The name of the bank and the amount stolen are not disclosed, but this way hackers can deprive banks of all their money. Swift's clients include about 11 thousand institutions...

The name of the bank and the amount stolen are not disclosed, but this way hackers can deprive banks of all their money. Swift has about 11,000 institutions as clients and its payment system processes billions of dollars.

According to experts, the Cobalt organization, which is now the main threat to financial organizations.

©

The attack took place on December 15 via malware. Dmitry Volkov, head of the cyber intelligence department at Group-IB, says this incident shows what the hackers have discovered reliable methods for money laundering.

Volkov explains that the Swift system itself is completely invulnerable. The problem lies in the insufficient security of the banks that use this system.

As is known, Swift has not been used for such thefts before. This is due to the fact that this requires professionals, since if the ATM maximum amount will not exceed several hundred thousand dollars, then through the system of interbank transfers you can get millions, and this requires great skills. The record so far is half a billion rubles. At first, the suspected group successfully robbed ATMs in the CIS countries, but now switched to card processing. Perhaps because specialists were found who were able to support and implement such actions.

It is believed that this was done using malware. It is sent in an email, it is opened by a bank employee, and the program runs and gives the fraudster access to this computer. Then the hacker begins to study the bank's internal network. Of course, there are ways to monitor such attacks, but not all departments have sufficiently modern means to do this. Conventional firewalls and antiviruses will not be able to provide complete protection against such situations.

It is reported that the affected bank recently underwent an inspection from the Central Bank, which indicated that its level of information security. They received recommendations to improve it, but apparently did not implement them.

Experts say others could be used payment systems. Usually there are two options: either gaining access to a specific terminal, for example, Visa or Mastercard, and then attacking it; or access is obtained to whatever comes first, in this case, Swift. And then they act according to the situation.

In recent years, attacks on banks have become more advanced, as more and more advanced Trojan horses appear, from which it is increasingly difficult to find protection against. Now you just need to find out the email addresses of some employees, send them letters in the form of financial monitoring, which contain virus programs that are launched when the letter is opened.

In the spring of 2016, Swift already warned its employees about the increasing attempts at cyber attacks, but they did not disclose details then.

Group-IB also does not say which bank was affected and how much was stolen. Swift supported this position and reported that all threats were thoroughly checked and eliminated.

Some experts think it was attacked small bank. They explain this by saying that it is more profitable to “attack” banks that do not have enough funds to improve protection against cyber attacks. The first bank to suffer from such a robbery was in Bangladesh, so apparently it was a small institution in Russia.

In Bangladesh, this incident occurred the previous year. Then the hackers gained access to several accounts at the Bangladesh Central Bank and requested the transfer of a certain amount. Federal Bank New York approved these requests and $80 million was transferred to the accounts of Philippine casinos. Doubts were raised only by the incorrectly spelled word “fund” in one of the documents.

Banks have built fairly effective barriers to protect against external attacks, but are not ready to resist violators on the internal network. By overcoming the perimeter using social engineering, web application vulnerabilities or insiders, attackers find themselves in a comfortable environment, the level of security of which is no different from companies in other areas.

With access to the bank's internal network, Positive Technologies specialists were able to gain access to financial applications in 58% of cases. In 25% of banks, the nodes from which ATMs are controlled were compromised, which means that followers of the Cobalt group using similar hacking methods could withdraw money from these banks. Transferring funds to your own accounts through interbank transfer systems, which are targeted by the Lazarus and MoneyTaker groups, would be possible in 17% of banks.

In 17% of banks, card processing systems are not sufficiently protected, which allows attackers to manipulate the balance on their card accounts, as we saw in early 2017 in attacks on banks in Eastern Europe. The Carbanak group, distinguished by its ability to successfully carry out attacks on any banking applications, could steal funds from more than half of the banks tested by experts. On average, an attacker who has penetrated a bank's internal network requires only four steps to gain access to bank systems.

The report notes that the level of network perimeter protection in banks is significantly higher than in other companies: over three years, as part of external penetration testing, access to the internal network was obtained in 58% of systems, and for banks this figure was only 22%. However, this level is very far from ideal, given the high financial motivation of attackers and the lack of practice in many banks of analyzing the security of online service code at the design and development stages. During penetration tests, in all cases, access was facilitated by vulnerabilities in web applications (social engineering methods were not used). Such methods of penetration were used in their activities, for example, by the ATMitch and Lazarus groups.

Remote access and management interfaces, which are often accessible to any external user, also pose a great danger to banks. Among the most common are the SSH and Telnet protocols, which are found on the network perimeter of more than half of banks, as well as access protocols for file servers (in 42% of banks).

But the weakest link is bank employees. Attackers can easily bypass network perimeter protection systems using a simple and effective method— phishing, which delivers malware to the corporate network. Phishing emails are sent to bank employees both at work and personal addresses. This method to overcome the perimeter was used by almost every criminal group, including Cobalt, Lazarus, Carbanak, Metel, GCMAN. According to Positive Technologies, on average, about 8% of users in banks clicked on a phishing link and 2% launched an attached file. The study also provides examples of advertisements from hacker forums offering services from internal attackers in banks. According to experts, in some cases, for a successful attack, the privileges of an employee with only physical access to network outlets (cleaner, security guard) are sufficient. Another option for the primary spread of malware is hacking. third party companies, which are not as serious about protecting their resources, and infecting sites frequently visited by employees of the target bank, as in the case of Lazarus and Lurk.

Once criminals gain access to the bank’s local network, they need to gain local administrator privileges on employee computers and servers to further develop the attack. Typical attack vectors are based on two main shortcomings - weak password policies and insufficient protection against recovering passwords from OS memory.

If on the network perimeter dictionary passwords are found in almost half of the banks, then on the internal network every system studied suffers from a weak password policy. In approximately half of the systems, weak passwords are set by users, but even more often we come across standard accounts that administrators leave when installing a DBMS, web servers, OS, or when creating service accounts. A quarter of the banks set the password to P@ssw0rd; common passwords include admin, combinations like Qwerty123, blank and standard passwords (for example, sa or postgres).

Inside the network, attackers move freely undetected using known vulnerabilities and legitimate software that does not arouse suspicion among administrators. Taking advantage of security flaws in the corporate network, attackers gain complete control over the entire bank infrastructure in a short time.

“You need to understand that an attacker will not be able to achieve his goal and steal money if the attack is detected and stopped in time, and this is possible at any stage if appropriate protection measures are taken,” says Positive Technologies analyst Ekaterina Kilyusheva. — It is necessary to scan email attachments in an isolated environment, without relying solely on antivirus solutions installed on user workstations. It is extremely important to receive notifications from security systems in a timely manner and respond immediately to them using continuous monitoring of security events by an internal or external SOC unit, as well as SIEM solutions, which can significantly facilitate and increase the efficiency of processing information security events.”

22 Sep 2013, 19:18

Very often you read in the news that hackers stole several million from clients of such and such banks. How exactly does this happen?
I didn’t understand this issue, and the interest is purely theoretical, but only one thing comes to mind: clients leave their data credit cards on the Internet (for example, when paying in various online stores), and hackers hack into store databases and gain access to card data (number + PIN code), then cash out, or sell for cash to other people.
It turns out that when we read about the theft of 2 million dollars from Bank N, then in reality hundreds and thousands of clients are being robbed (from people credit lines not hundreds of thousands of dollars).
How else can hackers steal bank money?

22 Sep 2013, 22:48

In fact, everything is much simpler and more banal. Nowadays, it is not at all necessary to be a hacker in order to carry out a “hacking” attack. Everything is done by employees of banks or payment systems. Someone somewhere can copy the required database and give it to the right people who will start churning out fake cards. Stealing data from the inside is a million times easier than obtaining it by breaking into the Internet, because the technical issue has long been brought to perfection.

All that hackers do now is a primitive DDOS, which is more like the work of a manager organizing groups of people for attacks than the work of programmers. If someone tells you about the work of hackers, then this first of all means that someone wants to hide your money or blame some higher powers for their mistakes. Banks are obliged to be responsible for such mistakes themselves, but if this happens in some small payment system, then consider that you were simply scammed.

How exactly do hackers steal money from bank accounts?

23 Sep 2013, 13:51

It seems that small banks have imperfections in the field of data protection, large banks most likely check their employees up to the 7th level, so there is no need to talk about espionage here. When paying online, no PIN is entered, so this information can only be calculated by algorithms. If a person in a bank has a good position, then he is unlikely to risk his job and freedom for the sake of a few thousand rubles.

How exactly do hackers steal money from bank accounts?

23 Sep 2013, 15:55

nsergienko wrote: It seems that small banks have imperfections in the field of data protection, large banks most likely check their employees up to the 7th generation, so there is no need to talk about espionage here. When paying online, no PIN is entered, so this information can only be calculated by algorithms. If a person in a bank has a good position, then he is unlikely to risk his job and freedom for the sake of a few thousand rubles.
The carelessness of people themselves destroys all defense systems.

We are not talking about one card with several thousand rubles, but about databases with thousands of cards. It's easy to risk your job for this. Even those people who check employees “up to the 7th generation” can commit such a crime. However, among Russian banks you will not find a single large bank; even Sberbank employees work in such conditions under which it is simply ridiculous to talk about security. This is not even espionage, but a simple scam among employees who have access to money.

You see, in order to install a security system you don’t have to be big bank- even a simple person can do this on his home computer. The days when expensive house-sized computers were used to process data are long gone. Technically, everyone is protected equally. There is no need to blame people for carelessness. It is simply impossible for hackers to hack into the accounts of each person separately (and it is not profitable) and, as a result, rob the entire bank of large sums.

How exactly do hackers steal money from bank accounts?

23 Sep 2013, 17:19

It’s easy, they go to the bank, find out the access passwords personal accounts and from there they transfer money somewhere. Or they do it even more brazenly, transferring from the bank without any reason (they simply give an order on behalf of the bank to transfer from its correspondent account to the Central Bank or another bank). The main thing here is to withdraw it in time before the bank discovers the loss, that’s all.

As they say in study published today by Positive Technologies, banks have built fairly effective barriers to protect against external attacks, but are not ready to resist intruders on the internal network. By overcoming the perimeter using social engineering, web application vulnerabilities or insiders, attackers find themselves in a comfortable environment, the level of security of which is no different from companies in other areas.

With access to the bank's internal network, Positive Technologies specialists were able to gain access to financial applications in 58% of cases. In 25% of banks, the nodes from which ATMs are controlled were compromised, which means that followers of the Cobalt group using similar hacking methods could withdraw money from these banks. Transferring funds to your own accounts through interbank transfer systems, which are targeted by the Lazarus and MoneyTaker groups, would be possible in 17% of banks.

In 17% of banks, card processing systems are not sufficiently protected, which allows attackers to manipulate the balance on their card accounts, as we saw in early 2017 in attacks on banks in Eastern Europe. The Carbanak group, distinguished by its ability to successfully carry out attacks on any banking application, could steal funds from more than half of the banks tested by experts. On average, an attacker who has penetrated a bank's internal network requires only four steps to gain access to bank systems.

The report notes that the level of network perimeter protection in banks is significantly higher than in other companies: over three years, as part of external penetration testing, access to the internal network was obtained in 58% of systems, and for banks this figure was only 22%. However, this level is very far from ideal, given the high financial motivation of attackers and the lack of practice in many banks of analyzing the security of online service code at the design and development stages. During penetration tests, in all cases, access was facilitated by vulnerabilities in web applications (social engineering methods were not used). Such methods of penetration were used in their activities, for example, by the ATMitch and Lazarus groups.

Remote access and management interfaces, which are often accessible to any external user, also pose a great danger to banks. Among the most common are the SSH and Telnet protocols, which are found on the network perimeter of more than half of banks, as well as access protocols for file servers (in 42% of banks).

But the weakest link is bank employees. Attackers easily bypass network perimeter protection systems using a simple and effective method - phishing, which delivers malware to the corporate network. Phishing emails are sent to bank employees both at work and personal addresses. This method to overcome the perimeter was used by almost every criminal group, including Cobalt, Lazarus, Carbanak, Metel, GCMAN. According to Positive Technologies, on average, about 8% of users in banks clicked on a phishing link and 2% launched an attached file. The study also provides examples of advertisements from hacker forums offering services from internal attackers in banks. According to experts, in some cases, for a successful attack, the privileges of an employee with only physical access to network outlets (cleaner, security guard) are sufficient. Another option for the primary spread of malware is hacking third-party companies that are not so serious about protecting their resources and infecting sites frequently visited by employees of the target bank, as in the case of Lazarus and Lurk.

After criminals gain access to the bank’s local network, they need to take over local administrator privileges on employee computers and servers to further develop the attack. Typical attack vectors are based on two main shortcomings - weak password policies and insufficient protection against password recovery from OS memory.

If on the network perimeter dictionary passwords are found in almost half of the banks, then on the internal network every system studied suffers from a weak password policy. In approximately half of the systems, weak passwords are set by users, but even more often we come across standard accounts that administrators leave when installing a DBMS, web servers, OS, or when creating service accounts. A quarter of the banks set the password to P@ssw0rd; common passwords include admin, combinations like Qwerty123, blank and standard passwords (for example, sa or postgres).

Inside the network, attackers move freely undetected using known vulnerabilities and legitimate software that does not arouse suspicion among administrators. Taking advantage of security flaws in the corporate network, attackers gain complete control over the entire bank infrastructure in a short time.

« You need to understand that an attacker will not be able to achieve his goal and steal money if the attack is detected and stopped in time, and this is possible at any stage if appropriate protective measures are taken, - says Positive Technologies analyst Ekaterina Kilyusheva. - It is necessary to scan email attachments in an isolated environment, without relying solely on antivirus solutions installed on user workstations. It is extremely important to receive notifications from security systems in a timely manner and immediately respond to them using continuous monitoring of security events by an internal or external SOC unit, as well as SIEM solutions that can significantly facilitate and increase the efficiency of processing information security events».

How Russia turned into “hacker territory.” How much money do hackers manage to steal from the pockets of individuals and legal entities? This question was asked by Itogi to CEO Group-IB company Ilya Sachkov, together with whom we understood the background of the recent troubles with LiveJournal (“Itogi”, No. 15).

— Ilya Konstantinovich, how often are bank accounts gutted using DDoS attacks?

— Such attacks are quite common, but there are things that are more serious. The most common thing on the Internet is fraud through online banking systems, in other words, theft Money from the accounts of legal entities and individuals. First of all, legal entities, because they have more money in their accounts. The press reflects isolated thefts, but in reality the situation is much worse: every day we alone deal with 10 cases, and throughout the country as a whole, I think, 60-70 thefts occur a day from the accounts of legal entities through remote control systems. banking services(DBO). Unfortunately, there are no official statistics on this issue.

— Can you estimate the profitability of this “business”?

— Russian hackers—those who live in our country—according to our estimates, earned $1.3 billion in 2010 in Russia alone. If we unite Russian-speaking immigrants from the countries of the former Soviet Union, then it will be 2.5 billion dollars. As an example, I will show you on the screen an extract from the Internet wallet of a real hacker living in Moscow, who is currently under investigation. Look: the arrival of money in one day on August 11, 2010: 40 thousand dollars, 31 thousand dollars, another 40 thousand dollars and so on. And this is just for one day!

— Probably, not all of these amounts go through remote banking systems? For example, there are corporate bank cards, which are also of interest to scammers.

— According to our estimates, thefts from corporate cards- pennies compared to fraud in remote banking. It is the hacking of client-bank systems that accounts for the bulk of the criminals’ income. What you saw on the screen is the real income of the entire criminal group. The owner of the Internet wallet is the organizer of the group, he will receive about 80 percent. Let's look further: the income for a month and a half is 24 million dollars. These are the volumes of thefts from the accounts of Russian legal entities. Mostly small businesses suffer, sometimes large ones. This case is not an exception, but rather a new format of reality. In Russia, where everything is already very difficult with legal evidence of computer crimes, this is a potential source of corruption in law enforcement agencies.

— How do hackers manage to get into a protected banking system?

— Through corporate PCs of legal entities, bank clients, on which software for remote management of bank accounts is installed. Most often this is done using malware. There are essentially two main ways to infect an accountant’s computer with a special virus—a banking Trojan. Or the virus will be introduced by an accomplice of criminals working in the company, a sort of misplaced Cossack. Or the Trojan will be picked up by the accountant himself, who “surfs” the Internet from his work computer and can visit the infected site. In any case, computer infection is the result of a negligent attitude to the basic rules of information security. After all, ideally, to make payments, an accountant must have a laptop PC, which should be stored in a safe and taken out only to work in Internet banking systems. But this is ideal, but in practice, a virus that has infiltrated accounting software creates a false payment order to transfer money from the victim’s account to the account of a specially registered shell company.

— But it’s unlikely that you’ll be able to use the entire amount right away?

- Of course, it can attract attention. Therefore, the criminal group includes not only hackers, but also people responsible for withdrawing money from bank accounts and cashing them out. In this part, hackers interact closely with traditional crime. Thus, money diverted from the accounts of legal entities is most often sent to Yekaterinburg or Chelyabinsk - organized criminal groups continue to operate there, which have been engaged in cash transfers since the 90s. They split the initial amount, transferring it to the accounts of other shell companies or fake individuals. The task is to distribute the initial amount to many accounts of individuals (they are called drops, usually these are poor students, homeless people, etc.) so that the drops can easily withdraw “their” amounts in two or three visits to the ATM during the day. For a small fee, they do this and hand over the cash to a specific person from the gang. Cash-out schemes, naturally, are developed in advance, but there is a market for, let’s say, turnkey services. If you don’t believe me, type the phrase “cash out money” in any search engine...

— What happens to the cash then?

— Then the cache is transported to Moscow and entered into the electronic payment system, for example WebMoney or Yandex. Money". After all, it is necessary to somehow transfer cash to the accounts of the criminals and at the same time completely cover their tracks. Online wallet this is the best remedy because after this stage the money can no longer be traced. Next, the owner of the wallet scatters the money among other wallets: hackers responsible for connections with various organized crime groups, etc. To figure out such a cash-out scheme, it took law enforcement agencies and us as analysts two years of work. This was not easy, because there are many such electronic payment systems and they are not controlled by the state.

- This is a paradise for criminals!

- In words it is called more beautifully - the concept of free market economy. It is based on three pillars: no control by the state (direct contracts), no taxes, and with this money you can buy anything you want. Of course, you won’t be able to directly pay for, say, real estate with electronic currency, but you can easily cash out the money and purchase the villa that you like. Cashing schemes electronic currencies much easier than withdrawing money from bank accounts, due to the lack of such strict controls that exist in the banking environment.

— How do they deal with this problem in other countries?

— In the United States, many people understand that if a hacker is in the United States and acts against the interests of the country, then with a 90 percent probability he will be arrested in the near future. In Europe, in many countries it is virtually impossible to cash out a legal entity's money. Essentially, there are three limiting factors: a sense of punishment, economic inexpediency and technical impossibility. We have a paradoxical situation: all three are missing. Accordingly, a person who is not burdened with conscience can easily start a criminal business and earn a million dollars a day, because technically it is not very difficult.

- Tell me more!

— Let's immediately agree that we are not writing instructions for a novice hacker. What we are talking about is a crime, and this cannot be done, even out of natural curiosity. The income you saw on the screen is not just numbers, it is someone's lost business, someone's family tragedy.

Now about the key points of the criminal scheme. The first thing an attacker needs to do is create a botnet of infected computers and a virus that will infect these computers. If the goal is to make money, you need a high-class virus that is not detected by antiviruses and is a kind of constructor. It costs 5-6 thousand dollars. You also need to buy hosting, where access to the contents of the servers is guaranteed to be closed to any law enforcement agencies. This is a special area of ​​activity of the criminal world - the creation of specialized hosting environments for the provision of illegal services.

— Is there a lot of choice?

- Huge. And such hosting is inexpensive: $150-200 per month. Most commercial data centers (DPCs) are not such, but in my experience I have encountered completely legal data centers that secretly moonlighted as hosting for criminals, because it is very profitable. Including in Russia, unfortunately.

— And how will the virus spread across the Internet?

— We need a malware distributor on the Internet. To do this, there are entire groups of attackers called flooders. These are people who distribute malware for money. Infecting 1000 machines costs $20, approximately 600 rubles. But usually the customer spends more, $500, to infect more machines. The virus, a small boot module, enters computers, turning them into infected bots. And the organizer himself monitors using the control panel how his bots behave.

The latest squeak in this area: the virus itself is trying to understand what can be stolen from a given computer. First of all, it looks for entries into bank payment systems. If they exist, it loads a module onto the computer for working with the bank’s accounting software. If not, he tries to find payment software for individuals: WebMoney, Yandex.Money, etc. Found it and downloaded the corresponding module. If you don’t have any of this and you can’t earn money directly from your computer, you can still use it: for example, to send spam or for DDoS attacks. A maximum of $8,000 is the cost of entry into the cybercrime market.

— How does the virus manage to do its dirty work with impunity, since banks invest huge amounts of money in security systems?

— Criminals order high-quality viruses that are able to bypass antiviruses and other types of protection. Moreover, modern banking Trojans provide hackers with the ability not only to remotely access, but also to hide traces of crimes. How it's done? Once a false payment order is sent, the main task of criminals is to limit the accountant’s access to the Internet banking system. Most often, they remove one of the operating system components of the infected computer. At a time when all the efforts of the bank client are thrown into restoring the operation of the computer, the money leaves his account.

— An interesting question arises: who is to blame for what happened? A bank client who allowed his computer to become infected, or a bank who issued him software that is not protected from virus attacks?

— On the one hand, responsibility for the incident lies with clients, who often neglect the well-founded recommendations of banks. And they, by the way, are prescribed in every contract for the provision of remote banking services. On the other hand, banks are required to monitor strange payments - for example, a one-time transfer of a large amount to an account individual. The operator must block such a payment, call the company and get confirmation from the accountant. Unfortunately, in practice, not every bank adheres to such standards...

— What should the victim do?

— Almost any action of hackers is a crime. Therefore, you should definitely contact the police. True, victims extremely rarely do this.

- Why? Don't believe in success?

— Partly yes, they don’t believe it, because there are very few examples of successful investigations. The good thing is that such a specialized company as ours has appeared in our country. There are many of these in the West; it is a whole market of services.

— Let’s imagine that the injured company owner comes to the local police department. They'll look at him like he's an idiot, won't they?

“It is likely that they will try not to accept the application.” And you should prepare for this trip in advance. Firstly, you need to clearly understand that a crime has occurred, because the legal literacy of the population in the field of information security is a nightmare. And this crime is described in the Criminal Code. Secondly, you need to clearly know that the police officer is obliged to accept the application, and refusal is actually a malfeasance. Thirdly, it is necessary to correctly describe the elements of the crime. Recommendations on how to write a letter are quite easy to find on the Internet: both on our website and on others. If a DDoS attack occurs, it is advisable to include a notarized web page. In Moscow there are (and are already appearing in the regions) such web notaries that confirm that the notary’s computer does not have access to the resource. The moral is: if a person prepares for a visit to the police department, this will increase the chances that the investigation will be successful or at least a criminal case will be filed.

- So, in your opinion, a statement to the police is a panacea?

— You need to apply, at least for statistics. Look: the police staff can be increased only on the basis of registered crimes, but now the official statistics of the Ministry of Internal Affairs regarding high-tech crimes are completely inadequate. Therefore, there is a catastrophic shortage of relevant specialists: for one police officer in the field of computer crimes, I think there are about 100 applications, maybe more. And the work mostly happens on paper.

“In my opinion, it’s much more pleasant for our law enforcement officers to catch a poor student who installed an unlicensed version of the operating system on his computer or accounting program…

“I understand people’s desire to engage in just such investigations, because technically it is much simpler. But this is complete nonsense when one person steals 5 million dollars and gets five years probation for it, while another gets two real years in prison for an unlicensed OS. The government urgently needs to intervene in this mess with computer crime! If you do nothing, tomorrow will be much worse: hackers’ incomes are growing, and with them their opportunities for influence. If in 2000 companies installed security, and hackers broke it, today, when the criminal has 24 million dollars monthly income, the roles have reversed: the hacker commits crimes, and companies and organizations are trying to catch up with him. In two years, we may lose control of the Internet altogether, and then it will be useless to fight hackers. Because they will have their own people in the State Duma, where they will implement their laws.

— Recently, the Russian Association of Electronic Communications proposed amending the Criminal Code of the Russian Federation regarding liability for computer crimes. Will this help?

— I am the co-chairman of the RAEC commission on information security and cybercrime and am directly involved in the development of these amendments. We expect to complete the work by the fall. But even if everything turns out as planned, such normative base will work perfectly only if the hacker is located in Russia and the crime was also committed in Russia. Once the hacker is abroad, without law enforcement cooperation different countries nothing can be done. There is, for example, an international convention that allows countries that have signed it, in particular the United States, to exchange data necessary for investigations online. Russia has not joined this convention, and therefore our cross-border communication proceeds the old fashioned way: bureaucracy, paper, visas... True, this convention has certain nuances. For example, if we connect to it, then, say, US law enforcement agencies will be able to conduct their own investigations on our territory without informing us... It is mandatory to join international unions, but at the same time control some subtle issues.