How bots-rounders began to hide from the law

The Russian bots market to search for information is experiencing significant changes. New legislation has introduced criminal liability for work with flowing personal data. Changes in regulation reflect the change in the direction of the state struggle vector – not with individual hackers, but with the infrastructure of the data in general. As a result, about 40% of Russian -speaking sites specialized in search of open data on the Internet suspended work or closed. The market of such services up to 15 billion rubles. It may finally go to the Darknet and fall under the control of foreign operators.

In December last year, a law entered into force in Russia that tightens responsibility for leakage of personal data. He significantly increased fines for companies, and also introduced working fines in the amount of 1% to 3% of the turnover per year, but not less than 25 million and not more than 500 million rubles. In addition, criminal liability has appeared for the illegal collection, storage and distribution of personal data. The Criminal Code (Article 272.1) now records that for creating or administering a site or program that is designed to store and transfer illegally obtained personal data, a fine of up to 700 thousand rubles is provided. Or imprisonment for up to five years.

The bots thought out

The update of the legislation set in motion the Russian market for services and bots in Telegram to search for information about citizens and their property. So, one of the largest services – the “eye of God” after the entry into force of the new legislation changed the rules of work. Before that, by the name of a person you could find a phone number with which you could already get photos, links to social networks and messengers, email, TIN, unloading ads on Avito, a car number, and then a residence permit, passport data, information about the car and its photographs. Since the end of 2024, the “Eye of God” has reduced the issuance of information by 40%, leaving only the phone number, mail, city, TIN and the presence of a person in the bailiff database, followed by a neat postscript: “We draw your attention to the fact that the data presented are the result of automatic search for open sources. They can be incomplete or inaccurate. The processing of the received data is intended exclusively for personal and family needs. ”

“We turned off all sources where there could be at least the theoretical threat of using illegal data. They removed access to data obtained bypassing the law, even if they were previously in the public domain, for example, they lay on the forum in a different format or pretended to be others, ”the creator of“ God’s eyes ”Evgeny Antipov explains“ Kommersant ”. At the end of February 2025, he says, the service stopped the work « in anticipation until the legal situation will become clear. » In March, Mr. Antipov stated that the “information suppliers” for the bot had searches in the criminal case, initiated under the new article of the Criminal Code.

Another largest Russian-speaking service for finding information-Himera Search-took out employees from Russia due to the fear of criminal prosecution for illegal handling of personal data.

Of the 21 bot, to search for information in Russian, Kommersant counted nine who, as of April 2025, did not work. In one of them – Leak Osint – a message is displayed on any team: « This bot is not available in Russia in connection with local law. »

The raw materials are cheaper

As a rule, the owners of such services do not “not bother to write complex parsers” to search for open data and use existing databases of leaks, as well as the API (Application Programming Interface) of existing services, explains Igor Bederov, general director of the Internet Inventory. At the same time, against the background of the total increase in the number of data leaks in 2022, 44 times their cost has decreased sharply, adds Pavel Kovalenko, director of the Inform Prisode Fraud Center. By the end of 2024, about 60% of the databases were distributed free of charge on shadow forums and only 28% were sold, says Yana Avezov, senior analyst at the Positive Technologies Research Group (see also in the “issue price” column on the same page).

“A significant part of such data is leaks as a result of the attacks of hactivists, which are guided by ideological considerations and do not pursue financial benefits. Also, not all data stolen from organizations are in demand, ”explains Mrs. Avezova. Of course, the owners of the boots are interested in such databases, adds the founder of the data reconnaissance service and the Darknet Darknet Ashot Oganesyan. “However, most of the databases that had come up in recent years contained exclusively contact details (name, e-mail, phone) and they have no particular interest to anyone, by the way, the low prices for them were determined,” he adds.

Who needed it

Most of the leaks of 2024 occurred among retailers, pharmacy networks and online services, delivery and catering services, says Angara Security expert Nikita Novikov: “Thus, the puncture market has received a lot of data on individuals, their place of residence, family composition, interests and preferences. Drenches greatly facilitated life for social specialists who actively use them. ” The “mobile” was significantly rise in price, the cost of the monthly detailing of calls and messages exceeded the cost of information about the movement of funds on bank accounts, which also increased, although not so significantly, to the prices of 2022.

At the same time, the opinions of the IB specialists about who is the main consumer of the services of bots-launches were divided. Madam Avezova believes that first of all these are scammers, and then collectors, competitors, private detectives and persons guided by personal motives (jealousy, revenge, curiosity, etc.). Mr. Novikov believes that law enforcement officers were the main consumers of these services, since they were provided with free access for investigations and search for suspects. According to him, then there were scammers, ordinary users and “banks, insurance companies and scoring services that used to penetrate to verify customers.”

Nevertheless, Evgeny Antipov assures that about 80% of the payments of the “Glass of God” took place from the B2B clients, at the time of disconnecting the bot in February 2025 he had 40 million active users per month, and the number of requests per day was 17 million. He adds that 400 thousand law enforcement officers used the service free of charge.

Shadow of Darknet

According to Mr. Antipov, the revenue of the “Eye of God” service amounted to 10-15 million rubles. per month. Igor Bederov estimates the volume of the entire market for the search for information up to 15 billion rubles, while he emphasizes that this is a “maximum rating”. He is sure that the market volume after the entry into force of the new legislation and the closure of part of the bots and their departure did not decrease: “on the contrary, it will increase due to the fact that users will be redistributed for legal services that are obviously more expensive.”

After leaving or closing, part of the services will take the freed niche, working outside the country and not falling under Russian jurisdiction, Mr. Novikov believes: “And 15 billion rubles. The annual turnover of the probing market will be redistributed between small closed groups, including controlled by foreign operators. ”

“All Russian-speaking boots have already gone into the gray zone. The “Eye of God” was the last to relocated from Russia, ”says Mr. Oganesyan. At the same time, according to him, the Russian audience is also interesting to such services and « they will continue to work with it. » Mr. Oganesyan calls the key success factors in this market the key bases and the possibility of receiving payments from customers.

In the future, the market will go deeper into darknet and closed chats, the use of cryptocurrencies and technologies for bypassing blocking will also grow on it, adds Mr. Kovalenko: “The demand for information will not disappear anywhere – it will simply become less visible.” In addition, a high risk of criminal liability can lead to a decrease in the number of data suppliers themselves, and developers and administrators of the knitting bots, which will lead to an increase in prices for breaking information about a person, says Madame Avezova.

Trade under the sight

New regulatory norms have not yet established practice of application, emphasizes the head of the IT security “KSK Group” Alexei Workers. Because of this, there is a “high risk of expansion interpretation of the law-the main problem of the current version of Art. 272.1 of the Criminal Code of the Russian Federation is the possibility of its widespread use for the current activities of companies, ”adds the management partner of the Comply Artem Dmitriev. The Advisor to the Practice of Intellectual Property of the Legal Company EBR Artem Evseev agrees with him. According to him, companies that are not related to the penalty market may also fall under the effect of new regulation – those who are screening information systems or specific people, for example, when applying for work.

The mincifers explain “Kommersant” that the responsibility threatens only to those who “illegally collects, uses, transfers and stores personal data, access to which is obtained unlawfully, as well as those who create and ensure the work of resources where such information is stored and distributed”. In the ministry, unlawful access in the ministry is understood “illegal impact on servers, computers and networks for violating the processing and storage of personal data. That is – hacking, illegal penetration and theft. ”

“The fact that data is available on the Internet does not make it legal. If the initial source is unusual – the entire subsequent chain of data turnover also goes beyond the legal field. If you use stolen data, then you are in the zone of criminal liability. The only question is in the degree of guilt and evidence of intent, ”explains lawyer Natalia Dorofeeva. It suggests that law enforcement practice will also apply to contractors, affiliated business structures and technical integrators.

The authorities continue to pointily block individual players. In Roskomnadzor, Kommersant was told that since the beginning of 2025, they “stopped the activities” of 167-mirror sites and 978 telegram bots that distribute personal data. However, the department did not answer the question whether other methods of counteracting such services are planned.

“The state now intends to fight not with individual hackers, but with the infrastructure of the data in general,” concludes Ms. Dorofeeva. In general, the trend is as follows.

Alexey Zhabin