Elvira Nabiullina imposed a fine on Energobank’s cyber intelligence experts

A revenge of a dismissed employee?

The investigation of Energobank hacking when the financial institution has lost almost 243 million rubles at currency trading because of the actions of a broker on MICEX is continuing. Deputy chairperson of the Central Bank of Russia Sergey Shvetsov said that the investigation of hacker attacks on PJSC Energobank in February of last year, according to news agency Prime, did not led to the identification of its customer. According to Shvetsov, neither Energobank, nor the regulator or an outside hired firm did not find out who could gain money from volatility on the currency market. Therefore, the chairperson of the Central Bank suggested that the purpose of the attack on the bank was a revenge of one of the dismissed employees.

'An outside hired firm' itself does not confirm the version of revenge of a former employee. The expert examination was conducted by the company Group-IB, which became a resident of Innopolis last year.

'It's hard for me to comment on the information received from the Central Bank, but the results of our investigation have shown that there had not been actions of the dismissed employees,' told Dmitry Volkov, the head of Group-IB cyber intelligence department, to Realnoe Vremya.

'Successful Corkow group'

Dmitry Volkov: 'It's hard for me to comment on the information received from the Central Bank, but the results of our investigation have shown that there had not been actions of the dismissed employees.' Photo: fomag.ru

According to Dmitry Volkov, last year Energobank itself applied to Group-IB for expert analysis, as well as to the law enforcement agencies. And earlier the company had already announced some results of its work. In particular, Pavel Krylov, the head of product development department at Group-IB, the 'outside hired firm', mentioned 'successful Corkow group' that gained access to computers of Energobank using Trojan.

Dmitry Volkov confirmed this information to Realnoe Vremya:

'Initially, this group was suspected. We reportedthe results of our research a week ago. We agreed that some of the information can be published.'

Fine for concealment

However, the Central Bank for some reason not only disregarded this information but also imposed a fine on Group-IB at 500 thousand rubles for violation of the law on insider information. At first, the announcement appeared on Twitter.

Then Dmitry Volkov confirmed the information to Realnoe Vremya:

'The expert personally bears criminal responsibility for the disclosure of materials that had been submitted to him for analysis. In the request from the Central Bank it was written: 'Request to provide all the information available at the moment' without justification for providing these data. The law also provides that a request for the provision of such data needs to be motivated. At that time, we considered that there was no motivation in that request, except for the reference to the law on insider information. Therefore, to provide information concerning the criminal case… this information was not provided. That's why we got the fine.'

Energobank commented on the situation rather dryly: 'AKB Energobank (JSC) has no information about the completion of the investigation on this incident. As for the versions and information on the Group IB, we would recommend to contact directly the Bank of Russia or the company,' says an official reply of the Bank to Realnoe Vremya.

The Bank of Russia has not commented at the moment of publication.

'Cyber witch hunt' of the Bank of Russia?

Interestingly, the statement about a revenge of an employee in the Energobank case was said against the other sensational statements of the Central Bank regarding hacker attacks on banks. First Deputy Head of the Bank of Russia Georgy Luntovsky suggested about the possible use of the mechanism of hacker attacks to transfer funds out:

'We assume that financial institutions use this mechanism in order not only to conceal the previous crimes or mistakes but also to transfer money out of the bank. We are worried about it.'

Georgy Luntovsky: 'We assume that financial institutions use this mechanism in order not only to conceal the previous crimes or mistakes but also to transfer money out of the bank.' Photo: finparty.ru

It is still not clear why the Central Bank thinks that the bankers themselves have a hand in cyber attacks. However, this is a serious reason to think about for all representatives of the banking sector. The bankers themselves have the same opinion.

'Now, the Central Bank is making great efforts to improve the security of banks against hacker attacks, various requirements for banks are being tightened in this direction. And the banks themselves should trouble of their money,' told Rinat Abdullin, a chairperson of Altynbank, to Realnoe Vremya.