Cybercrime is spreading, transforming, and changing so fast that it is not always possible to place it within some criminal limits and definitions. Mr. Robert Adilkhanyan, First Class Councilor of justice Head of the Department of Investigation of Cybercrime and High Technology Crime of the General Department of Investigation of Particularly Important Cases of the RA Investigative Committee stated within the framework series of interviews “The Investigator Presents” on Iravaban.net.

In his opinion, cybercrime is an intellectual crime. Robert Adilkhanyan is the oldest resident in the field; 10 years ago he was the investigator investigating the first cybercrime case. We talked to him about the profession, the current situation in the field, the dangers and what to do next.

– Mr. Adilkhanyan, lately there has been a lot of talk about cybercrime. What statistics do we have in that direction?

– In the modern world, the development of society has become impossible without the Internet, computer equipment. The main reasons for their widespread introduction in all spheres of human activity are mobility, comfort and affordability.

And at the same time, it is a matter of concern that in the modern world, the enormous technical potential and unlimited possibilities of the Internet can be used more often for criminal purposes. At the same time, the Internet, on the one hand, allows more “effective” execution of formerly existing traditional crimes, on the other hand, brings about new, previously unknown and publicly dangerous types of actions. In recent years, the Internet has been used not only for certain criminal offenses, but also for extremely dangerous international acts, in particular “network/media war”, “cyber-terrorism”, etc., which pose a threat to the security of individual states as well as for the whole international community.

And here, the introduction of new and modern technologies brings new manifestations of dangerous acts for the society – computer / cyber crimes. That is why computer / cyber crimes have been talked about a lot lately.

Before talking about cybercrime, I think there is a need to get an idea of ​​its definition. What is a cyber/computer crime in general? There is no consensus even among states, the international community, and legal experts dealing with that issue about the concept, definition of cybercrime, its exact list / types. These types of crimes are spreading, transforming, and changing so fast that it is not always possible to place them within some criminal limits and definitions. There are different opinions and approaches to call them: computer crime, cybercrime or high-tech crimes. Although the subject of the crime is almost the same in all three cases, however, there are also ideological, technical and other features that are important, but it is a subject of discussion in a more professional field, which I will not discuss now.

I personally, tend to call this phenomenon cybercrime, taking into account the fact that the Republic of Armenia ratified the Budapest Convention on Cybercrime in 2008, which is the most basic and comprehensive international treaty in the field, which also defines the main list of cybercrime. The T-CY Committee of the Budapest Convention develops and submits to the Party States the necessary explanatory reports and methodological guidelines to assist them in applying the Convention criminal and procedural norms ratified by the Republic of Armenia.

To put it more bluntly, cybercrime in the broadest sense is the use of computer systems, networks, and carriers, as well as crimes against them.

According to the Convention and also our ideas, cybercrime, according to the object of harassment, is divided into 3 main groups. The first is financial cybercrime (embezzlement using computer technology), the second is crimes against computer information security (hacker attacks, cases of illegal access to various social network accounts, etc.), the third is other (submission and protection of child pornography through computer systems, author violating, illegally collecting, keeping, using or disseminating information about personal and family life, disseminating confidential information).

Referring to your question, I would like to mention that due to the fact that there is no clear definition of cybercrime and there is no list, there are no official statistics on that type of crime. At the same time, taking into account the fact that the investigation of all financial cybercrimes and crimes against computer security in Armenia is carried out by our department, I can say that the number of criminal cases registered and accepted in the last three years has increased almost 3 times. No such growth is registered in the case of any other crime. We keep such statistics purely to follow and counteract the criminological picture and tendencies of cybercrime.

– What do the results of the investigation show, are cybercrimes mostly committed inside the country or abroad?

– The problem of organizing the fight against cybercrime has long gone beyond the scope of national and domestic regulation, becoming a matter of concern to the international community. The fight against cybercrime is dealt with not only by law enforcement or other competent bodies of individual states, but also by various international organizations whose activities are based on international legal acts. In addition, the problem has become so urgent in its complexity and seriousness that, in fact, without international legal cooperation between different countries, it has become virtually impossible to achieve significant results in the fight against cybercrime.

As it is commonly said, cybercrime has no borders. Investigators sometimes have to make inquiries into the competent authorities of several countries in order to obtain evidence of action taken in seconds on the Internet. For example, the victim may be in one country, the perpetrator in another, the Internet service provider in a third, and the data stored in a fourth. Of course, the amount of data, the huge amount of computer systems, the use of various covert means, electronic money transfer methods and other features specific to this crime create certain difficulties for the investigation, requiring investigators to master modern technologies to find a way to obtain accurate evidence and reveal crimes.

If I address your question, the crimes registered in the Republic of Armenia were committed both outside our country and inside the country. Hacker attacks, as well as extortion crimes by viruses that block computer systems, are more common outside the country. Domestic cybercrimes are mainly committed in the financial sphere or for various personal motives.

– How would you assess the level of awareness of the citizens? Would the cases of cybercrime be less if the citizens were aware?

– First of all, let me mention that cybercrime is endowed with critical enormous latency. Thus, according to the chairman of the Committee of the Budapest Convention on Cybercrime, law enforcement agencies record only 0.1-1% of cybercrimes, and reveal from 1 to 10% of reported cases. This means that out of 10,000 cases of conventional crime, only 10 out of 100 cases become known to the law enforcement agencies, of which only 1 in 10 cases is revealed. These international statistics show that the actual number of cybercrimes is significantly higher than all other crimes combined. About 400 criminal cases on cybercrime cases were initiated in the Republic of Armenia in 2021, which is only 1% of the criminal cases initiated in the state. According to the presented analysis, the real number of cybercrimes in the Republic of Armenia can reach about 40,000 annually. Being in the shadow of crime, not being known to law enforcement agencies, certainly contributes to the creation of favorable conditions and environment for cybercrime, which in turn leads to the emergence of billions of dollars of shadow criminal proceeds at the international level. This fact creates additional attractiveness for people with criminal tendencies, as well as for organized criminal groups.

It should also be noted that the latency of cybercrimes is declining in countries and societies where the law enforcement system is able to effectively counter these crimes. Conversely, criminals target countries and societies where the system does not work effectively.

The media literacy of the society and the maintenance of cyber-hygiene, as well as the trust in the law enforcement bodies are also important. In countries where the level of media literacy is high and there is trust in law enforcement, there people, being more vigilant against cyber threats, do not hesitate in case of incidents and immediately apply to law enforcement, provide the necessary information to detect crimes. As a result, both the latency of cases is reduced and the crime detection rates are higher.

Referring to our state, following the statistics presented by me, we can state that in recent years there has been a threefold increase in cases, in my opinion, this does not indicate that three times more crimes have been committed in recent years, but it means that the media literacy of the society is gradually increasing and the trust in the law enforcement system is increasing, as a result of which the victims of crimes apply to the law enforcement bodies more often. In this respect, the efficiency of the investigation of cases is directly related to the trust of the citizens. In other words, the increase in crime detection leads to the fact that citizens apply to law enforcement agencies more often.

Despite the increase of registered cases and the extreme workload of investigators, in the last 2 years we have a sharp increase in the detection of cybercrime. I can also say that the detection of financial cybercrime in the Republic of Armenia is about 80%, which is a significantly higher indicator compared to 1 to 10% of international detection. And if in previous years the detection of 1 to 10 crimes a year was considered a positive indicator, now the picture is not comparable in terms of positive movement.

Thus, in 2021, the Department revealed 668 cases of cybercrime, by which the criminal cases against 21 defendants were sent to court. It is noteworthy that in most cases of crimes, victims of crimes for various reasons did not apply to law enforcement agencies. I am sure that the cases and revelations of crimes will continue to grow. And in order to have continuous progress in this direction, stable improvement of the general situation, we need to talk more about cyber threats, to carry out media literacy awareness campaigns in different groups of the society. The media also have an important mission in this regard.

I would also like to add that the sphere is in the center of attention of the Chairman of the Committee, who creates the necessary conditions to carry out the work of the investigators more effectively. In particular, the work of investigators who provide good results is adequately evaluated, the latter are encouraged. The computer-technical laboratory operating in the subdivision is equipped with the necessary modern equipment and software.

– What are the main commonalities and peculiarities of crimes committed in the high-tech sphere?  

– If we consider this issue in a broad sense, then in the modern world, almost all high-tech technologies can theoretically be used during the commission of crimes. Therefore, in order to detect these crimes, it will be necessary to use special tools and professional skills of investigative and judicial actions used during the investigation of cybercrime. Vivid examples of this are the criminal cases on drug trafficking, which in the current period are about 90% done by computer. Another specialized unit of the General Department of Investigation of Particularly Important Cases has recently had great success in investigating such cases, and the role of electronic evidence obtained in the revealing of these cases was significant.

If I refer to the commonalities and peculiarities, first of all I would describe cybercrime as an intellectual crime. We are constantly dealing with a criminal who uses the capabilities of the virtual world, the Internet, various networks, hidden in them, smart, flexible, possessing psychological tricks, technically trained, possessing technically necessary equipment, sometimes possessing special covert tricks. The most important feature is that the criminal does not carry out his actions face to face with the victim, he is invisible, and no one can physically describe and recognize him. The trajectory of his actions, the handwriting of the crime can be seen only in the virtual domain; therefore, in order to identify him, one must first receive electronic evidence. On the one hand, the chances of detecting crime at first seem quite low, as we have to find one of the billions of computer users in the world, the Internet user, however, every investigator dealing with these cases considers that work as a mission, a challenge, doing his best with work and specialization, so that the 1-10% of the international disclosure I mentioned at the beginning, at least in Armenia, shall be much higher.

– Recently, there has been more talk about crimes committed in the banking sector, when loans are issued through fraud without the person’s knowledge. What is our picture in this respect? Are there any statistics on how many such cases were registered in 2021 and 2022?

– Indeed, lately we often encounter financial cybercrimes in the banking and financial sector. Without presenting specific figures, I must say that in 2021-2022, most of the criminal cases investigated in our proceedings during that period refer to crimes of this nature. I should also mention that these crimes are almost completely revealed. In a short period of time, the public will be informed about the revelation of several multi-episode crimes. Taking into account the fact that the preliminary investigation of these cases is currently going on intensively, I will now refrain from raising any details.

In the context of your question, I would like to emphasize another circumstance. Today we have spoken about awareness, I think that raising and talking about these cases in a wide circle, being aware of them should contribute to raising the vigilance and awareness of citizens. You see, we can succeed in detecting crimes, but the cases of crimes can be reduced only if the citizens are more careful. Virtual criminals concentrate their skills and strengths in the very areas where they see the opportunity to succeed. We, the citizens, being more literate, should not allow criminals to make us victims. It should be the struggle of everyone, and not only the law enforcement system. We all, each of us, on our part, our opportunities, our domain, must fight against this phenomenon. As I mentioned at the beginning, the fight against cybercrime cannot be carried out by the state and within the state only by law enforcement. In this regard, the public sector also plays an important role, for example, banks and credit organizations should think about strengthening their systems and making them more secure.

– Is it possible to initiate any legislative changes to solve the problem?  

– In this dynamically developing sphere, it is always necessary to keep the hand of the state on the pulse, to make changes, if necessary, including legislative ones. You know, the new Criminal and Criminal Procedure Codes come into force on 1 July. We will work, record the possible problems and together with the partners of our different departments we will initiate changes as needed. I must say that the necessary platforms have been formed in the sphere, which will give an opportunity to raise the problems together with our partners and try to give quick solutions to them with joint efforts. The level of cooperation between the Prosecutor’s Office, the Investigative Committee and the Police is also high in the field, as well as the support of international partners for training and exchange of experience, and in terms of providing technical equipment. Close and effective cooperation is being carried out between the Investigative Committee and the Council of Europe, the European Union, the OSCE and the US Embassy in various areas within the framework of various international, regional and domestic programs.

If I point out a specific direction, I attach importance to the need to adopt relevant legal acts in the field of cryptocurrency circulation.

– As a result of the analysis of statistical materials, which types of crimes show the most development tendencies?

– If we analyze the current crime trends, in 2021 there were crimes committed with both traditional manners and methods ATM Jackpotting, Carding, Skimming, Phishing, Ransomwere, DDoS attack, Business Email Compromise, Nigerian Letters-Dating / Romantic Cases, etc., as well as previously unrecorded mechanisms of unprecedented crime, which are typical of the opportunities and ingenuity detected by criminals in the given period (in particular, using technical and software features and gaps of banking and electronic payment systems as a result of double cash withdrawals, as well as bypassing the electronic identification system), cases of online loans on behalf of individuals). Recently, criminal proceeds of crime have often been converted into cryptocurrencies using various money laundering schemes, as well as those who own cryptocurrencies.

Studies conducted in the department have shown that recently there are three main ways of committing financial cybercrimes. The first is the method of misleading the victims with various pre-designed tricks, abusing their trust, obtaining passport data from them and processing and stealing online loans in their name, as well as the method of stealing cash after receiving plastic bank card data. It is also the direction of embezzlement from financial organizations using possible insider information, and the third is the embezzlement of money through the implementation of traditional hacker attacks. Recently, there are frequent cases when criminals, being aware of the processing features of transactions of different banks, making two different cash transactions in seconds, they got the opportunity to make double cash withdrawals. There are also cases when criminals, bypassing the regulation of online lending software of banks, preparing fake IDs, received and stole loans in the name of different people.

The dynamics of criminal cases also provide an opportunity to identify financially targeted companies in the criminal sector, which will lead to measures to eliminate software problems in vulnerable systems.

It should also be noted that skilled criminals often use state-of-the-art technology to remain anonymous on the Internet, which makes it difficult to obtain electronic evidence to detect crimes. The issue of promptness of requests for legal aid sent to the competent authorities of other states remains an urgent, in which case, in cases where we are dealing with this issue, it is difficult to obtain important information for the disclosure of the case within a reasonable time. In many cases, it is difficult to obtain information that is relevant to the case within a reasonable time. However, even in the conditions of receiving it, the technical capabilities of the RA internet operators often do not allow receiving the data of the subscribers who got internet access, taking into account the fact of providing hundreds of subscribers (NAT-IP) to the same IP at the same time.

– What technical upgrades are being carried out in the Investigative Committee in order to ensure a quality investigation in the field of cybercrime and high-tech crimes?

– The Investigative Committee has the necessary state-of-the-art technical equipment in the field of high technologies. The computer and technical laboratory operating in the Committee since 2019 can be considered one of the best in the region in terms of technical equipment and professional skills. The software and equipment we use are not inferior to those used in the laboratories of the leading countries in the field. I should mention that the laboratory is also used in the process of obtaining electronic evidence from computer systems submitted by investigators from other departments of the Committee. Thanks to the efficient work of the laboratory, numerous criminal cases have been uncovered, including important electronic evidence obtained in criminal cases investigating several crimes of public importance.

– Mr. Adilkhanyan, being the head of this so – called “innovator” crime investigation department, are you in favor of innovations at work?

– I think that the term “innovator” is not applicable in the field of criminal justice, as the investigator, being an official conducting the preliminary investigation, is endowed with the powers provided by the Criminal Procedure Code. In terms of judicial tools, an investigator specializing in cybercrime is no different from other investigators. However, due to tactics, investigation methodology and other peculiarities of the field, the investigator of cybercrime cases must be “innovative”, creative, and with non-standard way of thinking. The cases of almost all the crimes under investigation in our proceedings are not similar to each other. We are constantly witnessing new criminal phenomena, new manifestations. The criminal, performing his action, choosing this or that new, “innovative” way of committing a crime, at that moment, is one step ahead of us and forces us to be “innovators”, otherwise we cannot succeed. Our goal is to respond quickly to it, to find the opportunities that will allow us to follow the person who committed the crime with precise actions and steps in order to get the necessary evidence. It requires a “fresh look”, a non-standard, flexible mindset, knowledge of modern technologies, and the study of international best practices, the ability to work with open source Internet and Big Data, which will allow following the person who committed the crime with precise actions and steps in order to obtain the necessary evidence.

In the next 1-2 years, we plan to create and launch an unprecedented criminological database of crimes committed in the field of high technologies in Armenia, which, in my opinion, will have substantive and ideological significance in the detection of crimes.

– If possible, let’s deviate a little from the official questions. How does Robert Adilkhanyan, a lawyer by profession, assess the role of information technologies in our lives and what role do they play in your daily life?

– Let me answer the question with a rhetorical question. What will happen in our society, in our daily life, if, for example, the internet is turned off for a week? Can any of us imagine our lives without the internet and high technology?

My generation spent their childhood without internet; we went down to the yard and played various yard games with our peers. Now parents demand the same from their children, but the latter often prefer to play computer games. Is it good or bad? I think we need to find the golden mean. It is impossible to deprive a child of technology completely. That is our life and realities. Or I remember when I was a student, I spent days in different libraries, writing, compiling materials to find and read something. Now life goes fast, if we know what we need, it is possible to find and use it from the Internet in minutes. An individual who is able to use his technological skills correctly in modern realities is considered to be more competitive in the labor market.

Maybe if there is no internet, then we, by communicating directly with the people around us, will be more attentive and caring, we will have other emotions and feelings, life will be filled with other colorful shades. But the rules of modern life and the reality is that each of us spends a few hours a day on the Internet, in the virtual domain.

– Mr. Adilkhanyan, do young investigators aspire to work in the field you lead? Is it attractive for them to carry out investigative activities in that field?

– I must say that at least in the investigative system I am the oldest “resident” in this field, 10 years ago I was the investigator investigating the first criminal case on cybercrime. At that time, everything started from point 0 or as they say, it was a “green field”. There was no examination method, we were learning from our mistakes. According to everyone, computer crimes were considered incomprehensible, unpromising and peripheral in investigative work. In the early years, these cases were considered to have no prospect of disclosure. Then it was considered a success to reveal at least one crime a year and send it to court. Gradually, step by step, dedicated investigators of the field were found in the investigative body, they began to specialize in the investigation of cases in that field, united in teamwork. The interest in our field increased. Our voice became audible.

In September 2019, by the decision of the RA Government, a specialized subdivision was established. The cases of that nature were concentrated in a specialized subdivision by the order of the chairman of the RA Investigative Committee. A team of professional investigators was formed, which, being one unit, each has a special direction.

In order to make effective use of the available human resources, to organize criminal work, the Department, as far as possible, specializes investigators according to certain types of crimes. In particular, some investigators specialize in technical theft of banking and electronic payment systems, fraudulent theft of money from citizens on the Internet, theft through the use of plastic cards in the name of others, crimes against cryptocurrencies, cybercrime and computer crime. Specialized investigators, in turn, get the opportunity to get acquainted with the international best practices in their field. Participate in training courses and seminars on various international programs. The acquired skills are not only successfully applied by the investigators in their daily work, but also transferred to different investigators of the Investigative Committee. One of the bright examples of international cooperation in this direction is the fact that one of the Deputy Heads of the Department completed a two-year master’s degree program at the University College Dublin (UCD), which is well-known in the field within the framework of the Council of Europe CyberEast program, but also transfer to different investigators of the Investigative Committee subdivisions. One of the bright examples of international cooperation in this direction is the fact that one of the Deputy Heads of the Department completed a two-year master’s degree program at the University College Dublin (UCD), which is well-known in the field within the framework of the Council of Europe CyberEast program.

During the work, a slogan was formed: “There is no crime that cannot be undisclosed.” The non-disclosure of any crime is a reason for us to think, a narrow professional discussion; we try to find new opportunities to get the necessary electronic evidence to detect crimes.

As for the young investigators, I enjoy working with the younger generation of investigators. Recently, there is also a great desire and interest on their part to become investigators specialized in cybercrime investigation and to join our ranks.

– As the Head of the Department of Investigation of Cybercrime and High Technology Crime, how would you urge our people not to become victims of such crimes?

-Unfortunately, no one is insured against becoming a victim of cybercrime. The tools used for self-defense in cyberspace depend on the tools used by the criminal, the technical capabilities, their intensity, content, ultimate goals, and so on. As a rule, criminals use various phishing tools, which are about 10% effective, in order to obtain the internet information belonging to the victims. To protect against this, it is necessary to activate the two-factor authentication settings of the respective individual accounts, do not use primitive passwords, do not provide data to third parties or strangers, which can allow access to individual accounts, do not use open Wi-Fi networks. Do not access personal accounts from unknown or random computer systems; refrain from entering personal data on unknown or untrustworthy websites, etc. You need to use licensed software and have an updated antivirus system.

This initiative, implemented in cooperation with the RA Investigative Committee and the Iravaban.net website, aims to properly present to the public the main directions of the work carried out by the preliminary investigation body , to reflect on the peculiarities of pre-trial proceedings and other issues of public importance.