Online Raiding: Emergence and Counteraction

During the 2000s, the forerunner of online raiding was carding, that is, stealing money by obtaining or forging the details of other people’s bank cards. Syndicates emerged that stole large amounts of money from American and European banks. Carding still happens now, but back then it was widespread, there was media hysteria, and no-one knew how to counter it. But at that time there were people who had a strange way of life. They could afford more than the rest of us, and nobody knew what they were doing for living. They bought expensive cars and went to resorts. This is how the category of cyber-criminals, who in this field “earned” their first millions of dollars, emerged. Some of them died, some of them received long prison terms in the United States, and most of them began to cooperate with law enforcement agencies and the intelligence services of various states.

The period of the noughties was a test, a small model of what was to come. People engaged in carding were testing the online financial system for vulnerabilities which would later be used for raiding. This small model showed the extreme effectiveness of raiding. Carders were caught, mainly due to the fact that some carders ratted out other carders. Carding was made more difficult by growing awareness and the development of mechanisms such as 2‑factor authentication. By the end of the noughties, the communication systems had evolved and it was no longer credit cards that were of value, but communication systems and databases.

Today it is difficult to find a business that is not represented online. Entrepreneurs actively use the Internet to promote their services or products. Online opportunities have exponentially increased the speed with which a new business can be promoted and scaled. Businesses can rapidly emerge and expand their owner’s prospects.

There is a downside to this new world of opportunities. The transition to virtual spaces has left businesses vulnerable to various kinds of online raiding. Any business with an online presence can be raided, with the beginning and end of a raid remaining impossible to predict. When first raided, a businessperson may not understand what is going on. Raiding can lead to the loss of entire business projects, or the loss of large shares of the market to affected businesses. Online business raids themselves are a dynamic and progressive phenomenon: raiders actively use innovation to their advantage.

The concept of online raiding was first qualified by the Information Security Institute, and the history of the phenomenon and methods of countering it were discussed in detail at a meeting at the Kyiv office of the European Academy of Sciences of Ukraine. 

Yevgeniya Tarasenko, a lawyer, agent of the DMCA, and expert member of the Information Security Institute, spoke at the meeting, and had the following to say. “Jurisprudence has been familiar with the concept of raiding for as long as jurisprudence has existed. Raiding dates back to the Crusades. The clearest example in our era is the 90s and raiding, which had the nature of force. If we look at the dynamics of raiding, Google, which “knows everything,” can help us. Beginning roundabout 2009–2010, this concept is becoming less and less popular as a Google search term. Is society becoming more civilized? Nothing disappears anywhere, it just takes slightly different forms.”

According to the speakers, the word “raiding”, when used to describe business operations, is characteristic of Eastern European territories. In Western Europe, the term “takeover” is more typical. But at the same time there is also a third space where something can also be seized and absorbed — the Internet. In this space, there are no bodies, no traces, no fingerprints. The attention of law enforcement is minimal, and it is extremely profitable to conduct criminal activity.


“There are many views on this phenomenon, but we will present our view and what we mean by it,” the speakers say.

Online raiding can be defined as any system of unscrupulous, destructive actions, dynamically changing, aimed at seizing communication systems, technological nodes, or appropriation of someone else’s identity, in order to seize market share, engage in extortion or blackmail, or eliminate or ruin a person or organization. Attacks target domains, pages, sites, and identities. At the same time, methods, groups of methods, and complex forms of takeover, can now occur simultaneously.

The Internet provides innovative solutions for businesses that have two sides of the coin: both extensive growth and opportunities for criminals, who are very quick to learn. Villains can use both kinds of opportunities. Each uses the Internet in their own way: some mechanically repeat, some construct, some create.

“Legislation is very far behind innovation. It is often impossible to prosecute because the law is 5–10 years behind. Legislation is chasing this train. The speed of adoption of laws is long, and during this time criminals will change their methods and approaches, and by the time the law is passed, it becomes irrelevant,” says Yevgeniya Tarasenko.



Форма для связи