Regional hub for countering global threats

Alseitov Kanat Gyilimkhanovich
Senior Lecturer
Department of Special Training in Countering Global Threats
Institute of Professional Training
unior counselor of justice



The processes of informatization, the rapid development of computer technologies and the general integration of information systems have led to the emergence of a new form of crime – cybercrime, which, in turn, has become a global international problem.

Every year around the world the number of cybercrimes is increasing, while Kazakhstan, as one of the leaders in digitalization among the countries of the Commonwealth of Independent States, also did not stand aside.

In his message of January 31, 2017, the First President of the Republic of Kazakhstan emphasized the relevance of the fight against cybercrime.

Meanwhile, the analysis of legal information over the past 5 years pointed out to us the problems in organizing countering cybercrime in Kazakhstan.

According to the statistical data of the Committee on Legal Statistics and Special Records of the General Prosecutor’s Office of the Republic of Kazakhstan, for the specified period, 3 219 criminal offenses committed using the Internet, deception or abuse of trust of the user of the information system and illegal access to the information system or changes in information transmitted via telecommunications networks (hereinafter referred to as cybercrimes), which accounted for only 0,2% of the total structure of crime.

At first glance, this figure seems insignificant and does not cause concern.

Meanwhile, if from 2015 to 2020 the total crime in Kazakhstan decreased by 37%, or from 387 thousand to 243.5 thousand (i.e., by 143.5 thousand criminal offenses), then the number of cybercrimes increased 17 times – from 101 to 1 708 per year (diagram 1).

Chart 1. Dynamics of crime and cybercrime in Kazakhstan for 2015-2019.


At the same time, the methods of their commission are constantly developing and becoming more professional, as a result of which such crimes pose a threat not only to citizens and legal entities, but also dangerous for the entire state.

At the same time, law enforcement officers who are drowning in the routine of everyday work and who own a computer at the level of an ordinary user do not have the opportunity to improve their professional level of knowledge in the field of new computer technologies.

The above does not allow persons carrying out pre-trial investigation to properly qualify and investigate crimes of this category, and prosecutors effectively exercise supervision over the legality of criminal proceedings.

Speaking in terms of numbers, 71% of cybercrimes (2271 out of 3219) remained unsolved in 5 years, and only 18% (582 out of 3219) were sent to court.

The reason for the low efficiency is the lack of a sufficient number of scientifically grounded and proven tactics and methods, recommendations and explanations for the investigation of cybercrimes, generalized judicial practice on cybercrime.

It is important to note that obtaining and analyzing evidence in cybercrime cases is one of the most basic and difficult to solve in practice tasks, the solution of which requires not only the development of tactics for the production of operational investigative and other measures, but also the availability of special knowledge in the field of computer technology and software provision.

Taking into account the current situation and the growth of cybercrime, the Department of Special Training on Countering Global Threats, with the support of the OSCE Program Office in Nur-Sultan, initiated a training course on countering and investigating cybercrime, consisting of 3 seminars.

Meanwhile, in 2020, Kazakhstan, like other countries, faced the global pandemic of the coronavirus infection COVID-19, in the framework of countering which measures were taken in all educational institutions of the country to strengthen sanitary-epidemiological and preventive measures, including transition to a distance learning format.

At the same time, at the final meeting of the State Commission for Ensuring the State of Emergency, the Head of State emphasized the relevance of the introduction and use of modern distance technologies in the education system.

In this regard, the Law Enforcement Academy decided to conduct the first distance learning course on countering cybercrime in the Republic of Kazakhstan, consisting of three online seminars.

As a result, on August 26 this year. on the basis of the Law Enforcement Academy, through the Zoom platform and compliance with information security requirements, a 3-day online seminar on countering cybercrime has been launched.

When preparing the training course, the aim was to improve the professional level of practitioners of the law enforcement unit.

Therefore, the seminar was attended by investigators and supervising prosecutors from all regions of Kazakhstan, who directly investigate and supervise the legality of criminal cybercrime proceedings.

Since the first online seminar was the introductory stage of the training course, initially the audience was presented with information about cybercrime, its types and characteristics, methods of commission and problems of the criminal law aspect.

International experts spoke at the seminar for the audience: Alexander Sushko, head of the international company for the prevention and investigation of cybercrimes and frauds using high technologies «Group-IB» (Republic of Belarus), Anna Illamaa, computer forensic specialist of the International Association of Computer Investigation Specialists (Republic of Estonia), Otabek Rashidov from the Department for Counteracting Transnational Threats of the OSCE Secretariat in Vienna, and domestic experts Olzhas Satiev from the Center for Analysis and Investigation of Cyber Attacks (TsARKA, Kazakhstan), as well as Associate Professor of the Department of Investigative Activities Askar Kaliev and Senior Lecturer of the Department of Special Training in Countering Global Threats Kanat Alseitov from the Institute of Professional Training of the Law Enforcement Academy.

During his speech, expert Alexander Sushko told the audience about cybercrime in the modern world, its types and problems of the criminal procedure aspect of cybercrime investigation.

Anna Illamaa shared practical cases of investigating cybercrimes in the Republic of Estonia, the peculiarities of examining computer equipment and searching premises.

The experts paid special attention to the study of electronic evidence, their analysis and evaluation.

Also, thanks to the seminar, the listeners mastered the skills of conducting operational-search activities using open sources of the Internet, the possibilities of which were presented by Associate Professor Askar Kaliev.

As a result of the seminar, a survey was conducted for the audience, the results of which showed a high interest of the participants in the issues of combating cybercrime not only in Kazakhstan, but throughout the world.

Also, the seminar listeners expressed proposals for an in-depth study of computer forensics and methods of investigating crimes committed using end-to-end encryption in Whatsapp and Telegram messengers.

Students will study these questions during the next stages of the training course in October and December of this year.

Thus, the holding of this seminar by the Law Enforcement Academy and the OSCE Program Office in Nur-Sultan allowed investigators and prosecutors to gain new knowledge in the field of cybercrime and computer technologies, master the skills of working with electronic evidence in criminal proceedings, master the methods of conducting searches and inspecting premises. and computer technology, as well as research on digital evidence.

Also, thanks to the seminar, the audience learned about the types of digital data, tactics and methods of their search, seizure and collection for further formation of the evidence base in the investigation of cybercrimes.

The global Internet audience is growing at a rate of 1,000,000 new users per day, according to a new set of reports on the state of the global digital industry for 2019.

When we look at the data that can be found in the We Are Social and Hootsuite reports on the global state of digital technology for 2019, we see the following picture.

Today, there are over 5.11 billion unique mobile users in the world, which is 100 million (2%) more than in 2018.

In 2019, the Internet audience is 4.39 billion, which is 366 million (9%) more than in January 2018.

There are 3.48 billion registered users on social media. Compared to the data at the beginning of 2018, this figure has grown by 288 million (9%).

Now about 3.26 billion people access social networks from mobile devices. This is 10% more than in 2018, when 297 million fewer people sat on mobile in social networks.

There are over 5.11 billion unique mobile users in the world today, which is 100 million (2%) more than in 2018.

In 2019, the Internet audience is 4.39 billion, which is 366 million (9%) more than in January 2018.

There are 3.48 billion registered users on social media. Compared to the data at the beginning of 2018, this figure has grown by 288 million (9%).

Analysis of social networks by Brand Analytics in Kazakhstan showed that as of 2019 in our country there are:

1 781 760 active users of Вконтакте;

1 008 360 active users of Instagram;

413 026 active users of Facebook;

27 776 active users of Twitter.


In turn, the results of a sociological survey indicate that only 10.6% of Kazakhstanis are not registered in any of the social networks.

As you can see, the Vkontakte network is the most popular in almost all aspects, the second and third lines of the rating are occupied by Instagram and My World, Facebook is slightly behind.

It is the first that is most attractive for conducting propaganda work of extremist groups and recruiting new members into their ranks.

Due to the large amount of information that requires constant monitoring, measures taken by authorized and law enforcement agencies to identify and block extremist content currently have little impact on the emerging situation.

Without much effort in social networks, you can find individual users, interest groups, communities and even entire sites (especially DarkNet – “Dark Network”) that conduct not only veiled propaganda, but also openly call for a change in the state system and the murder of other people views and faith.

This circumstance is also caused by the fact that many Internet resources of extremist and terrorist organizations are outside the laws of states.

The practice of law enforcement agencies in foreign countries clearly demonstrates that information countering extremism on the Internet currently requires all available approaches.

In this regard, the methods of information counteraction to extremism, developed and used in the USA, China, Israel and other countries, are quite promising.

For example, the Georgia Bureau of Intelligence (GBI) published its strategic best practices for organizing the presence of special services on social networks in October 2012. According to them, the employees of the Bureau are given the right to use various tactics of using their status on the network: open, not attracting attention (encrypted) and secret (covert) presence. Officers and analysts can also act at different levels in the case of visual observation and gathering information from social media.

The first level is an obvious or open status, which is used when an employee does not hide his affiliation with the department and considers open sources of information. For example, a proctor might simply look at an open Facebook page, LinkedIn profile, or Twitter page to gather information.

At the second level – the status of non-attention, clear signs of a law enforcement agency should not be advertised, since efforts to collect information can be difficult if it becomes known which agency is interested in this or that information (for example, in case of interest in the corresponding blog or Facebook page intelligence analyst working on certain cases).

Individual criminally active individuals may have the ability to control Internet Protocol (IP) addresses. Therefore, in some cases, the analyst needs a mechanism by which it is possible to hide the belonging of the corresponding IP address to the law enforcement agency. However, agency policy should ensure supervisory approval and control of such actions.

The last level – secret, takes place when the efforts of a law enforcement officer are aimed at keeping his identity unknown. For example, they have a secret profile or a fictitious name to interact with the perpetrator.

Since this level involves active interaction between the law enforcement officer and the suspect, agency policy should determine who can fill this role and also establish the authority required to approve the use of this level.

In addition, the employee should consider the actions taken at the local, federal, and state (applies to the US) levels to avoid duplication or interference by other law enforcement agencies investigating the same case.

It is the policy of the Georgia Bureau of Investigation (GBI) to require a written request to use social media controls. The request must indicate the purpose, time frame of the event, type of control mechanism, a list of websites that will be monitored, as well as the estimated storage period of the information received.

As you can see, electronic evidence plays a special role in the detection and investigation of such crimes, which an employee of a law enforcement or special agency needs to receive quickly and legitimately from an Internet service provider (hereinafter – SP).

This is directly confirmed by the results of the latest research conducted in the European Union:

  • More than half of investigations request cross-border access to electronic evidence;
  • electronic evidence in any form is essential for about 85% of the total (criminal) investigations;
  • In almost 65% of investigations in which it is important to obtain electronic evidence, it is necessary to send a request to a SP located in another jurisdiction.

The current system of mutual legal assistance (MLA) can be complex and, in some States, very bureaucratic, often leading to long delays in obtaining electronic evidence. This is in no way compatible with the rapid nature of cybercrime and cross-border crime, for which there are no boundaries in the media space.

Electronic evidence stored by the SP can be used to confirm the fact of a crime, disclose incriminating connections and locate offenders. Also, obtaining electronic evidence will facilitate the prosecution and prosecution of the perpetrator (or group) who committed the crime.

It is extremely important to consider the possibility of requesting evidence from a foreign SP at an early stage, since the investigation can be time-consuming, complex and costly.

This often leads to recourse for mutual legal assistance (MLA), which can lead to process overload and lead to delays. Naturally, the delayed reaction of the competent authorities will in no way be combined with the impetuous nature of terrorism or organized crime.

Regulatory authorities need to understand how to preserve electronic evidence, retrieve data to prevent an emergency, how and when to use MLA alternatives, and how to draft an MLA Request for Electronic Evidence.

The development of competencies in these areas is necessary as individual governments and regional bodies begin to develop new, complementary structures for obtaining electronic records.

The use of social networks and instant messaging systems (messengers) is constantly evolving. Criminals want to ensure that they remain anonymous and use any technology that helps achieve this.

In turn, our employees must be aware of changes, reforms of national legislation, as well as procedures of foreign SPs in order to be able to obtain the necessary electronic evidence.

In four of its resolutions (№2322 of 2016, №2331 of 2016, №2341 of 2017 and №2396 of 2017), the UN Security Council called on states to collect and preserve evidence to enable investigations and prosecutions to the response of those responsible for terrorist attacks.

One of the resolutions (№ 2322) explicitly notes a significant increase in the number of requests for cooperation in collecting digital evidence from the network and emphasizes the need to reassess methods and best practices (depending on the situation, including those related to investigation techniques and electronic evidence).

Studying this issue, it should be noted that the SPs themselves are now increasingly taking on obligations to control and censor illegal content.

In 2017, Facebook, Microsoft, Twitter and YouTube formed a partnership to fight online terrorism.

The Global Counter Terrorism Internet Forum is part of several existing initiatives that are designed to track terrorist recruitment materials. The forum was supposed to facilitate interaction with each other, with governments, small companies and non-governmental organizations.

In 2019, the head of Facebook proposed to introduce new rules in four areas: malicious content, election integrity, data confidentiality and information transfer to various platforms. It is clear that «all malicious content cannot be removed, but in the context of many data exchange services, a «more standardized approach» is required.

In particular, it would be effective to enact new regulations defining malicious content and obliging companies to provide measures to minimize such content.[1]

However, based on practice, given the conspiracy and veiled qualities of online crime (especially terrorist and extremist), it is impossible to rely on 100% help from machine analysis tools.

Some states are taking legislative measures to oblige national telecom operators to store traffic data for a specified time (for example, the Russian Federation, since 2018, stores data for 30 days).

Summarizing the above, one should once again emphasize the importance of training authorized specialists in the implementation of appropriate procedures for obtaining and using electronic evidence.

Taking this into account, the Academy of Law Enforcement Agencies under the General Prosecutor’s Office of the Republic of Kazakhstan (based on the materials of the UNODC) has developed a program for training employees to collect and consolidate electronic evidence in the media space.

In September this year, taking into account the epidemiological situation, the Academy held the first online training seminar for law enforcement officers.

The event includes training sections on ensuring the safety of data (before sending a request for mutual legal assistance), sending urgent requests for information disclosure, mutual legal assistance, as well as problematic issues and ways to solve them.

Taking into account the importance of this work, in the future, the Academy plans to organize such training for employees, implementing innovative approaches in the educational process.


Senior Lecturer

Department of special training in countering global threats

V.A. Kuprenko