The CyberEast project, funded by the European Union and the Council of Europe and implemented by the Council of Europe through its Cybercrime Programme Office (C-PROC) based in Bucharest, Romania aims to support cyber resilience of the Eastern Partnership countries. The project builds on previous capacity building efforts in the Eastern Partnership region and on the good cooperation relationships developed along the years. What is less brought to the foreground, however, is the human factor and the work of individuals driving the progress forward in the country. In this interview you can meet Farid Huseynov working with the State Security Service of the Republic of Azerbaijan. The State Security Service has been a long-term partner to not only the CyberEast project but also to the previous projects in the Eastern Partnership Region of the Council of Europe. For this interview we spoke with Mr Huseynov about his work as a cybercrime investigator and the challenges faced during COVID-19.
C-PROC: Please introduce yourself and the work that you do. What are the reasons for your interest in cybercrime?
Farid Huseynov: My name is Farid Huseynov and I work for the State Security Service of The Republic of Azerbaijan. I am a cybercrime investigator of the above-mentioned service. I started working in the cyber-related field in 2014, and for about three years (2014-2017) I also worked as technical personnel. This involved doing the forensic analysis for numerous cases. The technical experience gained during this time encouraged me to change my approach and became an investigator. While working as technical personnel I became interested in the whole crime process, but I had no permission to get the information about the results of an investigation. This motivated me to pursue a career as a cybercrime investigator.
Cybersecurity and cybercrime are very important fields, and investigators will never feel like they are doing archaic, pointless work in these cases. Cybercrime and data defense are rapidly changing fields. A large part of the work entails staying one step ahead of criminals. I feel good about my job because I know I contribute to the protection of people’s livelihoods and privacy. There is also great satisfaction in a career that keeps your mind active and keeps you on your toes. This is a vital and fascinating field. And so, if the idea of defending the internet from hackers appeals to you, cyber protection might be the work you might want to pursue.
C-PROC: In your career as a cybercrime investigator, can you tell us about a case that affected you most as a professional and as a person?
F.H.: For the past four years I have been working as a cybercrime investigator and we had many cases that affected me, and I am going to detail here one of them. I would like to write about the investigation where we found IP addresses that were used to attack, infect and exfiltrate data from multiple systems of the Ministry of Finance of Azerbaijan and many other companies, back in November 2019.
The analysis of cyber-attack logs revealed several malicious executable programs, including the executable files “xmrig.x86.exe”, which was illegally used to process a cryptocurrency called Monero. More than 44,000 IP addresses belonging to Azerbaijani entities were scanned for illegal processing of Monero cryptocurrency, and as a result, 3,499 IP addresses were infected.
During the investigation it was determined that the cryptocurrencies obtained using the resources of the infected computers were sent to IP addresses belonging to Canada and the UK. In order to obtain the information about the users of these IP addresses we have sent the preservation request to Canada and the UK respectively, on the basis of the Budapest Convention.
C-PROC: As an investigator working on cybercrime and related cases, a lot of your work depends on interaction with Internet service providers. Can you share a few tips with us and other investigators on how to make this cooperation work in practice?
F.H.: The functions of law enforcement and service providers are different: law enforcement is responsible for upholding the law, while service providers are responsible for providing customers with the ability to connect. Many countries are trying to deal with how these entities can better work with one another to make the Internet safer while still respecting their positions and the users’ fundamental rights.
How are we cooperating with domestic ISPs? As a Law Enforcement Agency, we are collaborating according to the legislation, meaning if we need to have subscriber information, first of all we must have a court order. Then we are requesting the necessary information. However, according to the legislation of the Republic of Azerbaijan, in cases where human life or health is in danger, we can request the information promptly without a court order.
C-PROC: In your opinion, how much of an impact did the COVID-19 pandemic have on the situation with cybercrime in Azerbaijan?
F.H.: COVİD-19 has brought a change in the activity of cybercriminals. Due to the introduction of various restrictive measures to prevent coronavirus, the internet has become the main channel of Azerbaijani citizens’ communication structure. People working from home have minimal cybersecurity guarantees. Cybercriminals are trying, therefore, to take advantage of the situation created by the COVID-19 pandemic.
During this pandemic, we have seen a sharp increase in the number of cybercrime cases. The motives, target scenarios and tools of the criminals are very diverse. They are trying to use social engineering and conduct ransomware attacks associated with COVID-19.
C-PROC: Is there anything that the joint European Union/Council of Europe project CyberEast can do to support your work and make a difference in Azerbaijan?
F.H.: The CyberEast project of the Council of Europe has provided important help for Azerbaijan. We understand how easy is to ask something and how difficult is to put it in practice. In this regard, we would like to share our gratitude for the support provided by the Council of Europe.
During the Steering Committee meeting, which took place on 7 December 2020, a series of activities were planned for Azerbaijan. Some of them already took place, such the Workshop on online fraud, crime proceeds and reporting mechanisms; the Workshop for personal data protection authorities and national communications regulators on trust and cooperation; the Training on international cooperation on cybercrime and electronic evidence for investigators, prosecutors and judiciary; the Workshop on the reform of criminal procedure legislation; and the Training for cybercrime units and prosecutors on use of templates for data preservation and subscriber information. All of these activities took place online, but we are most definitely looking forward to engaging physically in such activities in a foreseeable future.
Additionally, we are looking forward for practical training courses on topics such as Cybercrime Investigation; Computer and mobile forensic; Electronic evidence; and Darkweb investigation.