Petya's rage

Could the Russian oligarch Vladimir Petrovich Yevtushenkov be behind the attack of the Petya virus?
30.06.2017
Versia
Origin source
June 27, the world was struck by the attack of the computer virus Petya. The authors of the program have not yet been established. Maybe because the law enforcers look wrong? Unexpected version: in fact, the purpose of hackers, it seems, was not extortion of money, but the concealment of traces of crime on specific computers. We are dealing not with a virus-extortionist, but with a virus-destroyer. And it seems that Peter and Petrovich should not be named after the patronymic of the head of AFK Sistema, Vladimir Petrovich Evtushenkov.

On the attack of a new cryptographic virus with the frivolous name Petya, which blocks computers with the subsequent demand to send 300 dollars for the unlocking of data access, it became known on the afternoon of June 27. The attack was global in nature - in India, for example, the work of the largest cargo port was hampered. However, most of all and, as is typical, first of all, Russia and Ukraine suffered. In Russia, the virus managed to get into the internal networks of the largest oil companies - Rosneft and its controlled Bashneft.

However, unlike the WannaCry virus, which attacked the world two months earlier, Petya was not able to greatly enrich its authors, which now some analysts even emphasize with a bit of gloating - they say, extortionists managed to collect only 8 thousand dollars. However, apparently, this is the case when the trees do not see the forest. So let's try to take a close look at the situation together.

Medoc with a systemic odor

After only half a day after the attack began, the American magazine Fortune was the first to report that the source of cyberattacks, judging by the conclusions of computer analysts, appeared to be the Ukrainian company MeDoc, which produces computer programs for business like the Russian 1C system. Here it should be noted: Fortune - this is not some tabloid leaf, but a business magazine competing with Forbes. That is, he answers his words. However, if to be formalists, MeDoc is the program itself, the developer of which is the company "Intellect-service". But these are the details - what's more important is that the same statement was made by the cyber police of Ukraine. And later, the presence of the Ukrainian trace was confirmed by the Federal Office for the Safety of Information Technology in Germany.

Now about why we pay this attention. The fact is, among the few potential customers of Intellect-Service, knowledgeable people call Vodafone, one of the largest Ukrainian mobile operators. What is Vodafone? If you go to Wikipedia, you can find out - this is one of the largest mobile operators in the world, originally from the United Kingdom. However, as you know, the devil is in the details. Even before the autumn of 2015, the company, now providing communications services to Ukrainians
Under the brand Vodafone, was called ... "MTS Ukraine". The owner of 100% of shares of which for many years is the Russian MTS group, which thus "disguised" itself in Ukraine. And MTS is one of the key assets of AFK Sistema - the corporation of the notorious Vladimir Yevtushenkov. A joint project to develop software with the Mikhailovsky Bank is Sistema's largest foreign investment.

The oligarch on the nerves

Probably, we would not have paid attention to this fact, if not for one circumstance, which it is simply impossible to ignore. The virus attack started exactly at the very moment when a hearing began in the Arbitration Court of Bashkiria on the suit of Rosneft against AFK Sistema, and this was the first hearing on the merits of the claim. Recall that the country's largest oil producer requires the company Vladimir Yevtushenkov to pay 170 billion rubles in compensation for losses incurred by Bashneft during the period when it owned Sistema. According to the plaintiffs and numerous observers, knowing that Bashneft, which illegally got to her, would soon return to state ownership, Sistema milked it, like a collective farm cow. Vladimir Evtushenkov, however, does not agree with this, assuring that Bashneft, on the contrary, blossomed and smelled, and therefore he should not pay anything. But the court does not seem to trust the oligarch's words too much: on June 23, Sistema's assets worth 185 billion rubles were arrested as security measures. Including 100% of the network of Medsi clinics, 90.47% of the Bashkir Electric Grid Company (BESK) and 31.76% of MTS shares.

For Evtushenkov this is not just a shock - against the background of the court, according to Forbes, his fortune has already decreased by $ 1.5 billion: in fact, the oligarch has lost almost half of his capital. And, it seems, he understands that this is only the beginning. The court's decision to pay Rosneft compensation will be the last crushing blow to the empire of Evtushenkov, so successfully grown in the "dashing 90s".

If you are used to living like a padishah, and now on the horizon there is a real opportunity to go bankrupt, which you just will not go. Especially when you realize that it's legal, it seems, nothing can be done, because the past sins that are being brought to light today seem obvious to everyone. It seems that it will be a colossal sum to pay for the looting-reorganization of Bashneft. Realizing this, the system could do nothing but furious rage at the most desperate steps. And here is a characteristic detail: at the court session representatives of Sistema were denied nerves, and each time they met the appearance of the Rosneft lawyer with hysterical laughter.

Against this background, a strange hooligan trick precedes the cyberattack becomes more or less understandable. The arbitration court of Bashkiria received a petition that Rosneft withdrew its claim against AFK Sistema in connection with the conclusion of a settlement agreement. The document was signed by two vice-presidents of Rosneft. True, very quickly it turned out that this is a fake. Who sent her to the court, it remains unknown.

But to help win the court, even anonymous letters can not - to save the oligarch can only miracle. For example, if the documents testifying to the secret management mechanisms of Bashneft in the time of Sistema disappear somewhere. Otherwise, during the next meeting, arbitration may hear such facts, because of which the outcome of the process will become a foregone conclusion. And where are these documents kept? In the computers of Rosneft, where else. And also Bashneft, which until recently belonged to Sistema and whose computer networks were serviced by the company's specialists. Of course, the "locks" after the change of ownership there have long been changed, but that the clever knave has a lock if he knows all the corridors and doors. By the way, as we learned in court, it was on the computers of Bashneft that facts were found that could indicate forgery of accounts.

The ancient Romans advised: when investigating crimes, first of all, look for whom it is profitable. And, you see, all this amazing synchronization in time between the court session and the virus attack can not but surprise.

Mikhail Leontiev, press secretary of Rosneft, said: "We said that in fact it is not our function, we hope that experts and law enforcement agencies will investigate and find it, but we do not want to think in any way that this is Somehow connected with our lawsuits, despite the amazing synchronization. If one looks at the rational motives that hackers could have, then one can not help but notice that such a rational motive would be to "kill" the computers of Bashneft, which contain a large amount of information about the activities of Bashneft during the period of ownership Her previous owners ".

Naturally, it is said with all possible polites. Although, I think, it was necessary to hold back seriously.

The ends in the water

True, it is unlikely that such valuable documents were kept in the public domain, because there is another version. It is not excluded that here again, nerves and despair could have affected - somehow, but to harm Rosneft! Let her stop production, let her bear the loss! This, however, did not happen due to the rapid transfer of production to the backup computer system. But what's interesting is that half an hour after the start of the attack in the market, they tried to launch a rumor, as if the Rosneft tower were getting up because of the virus, the oil production volumes were reduced by one third. At the same time even specific regions were mentioned, in which, allegedly, production stopped. The question arises: how could this be known if the hackers themselves or those who ordered them attacked knew where to strike? Fortunately, according to information from our sources, these rumors had nothing to do with reality - vital systems were not affected.

If we assume that this was the purpose of the attack, the authors of this venture are definitely people with a head. As a result, the whole world press speaks about the invasion of the virus, while leaving behind the scenes that due to him, under the threat of disruption, was the largest recent economic dispute! Just like Detective Chesterton wrote. "Where is an intelligent person hiding a sheet? In the woods. If there is no forest, he plants it. And if he needs to hide a dead leaf, he puts a dead forest ... ". And when it could go about stopping production it's funny to listen to stories about how someone's site fell.

We already said that the creators of the virus-extortionist almost nothing on it did not work. But how could they really hope that managers of large oil companies will get on their hooks. Hardly. On such things usually are conducted only inhabitants. And, therefore, the purpose of the whole operation was clearly different.

So, Ukraine, the motherland of the virus, it seems, was not accidental. Another more convenient platform to hide the ends in the water to pick up is difficult. After all, even if we assume that someone from Russian law enforcers will be interested and send a request to colleagues - say, conduct an investigation, it will simply be sent away. Yes, even just talking about the involvement of the Ukrainian company in the attack and it is useless - in response to the traditional accusations - they say, again they used to molest us to whitewash us! Moreover, on the very Ukraine because of the attack, too, the servers of the Kiev Metro, Boryspil airport and a number of banks have fallen - maybe, Russia arranged all this mess? Behind this empty quarrel the question will definitely hang in the air, who really benefited from this whole situation.

However, are not we complicating things too much? How to know. After all, it is difficult for an ordinary person to buy in a store, for example, an automatic machine. But if he heads a weapons factory, then the possibilities to get what he wants are much more open. AFK Sistema is the largest telecommunications holding company in which highly professional IT professionals work. And as knowledgeable people say, he who knows how to deal with viruses and burglaries, he knows how to organize them. And even if we leave behind brackets the fact that Sistema was in this case an interested player, who else in the post-Soviet space can do such a powerful hacking attack? Who else but the leader of the IT industry - the company of Vladimir Yevtushenkov?