We present to readers another interview as part of a series of meetings with members of the Russian branch of the Young Presidents Organization (YPO). This time, Dmitry Agarunov, publisher of Svoye Biznes, spoke with Ilya Sachkov, the founder and co-owner of Group-IB, one of the leaders in the global information security services market.
"Being secure online is easier than being secure on the street"
Ilya, hello! As we meet, the business world is in a panic over the Petya ransomware virus. More recently, the same excitement was around another virus - WannaCry. Attacks are becoming more frequent and large-scale, and the damage inflicted is becoming more and more tangible. And first of all, I want to ask you, as an information security expert: what should be done right now and in the future in order not to become victims of such massive attacks?
In order to protect yourself from something, you need to understand what creates these threats. If you look at most large companies, Russian or international, at first glance it will be hard to believe that they are vulnerable. Usually such a company looks like a very strong, trained boxer, who, however, has never fought anyone. He looks protected, strong, brave, but he has not had a single boxing match. Or as a recruit, armed to the teeth, in a brand new uniform, who has just landed in the desert and has not yet figured out who, from where and how can attack him. In a typical large company, there is the concept of "information security", some solutions have been purchased, but there is no understanding of who we are protecting ourselves from.
Now in 2017, organizations are still making the three simplest cybersecurity mistakes. First, employees open attachments from unknown people, believing that text documents and spreadsheets cannot contain malicious code. They continue to do so despite thousands of reminders not to open emails from people you don't know, or even famous people unless you're expecting them, and mindlessly click on a file that supposedly contains interesting information, pictures, accounting documents, etc. e. The second common mistake is not backing up important files. And the third - the software is not updated.
After the recent WannaCry outbreak, many organizations failed to correct the bugs and suffered damage from the Petya virus. There are more than 150 such organizations in Russia, they have suffered significant losses, some have stopped production.
What is the scale of the losses from such an epidemic? Are we talking about hundreds of millions of dollars in total?
Yes, the order is something like this, but all these assessments are of an expert nature, they do not come from the affected companies. A large and well-known advertising agency has a full office. Direct losses in this case are the payroll of the entire organization in one day. But there are also indirect losses - lost profits. On a global scale, these losses add up to hundreds of millions or even billions of dollars. And this is all the more insulting given the fact that the virus itself is rather primitive, and the scale of the epidemic was influenced by the human factor. Why would an employee open a letter from an unknown person and run the attached file? Who is asking to do this? Hence the main conclusion: if you do not want to become a victim of the next epidemic, study how attackers gain access to a computer. Now knowledge of information security at a basic level is necessary for every person. One should not think that an IT specialist needs this knowledge, and if, for example, I am an economist, then this is superfluous for me. In the modern world, this knowledge is an analogue of the rules of the road. We may not understand why we are required to behave in a certain way on the road, what is the rationale for these requirements, but we know that our safety depends on how we follow these rules. In human society, if we don't know the simple rules, we will run into problems. And the further, the more problems there will be. From the point of view of physical security, we live in the most prosperous time, but at the same time, the number of people is growing, dishonest people, intruders are also increasing. Now they are naturally switching to the use of information technology. The number of physical crimes will decrease, we will feel safer on the street and, I hope, there will be no wars either. But at the same time, there will only be more fraud, attacks via the Internet, elementary online bullying and trolling - this is the law of society.
Is evil always looking for a way out?
Yes, someone expresses aggression in this way, and someone, without any hatred, simply earns money, taking advantage of the naivety of other people. Physical danger is getting smaller and crime is transforming into digital. Terrorism and classic crime go there. For humanity, this is good, because it is easier to be protected on the Internet than to be protected on the street. We can increase our safety on the Internet through both information technology and education. You can teach the basics of safe behavior on the Internet from childhood. For example, Kevin Mitnick's book "The Art of Deception" about social engineering can be read in grades 8-9, there is nothing inaccessible to teenagers.
Young people, as always, are more advanced.
According to my observations, in principle, people's age is decreasing, starting from which they are not able to deal with complex information technologies. I think it will continue to decline. A ninth-grader, quite advanced, works and receives a salary for us.
Returning to WannaCry and Petya, do you have any idea what the creators of these viruses were after? Just wanted to make money, get a ransom?
In both cases, the attackers infected many computers and made little money. The distribution mechanism was interesting, and if they wanted to earn more, they could do it. It was possible to create a downloader program that determines what is on the computer: if there is access to payment instruments, it could try to steal money; if confidential data could be found, the owner could be blackmailed. There are many ways to earn.
Since earnings were not the main goal, one could assume that this is a kind of terrorism, deliberate sabotage in the interests of some group. But the terrorists would certainly have used the attack as a PR opportunity, because the story turned out to be very media, and there were no terrorist slogans in it.
I have a guess, without any evidence yet, that this was some kind of digital weapons test, a cyber army training mission with cover-ups. Encrypting data on a computer and demanding a ransom is just a disguise, and the real goal is to see how much it is possible to destabilize the situation in this or that country, how it affects the economy, what happens, how people react - an interesting drill.
“With 200 employees, we outperform American companies with 2,000 employees”
I know that you are a fan of running, and not just running, but with obstacles. How did you get into it and what does it give you?
It seems to me that sport should be in the life of every person - it prolongs life, helps fight stress. Therefore, from a certain point in my life, sports began to be present in it every day in various forms: Thai boxing, yoga, a regular gym, running.
I like running because it is a very simple sport: you went on a business trip, took your sneakers with you, and when the opportunity arose, you changed your shoes and ran. In addition, while running, you can listen to audiobooks at the same time, and if you run at a low pace, you can still talk on the phone. And when you first arrive in a new city, you can explore it while jogging.
Obstacle running, if you are talking about the "Race of Heroes" (team military sports game, supported by the Ministry of Defense of the Russian Federation - approx. ed.) I was interested because my younger brother served in the GRU special forces, and I envy him, I also wanted to dig in the mud, run under fire and combine it with sports. Moreover, this is a very cool team building. When you and your colleagues pull each other out of the mud, or someone falls from a height of three meters, and you catch him, you quickly develop a close connection, plus there is a competitive effect.
In general, it came from somewhere in childhood. As a child, I loved to play Zarnitsa, we arranged such exercises in Izmailovsky Park when it was necessary to rip off the shoulder straps from the enemy, and the Race of Heroes for me is a continuation of such a military story. Well, I also think that since we are engaged in information security, you need to be in a strong body, because a healthy mind is in a strong body, and since there is a lot of stress, you become stronger in a sense.
That is, you transfer some features of such a paramilitary organization to your company, right?
In general, yes, this also slips in the Group-IB branding. For example, our passes have a superficial resemblance to the FBI IDs.
At work, you play war games ...
Yes. But it's not we who came up with the idea that you need to work effortlessly. Yes, we do work and play.
Do you force employees to play sports?
I do not force, but I strongly incite. That is, I show that such a way of life allows a person to be more efficient in many aspects. There is no obligation, there are free corporate classes - Thai boxing, yoga. And in the summer we run in the Neskuchny Garden, train before the “Race of Heroes”, sometimes we just organize races.
And if someone shirks, is he not blamed, not discriminated against?
No, absolutely. But there is a direct, scientifically proven, causal relationship between that exercise and energy levels. Sport makes a person energetic, promotes the development of willpower, and energy and willpower are important factors for success. So the one who refuses sports makes his own choice.
Sport is certainly useful, and joint rest is needed. But as far as corporate culture is concerned, it seems to me important to draw the line beyond which we begin to impose something, invade personal life, and get the opposite effect to what was expected - employee loyalty is falling, the image of the employer is suffering. Are you afraid to cross this line?
We understand that all people are different, they have different emotional intelligence, they can have completely different pastimes. But there are a number of rules that are mandatory for everyone, starting with safety rules. All our employees agree that they undergo various tests, including a polygraph. And this actually motivates many, they are also playing a certain game at this moment, there is nothing wrong with that. It's not that we don't trust someone. On the contrary, we trust each other, also because of this. Our business has such a feature - customers trust us with such information that can completely destroy their business if it ends up in unkind hands, or illegally enrich someone. Therefore, we agree to these rules of the game.
That is, such a spetsnaz approach is hidden behind the game form ...
Yes, and here it is important not to go too far, so that it does not turn out like in state-owned companies, where the security service is hell for employees and an obvious negative. We try to do it in a positive way, employees know many examples when non-compliance with safety rules can lead, among other things, to physical problems with human safety. We have come across such stories as shooting at a car with pneumatic weapons, arson of a car, vandalism, threats, night calls and so on - this is something that constantly accompanies us.
It turns out that for your employees such risks are a common addition to official duties?
We are different from a company that just sells protective equipment. If a company simply sells protective equipment, it is not responsible for how these funds will be used. And we are hired to conduct an investigation, we are responsible for its outcome and we will do everything possible so that the criminal who harmed our client is punished in accordance with the law of the country where he is located. It's not really a game anymore - we are fighting against real crime, and people understand this. This is a very serious job, and there have been cases when applicants turned down an offer to work for us when they realized that in the course of work they could theoretically face danger.
That is, you, like in a security agency or a detective bureau, military discipline is necessary.
Absolutely. And it gives us a very important competitive advantage. In the information security business, it is impossible to make protections if you do not spend a large number of hours every day analyzing incidents and understanding who is committing these crimes. It is thanks to this that we now, with about 200 people in the state, are superior in some technologies to American companies with a staff of 2,000 people. Simply because they do not spend enough time studying threats and analyzing incidents. This is very important, as in any business - you need to study the source of the problem in order to be able to solve it. And around this we have a certain HR history, a team is being formed. It's just a source that fuels the viability of the company.
We started in 2003, and until 2009-2010 we were only "pathologists". We were called only if something bad happened: guys, sort out the incident. The paradox is that we received all such requests from large companies that spent money on security, hired cool security specialists. But when the incident happened, they could not figure it out themselves and called us. The reason I see is that companies rely on the marketing of protective equipment manufacturers, who really have little understanding of what is happening in reality today.
“We employ autists, super-genius people”
So, you have an understanding of who commits high-tech crimes. Can you describe the portrait of a typical criminal?
Let's take the example of the most popular computer crime in Russia - theft of money from legal entities from Internet banking. Usually there are 15-20 people in a criminal group, because someone has to write a virus, someone has to create an administrative panel for it, someone has to distribute it, catch up with traffic. And there is a part of the group that plays an equally important role: after all, it is necessary not only to infect the computer from which Internet banking is accessed, but then to withdraw money and cash out. In Russia, historically, everything related to cashing out is supervised by quite serious organized crime. In the last 5-6 years, a clear link between people who perform the technical part of the work and the economic one has become familiar. And here is the creator (the creator of the virus. - approx. ed.), who is smart, studied in physics, and most often self-taught with a high level of IQ, this is one person for the whole group. The rest are unpleasant people, typical members of an organized crime group, whom you don’t really want to meet in life.
What is the motivation of this high IQ guy? After all, he, as an intellectual, is probably also unpleasant with such accomplices?
We noticed that in many criminal cases against those who write viruses, there are defendants who either have a diagnosis of autism or not, but they are clearly close to autism to some extent. At first we thought that it could be a coincidence, but then such cases became more and more. We talked with colleagues from the Ministry of Internal Affairs at a fairly high level - it turned out that such statistics really exist. This fact has already been noticed by the Americans, and they have a separate program - the selection of talented young people with signs of autism of varying degrees in the right social environment. And what is happening in Russia? This topic is not related to hackers, it is connected in principle with the education system. Our history with autism is very poorly developed in terms of proper education and adaptation of these people. Very often, parents are afraid, for example, to receive this status for a child, or do not even notice that it exists. A person enters the social environment, the school. He is an unusual, special person, and our children are very angry.
They start bullying him...
Yes, and he is socially isolated. Autistic people are geniuses in their own way. We employ people with varying degrees of autism, there are not many of them, about 15 people out of 200. I can tell you that in terms of analytical work, immersion in a task, the ability to think outside the box and collect information, and find unique solutions, they are just super-genius people . Well, when they are in a comfortable environment, when they are the heroes of the team, when they are treated in a special way, separate jobs, flexible work schedules, a mentor from the team, then these people make absolutely brilliant employees. But what happens if there is no friendly team? At school, he is embittered, he withdraws from the world and plunges into the computer. He first shows his anger through some kind of computer hooliganism, then he thinks of something more complicated.
Therefore, one of the things that needs to be done in Russia to prevent computer crimes is the education system for autistic children, the allocation of these people to the right social groups. And the other thing is computer hygiene education, which is still missing in our schools. My school still has one OB lesson per week for everyone from 9th to 11th grade. What do they teach there? How to throw a grenade at a tank and how to put on a gas mask if the Americans attack us. Military technology has advanced so far that we, with all our desire, will not be able to throw a grenade at a tank, it will not come to that.
“Failure to cooperate with the state is the wrong position”
Let's discuss the situation around Telegram: a brilliant Russian guy created a cool messenger, the state should be proud, but it insists on total control, imposes bans, intimidates. Who needs it, how much does it contribute to security in at least something? It seems to me that real terrorists will not write to each other in messengers: “Bring me explosives there” or “Today we are blowing up there in such and such a metro station” ...
For some reason, some people are convinced that this is exactly what happens: the terrorists sit in the forest, then they go out, take out their phone, open Telegram, and send each other messages with emoticons.
There are two aspects to the Telegram story. The first aspect is demonization, when officials make statements that terrorists use this messenger. Even assuming that this is indeed the case, Telegram is just a technology, just like everyone else. Let's look more broadly: the terrorist uses the phone, the Internet, the browser. He uses a telecom operator that gave him the opportunity to use the Internet. And, if we take the St. Petersburg terrorists as an example, they also used e-mail boxes from a Russian provider. But there are no complaints about the suppliers of all these technologies. Why is the telecom operator not demonized? One could say that the terrorist used the Big Four operator. Did you use it? The operator did nothing about it, the terrorist used the technology.
It is impossible to defeat terrorism technologically, through the control of instant messengers. It is important to understand that in the modern world of crypto-algorithms, anonymous Internet access, which is used by organized crime, the only way to deal with these people is to infiltrate. A serious criminal will not use Telegram, he will use modern technology in such a way that he will not be seen. Its traffic cannot be deciphered, no matter what laws are adopted in the country.
If we recall the times of the tsarist secret police and the Soviet special services, then there were practically no technologies, but at the same time, almost everything was known. There was an introduction to all groups, the prevention of many sabotage.
I am sure that the state is doing this even now, it’s just that, unfortunately, everything is presented differently to us in the media. By blocking the messenger, we will not solve the problem of terrorism, because any crime is committed by people. If you removed a virus from your computer, then the person who created it did not stop spreading his virus because of this. It’s the same with Telegram: if we took away their favorite messenger from the terrorists, it’s naive to believe that they will sit somewhere in their gorge, they will say: “Damn, guys, our Telegram channel was blocked, our mission failed, we need to disperse ', it doesn't happen.
The second aspect of this story is that Durov was not asked to open the source code, they were not asked to open encryption algorithms. He was asked to do two simple things: help identify the user in case of serious crimes and block the group if necessary.
What is the need?
Look, on the Internet, any site has a domain registrar and a hosting provider. Let's say a site appears on which information discrediting me appears. Now, in whatever country I may be, there is a mechanism that allows this information to be deleted. I submit a request to law enforcement agencies, and the state has the opportunity to contact the hosting provider, the domain registrar to block the site and find out along the way who registered the site, paid for hosting and posted information.
Blocking and investigation may be necessary in a number of cases - if the site hosts child pornography, drugs are distributed, computer crimes are committed, etc. I'm always against blocking because blocking doesn't kill people, but I'm all for digital information gathering. Telegram says: we are for anonymity. Anonymity is good, we all do not want outsiders to climb into our private lives so that the state knows something about us. In fact, very often I am against the laws that are adopted in our country, I am directly aggressively opposed. But in the story with Telegram, I believe that a fundamental refusal to cooperate with the state is the wrong position. The state was historically created as a guarantor of security for people. Do you like being searched at the airport? So I also do not like it when the border guards touch me, but I agree to this. In Germany, I was once forced to strip naked and touched me with gloves on. I am completely calm about this: I am ready to reveal my anonymity, let them touch me, but I can be sure that everything will be okay on the plane in which I will fly. The same is true on the Internet. I am ready for my anonymity to be revealed by a court decision, but I also want to be sure that any state, not only Russia, has mechanisms to protect its citizens in case of information that clearly violates someone's rights. Imagine that there is a group where they post your private photos stolen from your personal phone, and you have no legal mechanism to block this group. How will you feel at this moment? You will understand that you would like some kind of response from the Telegram administration, and people who have experienced blackmail through Telegram are ready to confirm this.
In general, it turns out a double-edged sword: it is impossible to demonize technologies in any case. Terrorists can use anything. When the news says that the terrorists used Telegram to communicate, it sounds to me like the terrorist was still wearing jeans, he had a watch. Terrorists are known to love G-Shock watches. Why do we still sell G-Shock watches? After all, they are used by terrorists. On the other hand, the owner of any popular Internet resource wants some help in case of problems.
“Joining YPO completely changed my life”
Almost a year ago.
What did you get for yourself this year?
When I summed up the results of the outgoing 31st year of my life, I do it every year, I considered joining Y PO to be the main events of my whole life, and not just the year. This high significance is primarily due to the people I met in the organization. In a very short time, I have strangely developed close relationships with many YPO members both in Russia and abroad - not a working relationship, but just such an emotionally close one - it really inspires me.
Before that, I had a classic situation: it’s difficult to raise some issues with employees, and you won’t share, you won’t discuss, no one will understand, and relatives also live in some kind of reality. And when it became possible to communicate regularly with people who solve the same problems as you, have more experience in some issues, and all this is so positive, it completely changed my life.
In addition to people, as you know, there is still a lot of things there, and useful in terms of self-development, and travel, and sports, and work.
If a person understands that he has room to develop, if it seems to him that he is alone in his worldview, that it is difficult for him in this world, he feels lost, or wants to understand that there are thousands of ways for progress that he has not even tried , then YPO suits him. Or someone who thinks that everything is in order with him and that he doesn’t need anything else from life - this is a very dangerous condition. There is always room for improvement, and with the advent of each new person in life, the many options for the development of your destiny are expanding. There are people in YPO who, after listening to me and advising me in 10 minutes, gave me what I could not find on my own in three years, to understand some situation. So I highly recommend YPO, they are exceptional people and a great organization - in the way it is run and how everyone tries to make their own contribution. I haven't seen this before.
Ilya Sachkov Graduated with honors from Moscow State Technical University. N. E. Bauman (Faculty of Informatics and Control Systems, Department of Information Security). Founder and CEO of Group-IB. Member of the Expert Council of the State Duma Committee on Information Policy, Information Technologies and Communications, as well as expert committees of the Russian Foreign Ministry, the Council of Europe and the OSCE in the field of cybercrime. Co-Chairman of the RAEC Cybercrime Commission, Member of the Council of the Coordinating Center for the National Internet Domain.
YPO The Young Presidents Organization was founded in 1950 in New York by a young American businessman, Ray Hickok. Today it brings together about 24 thousand entrepreneurs in more than 130 countries, including Russia. YPO is the largest global organization founded on the principles of membership, equality and diversity, bringing together leaders and owners of large companies who have reached their status under 45, as well as their families, to create unique opportunities for development and continuous growth, knowledge and improvement of the world around. The companies represented by the members of the organization employ about 15 million people, and the total income of enterprises is estimated at 6 trillion dollars annually. The main goal of YPO is to improve management skills through continuous learning and the exchange of ideas. The formation of a global network of successful young managers provides participants with a unique opportunity to exchange ideas and experience on a variety of topical issues of our time, from geopolitics and business, to issues of social responsibility and private interests. The organization works closely with leading educational institutions, including Harvard Business School, Stanford Business School and London Business School.
The desire to fight injustice pushed Ilya Sachkov, the founder of Group-IB, into the high-tech business: “I adhere to a very simple philosophy: do everything possible so that people have less trouble because of cybercriminals.” For 15 years, Group-IB has grown from a small detective agency into a technology company, more than 1,000 investigations have been conducted. The company claims that 80% of high-profile high-tech crimes are solved with its participation. The main income comes from products that allow you to identify and prevent a threat even before criminals have time to harm the business. Group-IB grows 1.5 times a year, operates in 60 countries (half of the business turnover is provided by foreign representative offices), and the founder of the company helps the Russian authorities improve information security legislation and dreams of a decentralized corporation whose business would not depend on one state in the world. In an interview with Inc. Sachkov told why antiviruses and two-factor authentication will no longer help entrepreneurs reduce the risk of a cyber attack, why not all Russian officials are pleased with the success of a domestic company abroad, and how the information security business has changed in the world.
How to protect your company
In 2010, a group of brothers Dmitry and Evgeny Popelysh withdrew 13 million rubles from the accounts of more than 170 bank customers from 46 regions of the country. The perpetrators received suspended sentences. The punishment did not stop them - later they stole more than 11 million rubles from 7 million accounts. In May 2015, during a joint special operation of the Ministry of Internal Affairs and the FSB in St. Petersburg, Popelysh was again detained (Group-IB employees were present during the search as experts). And in June 2018, the hackers were sentenced to 8 years in prison (their accomplices received from 4 to 6 years).
The name of this group became known in 2015: in 1 year it installed a Trojan on almost 1 million Android smartphones in order to deduct money from users' bank accounts. By November 2016, law enforcement agencies, with the participation of Group-IB, were able to identify 20 members of the group, 16 criminals were detained in 6 regions of Russia.
In 2015 and 2016, hackers attacked the international online dating service AnastasiaDate and provoked many hours of outages, demanding money for troubleshooting. Group-IB experts identified the attackers - they turned out to be citizens of Ukraine who extorted money from several international Internet companies. In early 2018, the court sentenced the criminals to suspended sentences.
During your work on the market, have you increased your hardware weight in the sense that your appeals to the police are now processed faster than before?
No, they are treated equally for everyone. But our weight has increased in the head of the investigator, who understands that if the analytics is compiled by Group-IB, then the likelihood of ending the criminal case with a guilty verdict increases, and not closing it because he simply cannot find someone. We guarantee that all evidence will be collected in full.
- Can the Russian police informally send a client to you?
A lead from the police that ends up in Group-IB is something unreal. In general, any law enforcement agencies - and especially Russian ones - have a zealous attitude to high-quality expertise. Sometimes the investigations that the security forces conduct for 2-3 years, we could conduct - technically and analytically - within a few days. Obviously, there is an urgent need to establish cooperation between law enforcement agencies and companies involved in protection against cyber threats. So far, our relationship with the authorities is not as cool as many people think, but we are working on it.
Someone from law enforcement agencies may ask you to informally transfer information about incidents - we strictly suppress this. Someone may ask to do work without a contract. They try to establish informal relationships with employees. They attack us for publishing our research and reports. These are the law enforcement agencies of the Russian Federation, and not just the police - everyone gets there. Who knows who I'm talking about - I say hello to them.
The last outrageous thing that made me really beside myself for half a day was that recently at a meeting in a government department, we were told that Russian companies cannot do computer forensics abroad. If in Russia there is a concept of "recruited agents of influence", then this person definitely falls under it. Forensics fly all over the world and study attacks, respond to incidents, but the Russians can't? The wording was: "Because the CIA will buy you and you will write in your report what the Americans need."
- Was it a proposal not to work abroad or a claim? What did you answer?
It wasn't an offer. This was said at the table in the presence of representatives of several ministries. I did not say anything because I was not at this meeting (the information was given to me by a trustee), but if I had been there, I would have said something obscene. (Sachkov did not agree to tell what departments he was talking about - Inc.)
After Russia, everywhere is simple
- You spoke about the low level of competition in your sector on the Russian market. How do you live with it?
We live with it normally. Thanks to this, we make a huge amount of R&D, which allows us to create cool technologies in the global market. Over the past year, financially, we have grown in volume by 62%, and the international market - by 50%. In the near future, we should receive 50% of the proceeds outside of Russia - we are close to this figure. Russia is important to us for two reasons. First, because this is our homeland. Secondly, this is a very good platform for R&D: there are many talented people who can do very complex research. And no matter how much Asia and the Middle East boast about their analysts, the Russians are still the best computer analysts. They are in the top 3 along with the Americans and the British.
- In addition to Russia, in which countries do you already work?
Our solutions are sold in 60 countries. Asia and the Middle East are actively developing now - these are the two most interesting and adequate regions for us. Latin America is doing well. Top markets by interest and adequacy are Singapore, Thailand, South Korea. Of course, Europe and the USA are developing steadily.
- You said before that your revenue from sales to the public sector is zero. Is that not true anymore?
Let's say it started to differ slightly from zero. The percentage of revenue from state power in Russia is 0.0001%. Recently, we have one-time contracts for forensic science with the police and the investigative committee. Basically, we provide services for conducting forensic investigations. This is a labor-intensive work that was previously done at the expense of the client. Now the state can pay for forensics, and the client can relieve himself of the financial burden. And this is a big plus. I'll explain why.
Previously, you, as a client who was hacked or whose data was encrypted and extorted for money, got into a queue to have your computer examined for free by the state. This queue reached three years. Since the spring of this year, the situation has begun to change. The state began to allocate budgets for expertise in private companies, which significantly speeds up the investigation and makes it possible to arrest in hot pursuit. Checking a computer costs from 50 thousand rubles to 1 million rubles. Depending on expertise.
- Where is the legislation that best protects against cybercrime?
Best in America. Also cool in the Netherlands. The key [factor] is the state's understanding that if it better protects the population and business from computer crimes, then the country's economy develops more dynamically.
- Where is it easier for you to work - here or in the West?
Everywhere is the same. After working in Russia, it seems equally simple everywhere. I have already seen so much that I can say: in any country, a Russian businessman is definitely stronger than any other who has not seen what is happening here - bureaucracy, stupidity, crime, envy.
- Is there less bureaucracy in the UK?
Everything is quite clear there - there are rules that are known. We do not have rules everywhere, and sometimes, when they say that there are rules, they turn out to be completely different.
Convicts are not allowed to enter
- You said that the information security market is hindered by politics, meaning that due to geopolitical contradictions between countries, it can be difficult for you to receive the necessary information. Is everything right?
No, there are two different things here, and it is important not to confuse them. First, politics interferes with the information security market. Second, politics hinders states from fighting crime. This is just related to the methods of information exchange by law enforcement agencies. Now countries do not cooperate with each other if they are in a political conflict - accordingly, it is impossible to investigate crimes committed by distributed groups on the territory of these states, when the victim is in one place and the perpetrator is in another.
About the information security market: there are examples when it specifically interferes. For example, Digital Security was sanctioned. And Kaspersky, as you know, lost the American market this year. It interferes with the market - not much for us.
- Because you did not fall under the sanctions?
Because we will not be subject to sanctions. To be sanctioned, a cybersecurity company, for example, needs to hire a former hacker without knowing he is a former hacker. You can not hire people who have committed illegal acts in the past. Never. No matter how talented programmers or analysts they are. You can fly under sanctions or lose the trust of customers, and that's all. The foundation of the cybersecurity business is trust
- Do you check employees on a polygraph?
Yes, they check a polygraph and a psychologist - when applying for a job, annually, and suddenly every year. This applies to any employee.
decentralized empire
- What is your strategic goal?
Build a new type of cybersecurity company that does not depend on any state. A company whose offices in almost every country completely duplicate the entire infrastructure that is here in Russia. My task is to make a huge structure of geographically distributed points (in my model there should be at least 40), where the logic of the Russian office of Group-IB is completely duplicated. Computer Forensics Lab, Investigation Unit, Security Operation Center, Local Researchers, Criminal Monitoring Structures. Nobody does that. What is it for? To fight crime is my main motivating goal.
To avoid these cross-border problems that are related to the fact that states do not give out information to each other?
At first, I couldn't say "no"
Client, employee, anyone. The ability to say “no” is an important quality for an entrepreneur. I didn't develop it right away. I wanted to be kind and help everyone, but many people begin to usurp, hang themselves on the neck, and this ends badly.
Didn't delegate tasks
I used to like to check everything in general - I looked at what was happening in each project. It is possible to do this when there are 15 people in the company, but it is impossible when there are 300. You can just break. Now I have a good team, but still I like to control some processes to the smallest detail. For example, I review all our interfaces before release, read the texts on our website and invitations to the conference. Sometimes I like to get into CRM and have a very deep talk with the salesman right on the deal. Now I do not consider this a mistake - it keeps everyone in good shape.
Knowing who cybercriminals are and what they are up to can be the first step to protecting your data, money, and reputation. Ilya Sachkov, the founder and CEO of Group-IB, told about this to students of corporate programs of the Moscow School of Management SKOLKOVO.
Thanks to films and TV shows, we are used to the fact that a crime is something tangible, something that can be seen: a killer kills a victim, a bully snatches a handbag from an old woman's hands, a safecracker breaks into a safe. However, every year the proportion of such “traditional” crimes is decreasing, while the volume of cybercrime, on the contrary, is growing. Every minute and a half there is one robbery in the European Union. And over the same period, there are about three thousand cases of data theft, and more than a dozen new malicious programs are born.
Organized crime is increasingly using the Internet, and cyberattacks, according to experts from the World Economic Forum (WEF), have now become the main global risks along with environmental and geopolitical problems.
Ilya Sachkov believes that the key element of cybersecurity is the knowledge of what modern computer crime is. By understanding the goals of cybercriminals, their motives and techniques, they can be effectively countered. The most common motive for computer crimes (about 98%) is financial gain, provided by hacking the same banking systems, extortion, fraud, and so on. Espionage, sabotage or cyberterrorism can also be a motive for committing a crime, usually characteristic of pro-government hacker groups, but the bulk of cyber threats are still related to cybercrime.
Unfortunately, most Russian companies do not understand what modern computer crime is, how it attacks, what tools it uses, and therefore business owners and their directors of information security (CISO) do not know how to protect their infrastructure or remote banking system (RBS). ).
For example, some still firmly believe in antiviruses, while world practice highlights the weaknesses of this approach: the most popular antiviruses were installed on many infected machines of bank employees, but they did not save them from infection, and as a result, attackers were able to take control over bank network and withdraw money from it. Company executives talk about risks and cyberattacks without knowing who a cybercriminal is, they often cannot name hacker groups, explain how they attack, what tactics they use.
Cybercriminals follow the money and are focused on the "mass market". For example, since most corporate accountants and bank employees work with Windows products, hackers target them, not Apple computers. Another example is that cybercrime sees no point in attacking the infrastructure of power plants or other strategic institutions. This promises them no economic benefit, only trouble - the threat of punishment for potential terrorism is extremely high. Conversely, pro-government groups rarely attack banks, and when they do, it is to destroy the banking infrastructure or spy rather than to rob.
In order to gain access to finances or to the services of companies that deal with RBS, hackers identify employees with access to financial flows. At risk are accountants and financiers. They are attacked either directly with the help of phishing mailings, or fake/infect sites that these employees often visit.
One of the most common vectors of attack and penetration into the network is still phishing emails that allow you to gain access to an employee's device and the services they work with. The employee receives a letter, like two drops of water similar to what counterparties, partner banks or regulators usually send, and opens it. But the attachment hides a malicious program that penetrates internal systems and looks for ways to “fix” itself in the system in order to then enable its creators to steal and withdraw money.
Most often, in order to push a person to open a fake email, criminals use social engineering methods based on the following psychological factors:
A) Curiosity. Phishing emails can be disguised as notifications about undelivered messages or about granting access to some files.
B) Fear. In this category of messages are, for example, angry letters allegedly sent on behalf of management.
IN) The pursuit of free goods. This category includes letters that “notify” the recipient about winnings, some kind of bonuses, and similar events.
Modern cybercrime sometimes has multi-million dollar budgets. These funds are used to hunt specialists, bribe officials, and develop hacker software. In fact, this is such a criminal startup in which no malware developer will waste their efforts and resources if they do not believe in success and have no idea how to bypass existing protection systems. Therefore, it is worth keeping in mind the precautionary rules, but be prepared for the fact that a possible attack will be delivered from where no one expected.
Ilya Sachkov shared with the SKOLKOVO business school students several tips that are useful both for ensuring personal security and for protecting your organization from potential outside interference:
– Remember that email access gives you access to your entire digital infrastructure.. Many services, messengers, programs are tied to mail accounts. So, if an attacker can get access to the mail - he can get into your infrastructure.
– Introduce two-factor authentication wherever such a procedure is available. This tool is not perfect, but will greatly increase your protection. An attacker will need not only your Internet account, but also access to your phone. Advanced criminals can also hack into a mobile device, but the threat from most hackers will be eliminated.
– Create multiple accounts/mails. You do not need to make sure that all your services will be tied to one email. If a criminal can gain access to such a box, he will be able to connect or even take control of all bound services.
– Use strong and secure passwords and change them regularly. The ability of attackers to guess and generate new passwords is constantly growing. Accordingly, it is necessary to change and complicate your passwords that protect access to your information.
– Make backups of your information. If your device or network is infected, your information is also at risk. Therefore, you should always have a backup copy of your data that you can use in case of a critical situation.
– Trust no one. Sometimes even your close friend, who for some reason needs your data, can turn out to be an attacker. And often, criminals can simply use the accounts of your friends to send you infected files and gain access to your money or information.
– Don't post anything online that you wouldn't do in public. Everything that enters the network remains there forever. A competent specialist will be able to access information about you, even if it was published 15 years ago, for example, on the St. Bernard lovers forum. If you are not sure that some data will not be able to compromise you in the future, do not publish it.
– Maintain your cyber literacy. If you follow the news of the cybersecurity world and follow the recommendations of experts in this field, you will be better prepared for cyber threats and protected from them than the vast majority of people. Attackers want to get access to your money or information. But few of them will try to bypass protection, which will require additional efforts for them. For example, Ilya Sachkov recommends studying Group-IB reports, articles published on Dark Reading, SecurityLab, Nick Bilton's Cybercriminal No. 1, and books by former hacker Kevin Mitnick.
Group-IB is an international company specializing in cyberattack prevention. Over 15 years of investigating complex incidents, the company's experts have accumulated a unique knowledge base and built a global infrastructure for monitoring cyber threats - Threat Intelligence. Recognized by Gartner, Forrester and IDC, this system is at the heart of the Cyber Defense product line. Among Group-IB clients there are companies from Russia, EU countries, USA, Brazil, Canada, in particular Microsoft, Rostec, Aeroflot, British Petroleum, DHL.
Ilya Sachkov is a Russian entrepreneur, founder and CEO of Group-IB. Member of the Expert Council of the State Duma Committee on Information Policy, Information Technologies and Communications, as well as expert committees of the Russian Foreign Ministry, the Council of Europe and the OSCE in the field of cybercrime. In 2016 included in the list of the most promising entrepreneurs under 30 according to Forbes. Three times became the national winner of the international competition EY "Entrepreneur of the Year" in Russia.
July 17, 2016, 21:14Fedor Bondarchuk (49 years old)
Fyodor Bondarchuk can be safely called "the sexiest Russian director." Firstly, who said that on the threshold of the sixth decade a man automatically loses his attractiveness, and secondly, let's be honest - many of us perfectly understand the choice of 27-year-old actress Paulina Andreeva. During his long career, Fyodor Bondarchuk managed to act in 69 films, and we saw him, perhaps, from all angles. Few people in our country can boast such a delicate taste and an impressive arsenal of impeccably tailored classic suits. Fedor Sergeevich himself has been working hard in the gym for many years to ensure that suits, T-shirts, shorts, and everything in general sit equally effectively on it. With such a figure, as a result, it’s not a shame to act in explicit scenes, and it turns out that he does it even more convincingly than many young actors, who sometimes just want to hug and feed like a mother
Roman Shirokov (35 years old)
Roman Shirokov for many years in a row forced (and continues to force) to follow with bated breath the course of football battles not only for men, but also for women. A tanned handsome athlete with well-defined cheekbones and transparent gray eyes made women study the standings, attend matches and every time know exactly what number he will enter the field. Shirokov, with varying degrees of success, played for the national team at the World and European Championships, and even in 2013 was its captain, but recently the footballer has less and less pleased the fans with his achievements on the field - the team has also disappointed during the current European Championship held in France. Professional and “smart” passes were expected from Shirokov, but, alas, they did not wait. Roman is still in excellent shape and radiates strong sexual energy, so he has no fewer admirers - unlike football fans, he is not so much important the result of the match, how much the process of contemplating the handsome man on the field. True, it is almost impossible to score a goal in the “gates” of his heart - he has been married for a long time and has already become a father twice.
Vladimir Mashkov (52 years old)
In the acting environment, Vladimir Mashkov is called "the last alpha male of Russian cinema", and it is difficult to argue with this characteristic. At 52, he will give a hundred points ahead to any 25-year-old colleague, and young actresses still dream of being in the frame with Mashkov and not only ... It would seem that Vladimir Mashkov should have long given way and the status of a national sex symbol to representatives new generation of Russian actors. He would, perhaps, not mind himself, but ... there is no one. To transform into a tough but attractive oligarch, to save the world in the frame, or at least the passengers of one single aircraft, simultaneously conquering thousands, if not millions of women's hearts with just a glance - so far there is no one to replace Mashkov in this responsible post (even the handsome Danila Kozlovsky looks next to him in every sense of the "junior pilot"), so he has to do everything himself 
Scrooge (Eduard Vygranovsky, 24 years old)
Scrooge is a rapper, not yet very well known to a wide audience, but everyone who heard his hoarse voice and even (even harsh) lyrics already saw a great future in this tattooed guy. We are no exception, so we present you a new hero. Eduard Vygranovsky grew up in Ukrainian Nikolaev, and his childhood, apparently, was very bleak. Before becoming a member of Black Star Inc, he made a living in a variety of ways, but in the end he decided to take a chance and spend all the accumulated money on a trip to Moscow, where Timati announced the recruitment of new artists to his label. Thanks to a successful start in the Young Blood project, the young man nevertheless achieved his goal and attracted the attention of the producers. Scrooge is an ambiguous character. Numerous tattoos on the body and face, impudent look, bold statements in the texts - he clearly claims to be a folk hero, a guy who really came to the microphone from the streets, and from the very backyards. With a difficult fate, negative charm and energy that literally gushing out of him, but this, it seems, is his trick.
Nikita Panfilov (37 years old)
Real popularity came to Nikita Panfilov after the super popular TV series "Sweet Life" started on TNT. His hero is a cynical, successful and attractive businessman Igor, who changes girls like gloves and enjoys life. According to polls of spectators, he is the sexiest character in the project. Outside the set, Nikita Panfilov is a loving and caring husband and father who is sure that the family must be protected, cared for and cherished. In general, he hardly admitted to his wife that he agreed to participate in "Sweet Life", because he was simply afraid of her reaction. Nikita Panfilov began his acting career 10 years ago, making his debut in the series "Adjutants of Love", but his career went wrong uphill for a long time - the producers noticed a promising actor and began to approve roles in almost every second high-profile television project. But the biggest victory for him was the shooting of "Sweet Life", after which Panfilov began to enjoy wild success with women. But, to be honest, we like "Nikita the cynical brutal" more than "Nikita is an honest family man." And I want to believe that the man is simply disingenuous, telling that the vices of Igor Alekseevich are alien to him. However, a good actor, as you know, can play absolutely everything, so we are waiting for Nikita Panfilov to appear on the screen in new bold images. 
L "One (Levan Gorozia, 31 years old)
Despite the fact that Levan Gorozia is not the first day in Russian hip-hop, to put it mildly, fame came to him only a couple of years ago after the release of the track “Everyone dances with their elbows”. Now the artist has a dozen strong hits and thousands of fans across the country. L "One is one of the brightest members of the Black Star Ink music label. His road to fame was long (back in 2008, as part of the Marselle group, he tried to conquer the charts of music radio stations with the song "Moscow") and not easy. However, in the end, the award found her hero - now the rapper has almost no days off, since all days are scheduled for performances.Levan has a memorable bright appearance - it is difficult to call him a classic handsome man, but women love him precisely for his individuality and masculine character, which are visible even from three hundred meters to the naked Another positive quality - this hot Georgian knows how to talk about love in his tracks in such a way that it really touches the soul, but does not turn them into a collection of "vanilla" clichés.
Vladimir Mineev (25 years old)
At the age of 25, kickboxer Vladimir Mineev can boast of multiple victories at the World and European Championships, as well as in other prestigious competitions. He, if necessary, will easily defend the honor of both his girlfriend and his homeland. Vladimir Mineev came to kickboxing as a child - it quickly became obvious to his father that the boy had enough sports anger, perseverance and character to succeed in this area. Yes, and the temperament is appropriate - Mineev Jr. regularly fought at school, and even on the way to the grocery store. The man did not lose - the son quickly began to demonstrate his abilities and in 2008 he already became the champion of Russia in kickboxing. Vladimir takes training extremely seriously - he focuses on the best, and he himself has already achieved considerable heights. And in 2014, he decided to try his hand at mixed martial arts, after which he successfully performs at tournaments of the promotion team (Fight Nights), which even Russian President Vladimir Putin has repeatedly been a guest of. By the way, at one of the fights, Mineev appeared in a T-shirt with the image of the head of state.
Ilya Sachkov (30 years old)
It is generally accepted that young people obsessed with Internet technologies are not at all like the heroes of girlish dreams. The founder of Group-IB, Ilya Sachkov, dispelled this myth - he looks more like a minion of fate and the heir to a multi-million dollar fortune than a typical geek. 13 years ago, Ilya Sachkov suddenly realized that Russia has everything ... Except an organization that would seriously deal with cybersecurity for business structures, and this is an unforgivable omission in an era when the Internet has practically captured almost all spheres of life. Then he, in fact, founded the Group IB company, having neither wealthy parents nor influential patrons behind him - only a red diploma from the Moscow State Technical University. N.E. Bauman. Now Sachkov's clients are state corporations, banks and other serious organizations, which are quite worried about the increasing frequency of hacker attacks in recent years. And the young man earns in such a way that it is time for the owners of oil wells to think about re-profiling their business. At the same time, Ilya differs sharply from the vast majority of at least some well-known geeks - he orders suits and shoes from world famous brands, keeps his beard in perfect condition (even Timati would envy!), Actively goes in for sports, monitors nutrition and willingly gives interviews, and not only business publications, but also glossy magazines. A businessman can be safely called a hero of a new generation - now young millionaires are like that. “How a London dandy is dressed” - these are the lines from the famous “Eugene Onegin” that you remember looking at Ilya Sachkov
Amiran Sardarov (30 years old)
The creator of the sensational blog "Khach's Diary" Amiran Sadarov is a playboy, a dandy, a lover of girls with outstanding forms and, finally... a dark horse. Hundreds of thousands of people subscribed to his Instagram blog and Youtube channel are trying to figure out who he really is. sits on the jury at beauty contests, attends social events and flashes in the news more often than pop stars. The young man ironically calls himself a “khach” and with his bold behavior consistently evokes the envious glances of men and admiring sighs of women. Moreover, he managed to write and publish several books (for example, “There is no freebie: the beginning of the journey”, “A man is always right” and “Dialogues with a genius”), in which he tells what needs to be done in order to enjoy life every day. The girls are delighted with Amiran: young, athletic, hot, impudent (he does not choose expressions), besides, he was a reveler, a merry fellow and a ladies' man - as you know, it is not easy to resist such a "strong cocktail". It is no wonder that under each of his videos or Instagram posts there are many enthusiastic comments from his fans. The blogger regularly changes girlfriends, but it's safe to say that he loves slender beauties with long hair, full lips and curvy shapes.
Mikhail Abyzov (44 years old)
The ambitious Minister for Open Government is unlike most of his colleagues - he has neither a double chin, nor fat deposits in the abdomen, nor a facial expression that conveys eternal sorrow for the plight of the Russian people. He is in his prime, successful, energetic and attractive. Mikhail Abyzov came to the government from business, where at that time he achieved significant success - in 2016, Forbes magazine estimated his family's assets at $ 0.6 billion. He also became the richest Russian minister, having replenished his account by 455 million rubles through the sale of valuable papers. But Mikhail is valuable, of course, not at all with papers. They say that when Abyzov walks along the corridors of the White House, various employees instantly arch their backs, straighten their skirts, unbutton the top buttons on their blouses as if by chance and begin to smile broadly. And one could say that the small bureaucratic world is generally transformed at these moments, but high-ranking employees of ministries and departments (men!) do not like such competition. The beautiful eyes of Mikhail Abyzov, coupled with a slight unshaven, charm and excellent sense of humor, leave practically no chance of remaining indifferent even after the first meeting)))
Ziyavudin Magomedov (47 years old)
If you still think that the most athletic and attractive member of the Forbes rating is Vladislav Doronin (Mikhail Prokhorov has already lost ground), then you probably just don’t know about the existence of Ziyavudin Magomedov yet. The chairman of the board of directors of the Summa group of companies does not arrange public "competitions" with other businessmen, trying to prove to everyone that he has the largest yacht, "the most Hollywood of all Hollywood" friends, the longest girlfriend and the most steel abs. He just has it all. Zivudin Magomedov is not only the owner of an impressive fortune of $0.9 billion, but also a regular participant in various ratings of the most influential and stylish men in the country. And power, combined with an impeccable sense of style - whatever one may say, a sexy mix. The look cast by a businessman literally has a hypnotic effect on the beauties of the capital - and not all the powers that be can boast of this. Among other things, Magomedov, if necessary, can easily pass all the TRP standards - he is seriously interested in boxing and hockey (and even finances the Night Hockey League, in which, as you know, Russian President Vladimir Putin plays), which is noticeably reflected in his physique. Ziyavudin Magomedov is a regular participant in charity auctions, where he spends the money he earns with oriental generosity in favor of sick children and other needy, but he never boasts of it. The only thing that complicates the access of secular young ladies to the body and heart of a multimillionaire with the appearance of a movie star is his marital status. The wife of a businessman, Olga, does not allow strangers into her territory. However, according to rumors, an influential handsome man has his eye on the diva of Russian fashion design (guess for yourself). So far, none of the parties has confirmed this information, so the intrigue remains.
Vasily Smolny (30 years old)
Vasily Smolny worked in different years as a bartender and a DJ, but, oddly enough, a healthy lifestyle brought him popularity and good money. The #maddrying project has become one of the most successful startups of recent years, and its founder has suddenly become the favorite of thousands of women across the country. The idea to plant a healthy lifestyle in Russia, like all good things, came to Vasily Smolny suddenly, and it took root among the people so much that every season there are more and more people who want to join the program. For 2.5 thousand rubles, the man promises to make sure that in a month you will find the body of your dreams if you follow all the instructions. And if you win the vote, you will become the owner of a new "minicooper", a large cash prize or a silicone breast (yes, that's it!). In general, the plan works smoothly, like chimes on the Kremlin tower. The face of the project is, in fact, Vasily himself - young, athletic, handsome. Girls, of course, want to please him, so they train hard and eat right, trying to get closer to perfection.
Anton Pampushny (34 years old)
Actor Anton Pampushny is known, first of all, to avid theater-goers and fans of Russian TV series - he is rarely filmed in a full meter. But the audience could see him in the drama "Crew", where he played a small but bright role of a trainee. However, we are sure that this graduate of the Moscow Art Theater School, similar to the young Michael Fassbender, is still ahead. There is not much information about Anton Pampushny yet - it is known that he was born and raised in Kazakhstan, received his first education there, after which he decided that he wants to become an artist and went to conquer Moscow. So far, the handsome red-haired guy with an open smile has not come to great success, but he does not give up - he improves his figure in the gym, and acting skills - at rehearsals in his native Moscow Art Theater. A.P. Chekhov. Sooner or later, blockbuster producers will give up and believe that he can be entrusted with the main roles in potential movie hits, and the audience (and especially the spectators) will have the opportunity to see him no less than Danila Kozlovsky or Alexander Petrov. Unfortunately for the fans, Pampushny ( like many heroes of our rating) is married. It is noteworthy that he and his wife Monica live in different countries - while he is storming Russian cinema, the chosen one works in Germany. This state of affairs does not bother the couple - yes, the spouses rarely see each other, but aptly. In addition, they are not worried about the joint life, which, as you know, has crashed more than one thousand boats of love.
Group-IB was founded by Ilya Sachkov in 2003, when he was in his first year at university. The business began as an attempt to create a cybercriminalist profession in Russia. For 15 years, the largest banks, the media, universities and state-owned companies began to trust him. Group-IB helps the Russian police, Interpol and Europol catch criminals, and the OSCE recommends them for cooperation. In the new episode of the I'm Normal program, Ilya Sachkov told why he shares work with the state and the police, what to be prepared for when interacting with government agencies, and how businesses can protect themselves from cyber attacks.
Ilya Sachkov, 32 years old
Education: MSTU named after N.E. Bauman, Faculty of Informatics and Control Systems, Department of Information Security
Career: in 2003, founded Group-IB, a cybercrime prevention and investigation company
Number of employees: over 300
Company value: is not revealed. In February 2015, Sachkov said that it ranged from $80 million to $100 million.
Co-owners: In 2016, the company attracted Altera Investment Fund and the Run Capital fund of Qiwi founder Andrey Romanenko as investors - they bought 10% each in the company. At the end of 2017, Altera Capital increased its stake to 25% by purchasing 15% from one of the company's shareholders. Sachkov owns 30% in the company.
Financial indicators: are not disclosed. According to open data from SPARK-Interfax, the total revenue of companies where Sachkov is the CEO is ₽538.5 million.
How did you come up with it?
“I felt like I was going crazy about this topic”
I was born in the Izmailovo district, in the east of Moscow. I studied at school No. 444 with an in-depth study of mathematics, computer science and physics, from which computer science was the best for me. As a schoolboy, I organized military-detective events: lightning, quests, children's games of investigation.
On the 1st course, I ended up in the Botkin hospital, where I had an operation to remove fluid from the sinus of the superciliary arch. After the operation, in a pile of books on the bedside table in the ward, I saw Kevin Mandia's Computer Crime Investigation, which my classmate brought. The author talked about the business in the field of information security, engaged in investigations and computer forensics. At that moment, everything seemed fine, not only the book, but also the hospital room, the neighbors, the uncomfortable blanket - the narcotic effect of anesthesia had an effect.
After reading the book, I realized that this is a combination of detective, analytical and global activities, because it happens all over the world. And in this area you need to think a lot, solve quests, riddles, you are fighting evil on the good side. When I left the hospital and started looking for who in Russia does this, it turned out that no one offered such a service as a business. It became more and more interesting to me. It was the first idea that did not go out of my head for a long time. I fell asleep with her, woke up, read with interest on the topic and did not feel tired. I felt that I was going a little crazy on this topic, and began to annoy all my relatives and friends.
At that time, only the police were investigating crimes (in 2011 it became known as the police. - The Bell). I tried to get there, at the conference I approached the employees of the Bureau of Special Technical Activities with a request to hire me. But I received an answer that I need to graduate from the university, get additional education at the Academy of the Ministry of Internal Affairs, be sure to cut my hair and only after that come to work.
How was the team formed?
"We played detective agency"
I told my classmates and former classmates about my idea. After that, a team gathered, which agreed to try to play cybercriminalistic detective agency.
At first there were 12 of us, a year later there were six. Then people began, on the contrary, to increase, and as a result, those who are already interested in this specialty remained. My story about founding a company was not about making a business, but about trying to make this profession in Russia.
With the co-founder of Group-IB Dmitry Volkov, we studied on the same course at the university. We met by chance, near the monument to Bauman. I heard him talking about information security. After that we started talking. Over time, I told him about the idea of the company, he liked it, we began to create it together. Volkov first headed the investigation department, now he is the technical director: he is responsible for our technologies, their development, and the interaction between our developers.
Dmitry Volkov
Now our company employs about 300 people. The average age is 26–27 years, more than 30% are girls. All of them have intolerance to computer crime and desire to do something good with their work, technology and engineering thought, change the world and be happy. The specialties that we need are often not taught in universities. Therefore, we either train employees ourselves, or they received this knowledge from books. I think over time the composition of the staff will be even younger, because the children of the future will understand what they like to do even earlier and go to real work earlier than wait for graduation from the university.
was Ilya Sachkov when he founded the company
returned Group-IB to clients for 16 years
investigations done by Group-IB since 2003
countries operates Group-IB
Our biggest problem is finding employees, because there are few smart people in Russia, and even fewer of those who understand our topic. When applying for a job, we check potential colleagues on a polygraph, if necessary, we carry out a point system for evaluating, legal provocations and many other funny surprises that you should not know. But thanks to this, our client is always sure that the information is securely stored in the company. None of our employees has experience of informal communication with crime and with law enforcement agencies. We, as after checking on the plane, trust each other. And at the time of the flight we are still checking. The main thing is that a person shares our values, corporate culture and is open to development.
We compete with the fact that few companies manage to combine engineering with crime fighting and that it helps very large clients like banks, telecommunications companies and the media.
Where does the money come from?
“At first we didn’t say anything about our preparation”
I took the money to start the company from Dima Sachkov's older brother. It was $5000. We spent them on computers, books, mini-laboratories and equipment. Dima's friend was the first client, we had to find a person who wrote anonymous letters to one company. And we coped with this task.
At first, we did not say anything to our clients about our preparation. And we did all the first investigations according to textbooks, not really understanding how to do it correctly, but we were lucky that there were no legal and formalistic errors. At the very beginning, we did more investigations than we do now. Sometimes we relax a little and forget what can be done with more perseverance. I am constantly teaching our Investigation and Analytics department the way it used to be in the old days when you could do a little more.
What is the business about?
"Following crimes that haven't happened yet"
Group-IB is engaged in the prevention and investigation of cybercrime. We collect big data about viruses, domain names, IP addresses, nicknames, and analyze traffic. Based on this data, we can predict attacks not when it is in the explosion stage, but when it is just beginning. This allows many crimes to be prevented at the stage of their preparation, to understand who commits them, to use them very correctly in risk management, and to save money. The most important thing is that we save time, our client can pay attention to what really can happen to him. Because it is impossible to protect yourself from everything.
phishing attacks per day were committed in Russia
damage from phishing
In general, our general technological line is the study of crime, monitoring it and the processes of detecting crimes that are not yet known, but which can happen to clients. That is, the investigation of unknown viruses immediately with an understanding and description of who can do it. We release several of our own products for monitoring, detecting and preventing cyber threats, as well as protect blockchain projects, brand, reputation and copyright.
On the most important investigation for me, the trial has not yet ended. But in general, I like to take part in them on my own, at least doing some of the analytical work. In my favorite investigation, I was the partner of our specialist. It was not in Russia and was reminiscent of the True Detective series. Everything was like a movie: beautiful, professional, according to plan, and when we flew back we could play the final credits, that everything worked out, and after that we could have a glass of wine.
How did the company develop?
“For the first time, we combined the work of an analyst and a forensic specialist”
In the beginning, they learned about us through word of mouth. For many years I went to the Polyus camp in the Moscow region, after which I left a lot of friends. My brother and partners also had many connections. And every day we brainwashed everyone about what was open. Then we launched sites related to forensics, with investigations. And due to the fact that no one was doing this in Russia, the sites were quickly indexed on the Internet, and we were on the first pages of search results on the subject of investigating computer crimes.
At first, we combined the work of two professions - an analyst who looked at how a person acted before a crime (for example, from which server the letter came from), and a forensic specialist who did an examination of equipment (for example, analyzed a computer after a virus attack).
About how and why Ilya Sachkov began to work with the police, how Group-IB entered international markets, see the new issue of the I'm OK project.
How to build a global company from Russia?
“Maybe we will suffer for our engineering neutrality”
It is possible to build a global company from Russia, but it is wildly difficult. Group-IB has always strived to work globally, realizing that good technology can only be made if you compete with the strongest players. This also inspires engineers if their technologies are not used in Russia. If you truly observe engineering neutrality, your products are used, politics does not interfere here.
If we were given a computer that suffered from an attack, they told us to analyze a virus, a hacked site, an anonymous letter, then we will go to the end and do all the analytical work, transfer it to the client and, at his request, to law enforcement agencies. What happens after that is none of our business. Our task as an engineer is to parse the attack and, if our technologies are used, prevent it.
If a company starts making some exceptions for someone, it instantly loses its independence, it becomes impossible to turn it into a global company. All US global cybersecurity companies are heavily affiliated with one party. They don't see much of what they need to see. We don't do that. Perhaps someday we will suffer for this, we will be closed for this engineering neutrality.
How to protect your business?
“We need to take cyber threats seriously”
Cybercrime in Russia is primarily aimed at monetization. The most popular crimes are the theft of money through Internet banking, from cards, using phishing and social engineering. These can be attacks on ATMs, theft from legal entities, targeted attacks on the banks themselves using ransomware viruses.
There are three recommendations from me on how a business can protect itself from cyberattacks. First, take computer threats seriously, study them at all levels of the organization (top management should be aware of this risk, because information security now concerns mobile phones, personal laptops, systems in the house). Secondly, you need to constantly fight and repel attacks with the latest methods that criminals use. Thirdly, when choosing a cybersecurity company, you should not rely on good marketing, but look at what engineering technologies they use.
stolen as a result of cybercrime in Russia
1–2 banks
attacked in Russia every month
average cyber-robbery damage
Many Russian companies, relying on the technologies of American companies, make a big mistake, because they do not know anything about computer crime in Russia and on the territory of the post-Soviet countries. Accordingly, we can teach US companies how to defend themselves.
About Russian hackers
“Many learn Russian to understand hackers”
Russian-speaking hackers are not all-powerful, but strong enough. This is one of the first largest computer crime communities in the world, which was formed after the collapse of the Soviet Union. 80% of cases handled by Europol are related to Russian-speaking computer crime. The specialization of Russian-speaking hackers is the invention of new schemes, new viruses, new interesting vulnerabilities.
The school of hacking is strong because after 1991 a large number of people with good technical knowledge found their way into this area and created platforms for communication. They are mainly engaged in financially motivated crime. Many foreigners study Russian in order to understand what a Russian-speaking hacker is doing.
Major mistakes?
"I want to find an inner balance between good and evil"
I was very kind to the employees, I trusted the masters from the market - I hired very cool people without checking them first. I used to sleep little, in the long run this led to a decrease in efficiency. Sometimes I am too cruel and I can offend a person because I love him very much, but to tell him this is not at all with words of love. I want to find some balance between good and evil within myself.
The main right step
“I see burning eyes and get inspired”
The best thing I do now is to give guys like me 15 years ago the opportunity to implement their own ideas. And when I see these burning eyes, it inspires me and gives me confidence that my work will be continued. And their main discovery in a few years will be to find the same burning idea of people. The mistake of most Russian large companies involved in computer security is that they did not do it on time.
How has it changed?
"I'm disappointed in the world"
Years in business changed me a lot. First, I have learned to say "no" but have not forgotten how to say "yes" to many crazy ideas. Of the latter - the robot "Killer", which finds insects in the room and kills them with a laser beam. You can do this from the app or automatically.
I became tougher, but I retained the romanticism and confidence that everything is possible, but with life experience I began to land it more on reality. During these 15 years, I have seen so many bad things that, on the one hand, it is scary to find out how many terrible people there are in the world, but, on the other hand, it inspires us not to stop our work.
I was very disappointed in the world, not knowing that there are so many bad things in it. But when I see how the team works, and the smiles of the people we helped, it gives me a lot of strength.
What if not a business?
"I want to do child education"
I love doing sports: running, fighting (muay thai, wrestling), yoga, pulling up on the horizontal bar and participating in the race of heroes. I go to the gym, but it's to be in shape, it doesn't bring me pleasure.
I love working with children, I often go to work as a counselor at the Polyus camp. In the future, I would like to create a new system of children's educational camps and engage in children's education. Make it so that children become happier while learning, so that it helps them choose a profession and remember their childhood not as an endless series of studies and preparation for the university. When I work as a counselor at the Polyus camp, I feel a huge return from the children. I was not the smartest person in the class, but thanks to the Pole, I got the skills that allowed me to achieve much more in communication, humor, the ability to speak in front of an audience, friendship and overcoming betrayal.
I also love animals very much. I have two cats living at home - Cooper and Diana, named after the names of the characters in the TV series Twin Peaks.
I care about animal cruelty. At work, there was a series of investigations related to flayers, and I realized how many people are involved in this. They usually look, go to work, are not monitored by anyone and are not treated in a hospital. By the number of registrations on the forum, by the number of people who post videos, by transactions in cryptocurrencies for buying something, you can understand how many such people are. And as I involuntarily delved into this topic, I thought that this is actually super dumb. I don't think I'm afraid of death, but I wouldn't want to end up with such a flayer. Such a death, from these people, I would be very much afraid. They are just sick.
What's the problem?
“I want to learn how to live in an emotional gap”
For me, the main difficulty is to combine the current reality with the visualization in my head of the future, this is an ongoing process. On the one hand, it greatly develops the company. On the other hand, it’s hard for me to be in the moment and imagine how it should be. I want to learn how to live in this emotional gap, because it creates a lot of things, but something inside me dies. I want to avoid it.
Where and how to study business
What business to open in a crisis
Who are your potential customers and how to find them
How import substitution stimulates Russian goods to change Marketing in the era of import substitution
The most profitable production for small businesses