Company Group-IB, specializing in information security, will check the counting system in the show “Voice. Children” on Channel One. This company "is the official partner of Interpol, Europol and is attracted by cyber-police of different countries to joint investigations and operations to combat computer, financial, corporate crimes around the world," the statement said.
Experts will analyze calls and SMS messages for possible cheat voices, the use of bots and other methods of unfair competition. It will also check the voting systems, event logs related to the winner selection processes, as well as the possibility of obtaining unauthorized access to data and their modification.
The investigation had to be conducted because of the results of the finals of the “Voice of the Child” contest. The final was shown on Friday, April 26th. It was attended by three performers - Yerzhan Maxim, Valery Kuzakov and Mikella Abramova, the ten-year-old daughter of the singer Alsu and businessman Yana Abramova. Technical support of the voting was provided by SMS Services. The results showed that Abramova won with a score of 56.5% of the votes - 145,451 votes were cast for her, of which over 109,000 were via SMS, more than 36,000 by phone. The nearest pursuer, Yerzhan Maxim, has 27.9%. However, almost immediately, Channel One and Red Square (the producer of the program) detected signs of an anomalous vote and initiated a check. The company "SMS services" stated that all votes were received from telecom operators, and during the voting there were no DDoS or other hacker attacks.
What will be looking for?
The company's general director and founder, Ilya Sachkov, explained that Group-IB will analyze the technical possibility of interfering in the election system of the winner of the Golos project. In addition, the company will explore the capabilities of the project partner collecting calls and SMS, as well as its employees to make changes to the voting results. The second block of tasks: analysis of the array of calls and SMS to identify anomalies, the use of bots and other technologies to cheat votes.
Group-IB does not disclose methods and means of investigation, but promises to publish the report in open access. The inspection involved 15 people, the investigation will take from a week to a month, the 360 channel reported with reference to Group-IB CEO Ilya Sachkov.
Manipulations are possible.
“Attacks on SMS voting are not typical of cybercrime, they are only one-time stories,” explains antivirus expert at Kaspersky Lab Viktor Chebyshev. Technically, the most difficult way is to attack the counting infrastructure, which requires either hacking the system or the presence of an insider. A single error in setting up some kind of system service or an un-upgraded software version is enough for an attacker to hack the vote counting infrastructure.
“As practice shows, voting manipulations are possible with the use of virtually any channel: whether it is a survey on the site, calls, voting in social networks, etc.,” warns Andrei Bryzgin, head of the audit and consulting department at Group-IB. He refused to tell how this investigation would be conducted, but said how, in principle, you can intervene in the fair course of voting. For example, with anonymous polls, changing the IP address (using a VPN) or deleting a cookie (additional files that track user activity) in simple cases of updating the page allows you to vote again. The process is automated by scripts and voting goes in the desired direction.
“The SMS channel on this background looks more secure,” he notes. Bryzgin explains that lately, fraud using SMS has become technically more difficult, since attackers are trying to use it not only in various polls and polls, but also in Internet banking frauds. To fabricate SMS, you need a telecom provider with a legitimate inclusion in the communication channel. But today such a service is almost impossible to detect, says Bryzgin.
Although attacks on SMS voting are rare, experts remind that such cases have nevertheless already been in Russia.
“One of the most prominent examples of tension around SMS voting is Russia 10,” recalls Dmitry Sidorin, head of the Sidorin Lab online reputation management agency. In voting for the top 10 sights in Russia, the Heart of Chechnya mosque named after Akhmat Kadyrov took a long time, but at the very last moment the Kolomna Kremlin became the winner, after which the head of Chechnya, Ramzan Kadyrov, accused the mobile operators Beeline and MegaFon of manipulating with reception votes.
According to Sidorin, the easiest of the available ways to bypass the mechanisms that are struggling with cheating is to use new mobile devices and unique SIM cards. As a result, there were markets for the sale of both SIM cards and likes, comments, subscriptions, reposts, including cheating SMS polls.
“When voting with SMS confirmations, cheaters can use the corresponding services, in which the“ confirmation ”of each account will cost about 10 rubles,” says Nikita Tsaplin, the head of the cloud operator RUVDS. He clarifies that these services are most likely not used by phones, but by GSM modems. Estimated Sidorin, the cost of one voice in the services of cheating varies from 2 to 5 rubles. In this case, Sidorin notes that it is possible to imitate cheating to blacken one of the participants.
Thus, for the first place in the show “Golos. Children” last Friday, it would be enough to spend about 8 million rubles. This figure is the sum of almost 6.8 million rubles that were spent to pay for SMS and calls in support of Mikella Abramova in accordance with the official tariff (50 rubles for SMS and almost 40 rubles for a voice call). In total, the winner of the show scored 145,451 votes (of which 109,000 SMS and more than 36,000 calls). With so many votes, a 100% cheat would cost up to 1.45 million rubles.
An attack using SMS Trojans (malware forcing a device to send short messages) can be effective if it is conducted from hundreds of thousands of mobile phones — it will be enough to send one SMS from each device. “But a botnet, even with 10,000 devices, is more likely a rarity in Russia, and indeed in the rest of the world too,” Chebyshev from Kaspersky Lab believes. Bryzgin from Group-IB considers the option of sending SMS from infected mobile devices “exotic” and reminds that such actions automatically fall under articles from the 28th head of the Criminal Code (“computer crimes”).
The representative of Alsu Nina Ponomareva categorically denied the possibility of manipulation of the voting results. “We did not prepare the final song, as you can see, because we didn’t assume that people would choose it!” She said. And in the company "SMS services" declined to comment further, recommending a press release on the site.
In order to ensure the maximum separation in the voting, it was not necessary to hack the system or find an insider. “There are examples of open calls for voting that cannot be called cheating,” says Sidorin. He noted that the MK has published an example of a corporate newsletter in which the management calls for a vote for Mikella Abramova.
The most powerful popularizer of the young participant was her mother - the singer Alsou. One of the posts on Instagram asking to vote for her daughter has collected more than 1 million likes. They called upon to vote for Mekella Abramova and the publics of other stars, in particular Natasha Koroleva.