Sergei Yarets is free

“If the FBI, Interpol and the” K “arrived, they have something on me.” That same hacker known as Ar3s from Rechitsa for the first time talks about his case with facts and numbers.

Sergei Yarets, known as a “hacker from Rechitsa,” says that his case, the trial of which was August 9, is an example of how an elephant can be inflated from a fly. I admit that I read with horror of myself as “one of the most prolific cyber criminals in Europe”.

“In the jail they said: if you were shown on TV – you can not get off with the” convention. ” And I was shown four times. Labeled in articles. It is clear: journalists need views. Who then thought that the judge, after reading all this, could easily throw an “outstanding hacker” a year or two ” Sergei notes with vexation.

Here a bit of Sergei’s background and history:

Sergey Yarets was born in 1983. He worked as a chief engineer in a local television company. He was an administrator on the forum damagelab, where he was known by the nickname Ar3s. For three years until December 2015 he was engaged in technical support for the loader Andromeda, which was considered “one of the largest botnets on the Net”.  Was detained on November 27, 2017, officers of the Investigative Committee of Belarus and the “K” Directorate of the Ministry of Internal Affairs jointly with the FBI and Interpol. He was accused first of part 2, and six months later – in part 1 of Article 354 of the Criminal Code (“Development of computer programs or modification of existing programs for the purpose of unauthorized destruction, blocking, modification or copying of information”). On August 9, the Rechitsa District Court passed a verdict: Sergei Yarets was found guilty, he payed the fine of 120 basic units. Since before that Sergey spent about six months in jail there is no need to pay the fine.

“I went to FidoNet, as other children go to the circus”

– Computers I got carried away in school. His was not – wander with friends on acquaintances. There were no literature either. I remember, my teacher either bought it, or took someone else’s time for a book by Figurnov “IBM PC for the user.” I went for her for two weeks – she begged me to read. In the end, she lent me a book for one night. I did not close my eyes, read with bingo, and outlined the most interesting moments.

These were the times when the world changed before our eyes: new technologies appeared. Mother said: “Son, go to the surgeon – and you will do good, and without money you will not remain.” And I wanted to become a computer technician.

I collected my own computer myself: I saved up money – a mad sum for $ 400 at that time, I went alone, without parents, to Minsk and bought necessary spare parts and components. Happy was immensely.

Already a PC user, I joined FidoNet. From this, my interest in “dark” began, as they were called in the articles on my case, forums. Fido conducted echoconferences and discussed safety issues. I went there with the same feeling with which other children go to the circus: literate techies willingly shared knowledge, told how things were arranged from the inside, uncovered the relationships – and I watched, read and absorbed like a sponge.

Yes, I was still a schoolboy, but in FidoNet everyone was without age. There were real experts in their business, or, as they were called, hackers. They studied the systems, found them vulnerable, and not only wrote to the administrator about the gaps in the system, but ideally also sent instructions on how to close it. Experts of the old school, in a word.

“A good expert is always a good burglar”

Sergey Yarets (Ar3s)

– With the spread of the Internet began a real forum-boom. I somehow got to the forum, which later became damagelab, – and stayed there for a long time. Young people between the ages of 14 and 17 discussed such complex technical issues that I was a bit embarrassed. I understood: here I have much to grow.

It is worth explaining why I was interested. I often set up the protection of different systems, and wanted to know how the “attack” works. And I’ll note this: if some cyber security expert tells you that he’s all right himself, do not believe it! A good expert is always a good burglar, he knows the kitchen from the inside. They just do not talk about it.

Years passed, on the damagelab generations replaced, and there were fans – those who lived it. At some point, the administrator who led the forum, said that he was closing it – he was tired. I suggested that he give me administrator rights so that damagelab could live on.

Hacker forums are constantly attacked, and to fight back, I had to pay for bulletproof hosting and domain, for a certificate that can not be bought for real. The sums were shot at-from-such. Sometimes they were not even compensated by advertising.

The press wrote that I was invited “as an independent expert” to evaluate malware. In fact, I did the usual reviews, so that users do not fall for the bait “threw”, driving tyap-lyap-stuck products, including ours on the forum. With the owners of the programs agreed: I write only the truth, if I find faults – I will not keep silent, but I will also tell about the advantages.

So I got acquainted with the developers, who subsequently detained the FBI and Interpol. Unusual people, I must say. Not like everyone else.

“DDoSers are the most unbalanced people I know of all”

– At one time damagelab was known as a cyber laboratory and as a “buy-sell-forum”, but when I became admin, we left dangerous topics. Under the ban, for example, was carding: I cleaned the forum of messages of this kind and promised that each creator of this topic will receive a “bath” and fly away from the forum.

I did the same with the DDoS theme. DDoSers are the most unbalanced people I know. They are sure that they can “fill up any site”, they pretend to be super villains, but in reality it is a bunch of youngsters experiencing difficulties of transition age. I’m not interested in such people. After removing them from the damagelab, I made sure that I did everything right. More than two months they bombed in revenge forum – it just did not go up.

A group of developers formed around those that I developed and supported. It is generally accepted that if a programmer is sitting on a hacker’s forum, he writes malware – but that’s not true. We have cultivated low-level programming at the forum, but there are very few real experts in this.

The last few generations of members of the forum did not impress me, the general level fell: people came only “to quickly cut the dough.” They did something that they wrote inaccurate, and then they started selling it, they threw themselves into the pit, like carding, such dirt as lockers and encoders did not shy away.

I figured them out after the fact, when I read on some site, that there was a new utility with such flaws. And I remembered about the user who asked the forum about this function, and about this, and made exactly the same mistakes. With a probability of 99.5% that was him.

Now in all forums it seems with great sadness that young people do not want to learn. This can be seen from the posts, according to reports. They want quick money. And it’s very annoying.

Andromeda hacker Ar3s

Acquaintance with the author Andromeda: “Loaders sellers never detained”

I’ll tell you how I got acquainted with Waahoo – the author of the loader Andromeda. He came out the winner in the hack-quest, which I conducted at the forum. I expected that the quest would last for a maximum of 24 hours, but the participants performed tasks for more than three days – it was hard and interesting.

By that time, Andromeda already had a name, and Waahoo had an unlimited number of customers. He turned to me with a proposal: they say, I can not do it all by myself, let’s continue the development, and you will get technical support and get a percentage of the sale.

I have been in this environment for a long time: I saw what kind of money people made, what things they did, and they ceased to perceive the loader as something dangerous. Yes, through this harmless program you can run more severe malware, but then my conscience is clear, I reassured myself.

Yes, I did it for the sake of money. Officially, I earned $ 300-350, I barely had enough to live, and then my little daughter was ill so that my wife did not go out with her from hospitals.

I understood that I was walking along the edge of the razor: I was encrypted, I used security systems, but I knew that there were places where you can not clean up after yourself – traces remain with everyone. In addition, I was somehow reassured by the fact that the sellers of loaders were never detained in my memory. Not the scale!

Of course, we watched the stories with loud detentions. They discussed: “Damn, but that’s what a blunder in the defense!” – Together they decided how all this could be avoided. And those whose errors we discussed, often themselves were from our forum.

Everyone wants to have his secret, Zorro’s mask in the closet between the T-shirts. My secret was my “shadow life” – and I liked it.

By the way, I still have a question for those who called me “the most prolific cyber criminals in Europe”: guys, what did I do that so much? The software did not release, mostly wrote reviews, but there are thousands of them every day – there are a lot of bloggers.

Work with Waahoo: “When he went into drinking, a genius woke up inside him”

I worked with Waahoo from 2012 for three years. In articles he is called a “crazy alcoholic.” Yes, he was drinking – but this is not a reason to insult a person. When Waahoo left for drinking, he woke up a genius. He wrote amazing things in this state – no one could have thought of such a thing.

There was a case, he released a new version. I wrote Waahoo to fix one function, “but in general everything is fine.” And he answered that he can not understand how it works: according to all laws of programming it should not. You see, in a normal state, he could not understand his own code.

I respected him as a professional. And yes, we have not met – on hacker forums this rule: less you know, you better sleep. During the investigation, I was asked to name whom of the local hackers I know. And I answered honestly: “No one.”

– And maybe we’ll go to a polygraph?

– Come on!

I did not bend my heart. Sometimes it was possible to guess where my members of the forum live: someone was skipped by the Ukrainian “i” and “sho” or Russian “chi”. But these are only my guesses.

Initially, a provocation from Dzhigurda, and then: “Men came to check fire extinguishers”

– Do not think that it was easy to handle Andromeda technical support: once – and in your pocket 250 bucks (I earned half of the sale). I came in the evening from work, turned on the computer – and all the rest of the time I solved the problems of clients, mostly English speakers. At one o’clock in the morning he came staggering to the bed, falling and falling asleep. And exactly at 7:00 the alarm clock rang – and my daughter had to be taken to school. And so three years.

I was exhausted completely. And when Waahoo disappeared again, I closed the project.

On that memorable day, someone wrote to me under the name of Dzhigurda. He wanted to buy Andromeda back in early 2017 – getting me requests, and when I refused, I asked to give him at least a piece of Andromeda source code, so that I could show my programmer. Brought my brain for a month, until I agreed to cut some pieces.

And now he drew again: “I need another piece of code – a builder”. I knew something was wrong here, I answered evasively: “I’ll look.” “And how much will it cost?” I wrote from the bald: “300 bucks.” And then the watchman comes running to me: “There came some men. They said fire extinguishers check. ” And my check was just the other day – everything is in order. I’m leaving. There are two big guys in overalls: “Are you that kind of?” – “Yes, he is.” Arms were bent behind his back, handcuffs were put on and back led to the office.

Further, so many people have flown into my office, as there was no one there: one of the FBI, one of Interpol, three people from the main investigation department of the UK, and as many from the department of “K”, no less than five riot police. And someone else went.

Ironically, there was a pile of equipment in my office: the mountains of winchesters, old, broken computers – go figure out what’s involved in the case, and what’s not. Department “K” wool my working computer, but there’s nothing: I kept it on another computer.

Four hours later they said: “I’m tired! We take everything that is here, we will understand. ” Nearby hardware – if they disconnect the server, people with whom I worked side by side for 15 years, will be left without work, and the whole city without television for three to four weeks. I raised my hand and said: “You do not need to confiscate equipment. I’ll tell you everything and show it. ”

That’s how I began to confess. We had a friendly team, and I did not want, because of me alone, the fool, there were problems at all. I still face these people. Besides, I already knew perfectly well that I would not get out: if the FBI and Interpol arrived, and the “K” department, they had something on me.

“The FBI decided that I was at the head of the attack”

– That same night I was taken to Minsk. The temporary insulator was too lazy to get the instep arresters – they just took the shoes. And I walked barefoot on concrete, which immediately povylazili chronic diseases.

Immediately after breakfast, I was taken for interrogation to the investigator. Then they put them back in the paddy wagon – sometimes I sat there and waited there for three hours, sometimes five, and in the courtyard November, it’s cold. After lunch, the Feeberozer talked with me. He asked how I chose my nickname, how I got carried away by computers – about anything, in short. I expected that it would be a toothy technician who would press me, press people and ask questions about Andromeda, but it was not like that. The investigator showed himself to be a much more competent specialist, and, unlike him, asked questions about the topic.

Three days later, I was transferred to Volodarsky (a remand prison), and I did not see the Feybuev. But before that I learned a lot of interesting things. A very long time a participant of one English-speaking forum with the nickname Old Warrior wrote a builder for our product. And this version began to be used right and left. With this Andromeda, as I understand it, the Trojan was also loaded, which caused the epidemic of banking software in the States. The FBI decided that I was at the head of the attack.

I told the FBI: “I do not know anything about this. Here even my clients do not have to, because they did not have access to the builder – I closed everything up. ” He answered: “It’s okay, we’ll find out!” Do not even know, found out.

To be honest, I was most annoyed that I allegedly stole 10 million dollars in the States. All in a row wrote about this. The amount of something beautiful! All in my entourage only said: “You’re with the bubble!”. And I did not even understand where my legs grow from.

By the way, I asked a question to the FBI:

“Why did you come just now?” The project has been closed for two years already, there are no sales, – the answer was brilliant:

– It is far to go to Belarus

Prison weekdays and probable period: “Yes you, seven are a good number”

I just “stopped by” in the cell, and immediately the question:

– Who are you? – I called the article, as the name suggests. I already explained how to present myself.

“Who took you?”

– FBI and Interpol, department “K”, the main investigation department …

– Well, well, how!

And then a week later there was a story in “Zone X”. The face is fouled, but in the plot I was in the same brown sheepskin waistcoat that was on me on the day of “arrival”. And now there are 14 people besides me, they look at the screen, then they translate their eyes to me, again to the screen, and again to me: “To fuck, so you did not drive ?!”. Nobody believed, thought, the next storyteller. But it turned out, everything is true.

It was terrible the first two weeks. I did not realize until the end that it was happening to me: it seemed that I was just watching a movie in 3D. But gradually began to master. In prison like to “joke” – when some newcomer asks: “And what will I get for this?” – you answer the same thing as you said: “Yes you, seven are a good number.” At once it’s wild, and then norms. This is such a local sense of humor. Although as much could shine to me, and even more – to ten years.

Initially, I was charged with the second part of the article, which refers to “especially grave consequences.” I found comments on my article, and it was listed there that it was “a violation of governmental and intergovernmental communications, postal communication, consequences that caused an environmental catastrophe or the death of a person through negligence or as a result of inaction.”

We with the lawyer asked the investigator why I have the second part, and not the first, if there were no particularly serious consequences. And he answered: “Well, I’m sorry, you have 10 million infections.”

We with these millions of infections “butted”, as they could. The press wrote that I had taught many investigators. Yes, I actively try to speed up the process. He said: “Guys, to prove this, look here. To perform the examination, you need to disable Andromeda protection: do so-and-so. ” Each examination is two months. I understood: if everything lasts for a year, I’ll go crazy.

A week before my term of imprisonment came to six months, the case was re-qualified, and I was sent home under a subscription.

Court and verdict: “There is no need to pay anything. You left at all to zero! “

At home I sat like a mouse, even trying not to go out into the street. Then there was a trial. The judge picked me up and said that there were many written in the matter, but he would like to hear this story from me.

He listened very carefully, and when I finished, he said: “It’s different now – everything has become clear!”. I think he was just interested in human beings.

When the judge announced the verdict: such and such a fine, and such and such, and many more words – I was like in a fog. “Do you understand?” He asked me. I only shook my head, pretending that I have no conventions, because I have already served six months.

We leave from the hall. My lawyer is joyful:

– You understand? Do you understand? – And I think about where else to find 1,5 thousand dollars (I’m not sure that this is the right figure, at that moment I rudely counted) to pay a fine. Even before the trial, I paid all the “illegally obtained income” – all the amounts that appeared in the case. He climbed into debt, but paid off everything to a penny. And now I was not happy that I had left, but I thought only: “Where can I get money?”

The lawyer realized that it had not reached me yet, and explained:

“You do not need to pay anything!” You know: the more severe one absorbs the less severe. You left at all to zero!

And here I was covered. Sometimes things happen in life when you think that you were born again. I had such a feeling – it seemed that behind my back wings grew, I flew for about two days. I could not believe that everything turned out, because it started with something from the ten years of the zone.

About the fate of Waahoo and members of the forum: “At first I was afraid that they would make me a duck from a duck”

About the fate of Waahoo I do not know anything. At the final acquaintance with the materials of the criminal case, I found in the file the name of a person who could hide under this nickname.

Despite the fact that I remembered her, I did not try to find and contact this person. Thank God, he left his punishment. Yes, in debt, as in silks, but at home, with the family. Waahoo probably read about my detention: they wrote about this everywhere.

At first I was very much afraid that they would make me a duck from a duck – they would force me to write to friends something like: “I have problems. Come! “To go out on someone from the hackers. Zen of calm overtook me that evening, when the “Zone X” came out. I realized that no one will respond to my message any more, because it will think that this is a setup.

The investigator asked the next day:

“Why are you in such a good mood?”

“You understand, from that moment on I will not be able to substitute anyone, even if I really want to.”

Microsoft’s moral damage is $ 10 million and “not a single victim in the States”

– On the Internet, they wrote about some allegedly “stolen” $ 10 million. Getting acquainted with the materials of the case at the very end, I finally realized what kind of money it was.

Microsoft has issued a “reference” that Andromeda’s actions have struck a blow to their reputation, and they demand moral compensation from me in the amount of $ 10 million. That’s what was said in 5-7 sentences on a piece of paper, signed by some regional manager of Microsoft. And I always wondered: “Where did this amount come from?”

But here’s the paradox, my investigator told me that he turned to the FBI:

– Guys, how many infections do you have?

– Up to four million a month.

– Give us 20-30 victims with certain amounts – we will include these materials in the case.

They long twisted and mutilated – as a result, in my case, a document appeared that in the United States one computer was infected, from which an attempt was made to transfer money from a bank account for $ 19,000. But the transaction was rejected in the bank, and there was no theft . And in the end I do not have a single victim in the States.

And in the CIS, I could not have them, because I did not want my product even indirectly gave the opportunity to steal money from our people – we all live in the same way. Therefore, we introduced a restriction: Andromeda did not run on those computers on which Russian, Belarusian, Ukrainian and Kazakh languages were installed.

And now add up all the pieces of the puzzle together: everything that was written about in the press, I did not do, and there was no damage. To Microsoft Corporation I have many questions: their antivirus from the first day determined Andromeda in memory for one or two, without any problems. So where does the damage come from? Where does 10 million infections come from? Most likely, the attempts of infection blocked by the antivirus were taken into account, and this is another story altogether.

On the security of data: “Google Corporation, without a long thought, issued my FBI addresses”

I think that I have been ordered to go to the States and Europe. There are fears that if only I cross the border of Belarus, I will be immediately led by the hands to find out where the 10 million that Microsoft requires of me.

But nothing, but I came here on LVEE – I’ll tell you how easily Microsoft, Google and Facebook give out data to people, and how to get rid of these data.

When you say to friends: “You have Android – you are followed” – they often reply: “So what?” Yes, “so what” until it touches you directly. But in fact, this applies to everyone.

The trend in the modern world is that the settings are hidden further and further, so that you do not restrict, do not prohibit the collection of information – did not go there at all. And I want to show today at the LVEE conference where you can see which application is “able”. And at the same time tell about your experience of life “without Google”.

A huge amount of information is collected. If earlier I thought that the “good corporation” Google adheres to its principles, and for some “Andromeda cause” will never give out information about me to the FBI, it turned out that it happens simply by clicking.

When the FBI came to detain, they knew everything about me. They somehow argued that I kept everything on the server that was registered to my name and phone number. But I remember exactly what the data indicated. Just someone took and entered the necessary data – and then they were provided as evidence.