur in Russia.




Telegram-Deanonimizer
Well, the service “Telegram-Deanonymizer” will help, if necessary, to calculate the identity and location of the anonymous Telegram user. By the way, a similar idea was recently proposed by the Center for the study of legitimacy and political protest in the form of the product "Cryptoscan".
The scammer ordered a computer
According to Igor Bederov, its development is a useful tool for business owners and ordinary users who are faced with the need to verify contact information. Such information eliminates the problem of network "Anonymus", helps prevent cases of Internet fraud, fraud, blackmail and extortion, as well as other crimes committed with the help of Internet technologies. If the attackers have already succeeded in realizing the criminal intent, TelPoisk, IP-Search and Telegram-Deanonymizer help to investigate the incident and find the natural person who is behind the incident. It also establishes a specific electronic device with which the criminals committed unlawful acts. The provision of such information to law enforcement officers significantly speeds up the terms of their work and allows for punishment of those responsible.
Igor Bederov recalls a recent case at the Sberbank-AST electronic trading site, when an unknown fraudster registered as a representative of a large company and placed an order for the supply of computer equipment. At the same time, the falsified papers provided to them were missed by the system. However, the victims of fraud could themselves verify the contact details of the counterparty and make sure that he had nothing to do with this company.