Out of sight: the probiv market of about 15 billion rubles is waiting for redevelopment

After tightening criminal liability for the illegal collection and transfer of personal data, law enforcement officers received a command to block the operation of the Telegram bot "Eye of God," sources assure Izvestia. This resource has already suspended its work, but its creator Evgeny Antipov assures that he did it on his own initiative. Experts estimate the Russian market for "punching" personal information at 15 billion rubles per year. After the departure of the only more or less transparent player, he may be completely captured by projects controlled by the Ukrainian special services, experts fear. How the business of "breaking through" works, how the high—profile political murders in Russia and the Ukrainian hacker who served time in the United States are connected with it, can be found in the Izvestia article.

Look into the "Eye of God"

A typical stairwell in Moscow's Stalinka on Leningradsky Prospekt stands out with a brand-new surveillance camera mounted in a corner above dusty, tangled wires. The bright LED backlight around the lens gives the additional impression that someone is watching you right now. The front door to the apartment is under surveillance, where the companies of Evgeny Antipov, the creator of the most famous punching service, The Eye of God, are registered.

The Telegram bot got its name in honor of the hacker surveillance program from the movie "Fast and Furious". In 2024, the total revenue of Antipov Group LLC and GB Center exceeded 400 million rubles, with a net profit of 200 million, according to the SPARK database.

No one answered the doorbell at the place of registration of the "Eyes of God" correspondent of Izvestia. But in the messenger, the owner of the service readily responded to the request to communicate. According to the programmer, he once lived in this apartment himself and is still registered there. Antipov indicated the same address when registering legal entities, because the office "is not ready yet and there is no one to sit there," says the entrepreneur. "I didn't want to take an imaginary address, a rubber one," Antipov clarifies. In all interviews, he strives to emphasize the maximum transparency of his business.

In response to a joke that Izvestia journalists had found the very "Eye of God" in the form of a surveillance camera, Antipov sent a screenshot with photos of the correspondent in the stairwell with the words: "In fact, yes."

At the end of February, the "Eye of God" attracted media attention with rumors about searches that paralyzed the service. Antipov himself denies any investigative actions with him or his team members. He stated that, on his own initiative, he suspended the work of the bot to assess risks after the entry into force of the new Article 272.1 of the Criminal Code of the Russian Federation (it introduces responsibility, including for the creation of services for the illegal use of personal data).

"All our sources are in a panic, and now, after this set of news, the payment system is in the same state," Antipov emphasized.

How the Russian "probiva" market works

The sale of databases in Russia began back in the 1990s, when information was distributed on CD-ROMs. About 10 years ago, the now-closed Radarix and RusLeaks penetration services were popular. In their place came similar resources on the darknet. The rapid growth in supply was caused by reliable anonymity and the presence of so—called transaction guarantors - intermediaries who insure buyers of information against fraud (similar to transactions with other illegal goods in the shadow segment of the Internet).

But after the creation of the "Eyes of God" in 2020, "punching" became available to the mass user. There was no need to register anywhere else or install special applications and programs. To find comprehensive official information about a person, it was enough to open a chat with a bot in the messenger and enter the full name, phone number, email address or car registration plate. The amount of data, its accessibility, convenient and instant delivery caused a real stir.

— It is believed that in the pre—anti-type era, there were about 12-15 thousand users of online databases who spent from 15 to 200 thousand rubles per month on them, - says Igor Bederov, director of the T.Hunter Investigations Department. — When the "Eye of God" and all the other bots came out, the audience increased by about 100 times.

According to Bederov's estimates, today the number of active users of "various breakthroughs" in Russia is 1.2–1.5 million users.

— The average user spends from 5 to 20 thousand rubles a year on bots. Accordingly, the approximate market turnover is 15 billion rubles, the expert believes.

According to Antipov, this estimate of the number of users is quite accurate, but the owner of the "Eye of God" does not agree with the estimated average costs. According to him, the amount is overestimated by an order of magnitude. However, it is difficult to reliably assess the "breakdown" market, as it is heterogeneous.

— Punching, searching, scrolling and data verification are different processes with different approaches and financial perspectives. The classic breakthrough is most often associated with the purchase of information on closed platforms (for example, on the darknet), where the price per request varies from 500 to 6 thousand rubles. The profitability of such performers can reach 3-5 million rubles per month. Telegram bots occupy a separate niche. Illegal bots working with private data can earn 10-15 million rubles a month," says Antipov.

According to F6, one of the leaders in the cybersecurity market, there are about 300 channels with databases in the Russian-speaking segment of Telegram.

Experienced OSINT researchers most often call the main competitor of the "Eye of God" a service that offers not only data from open sources, but also information about flights, Yandex Food delivery addresses associated with a specific user, data on relatives and connections of the requested person. "There is a search based on incomplete data, a search from an address, and recently the database of the Intimcity website appeared along with photos," says the Izvestia interlocutor. The price of one request is from 111 to 190 rubles.

— The same bot has a premium service. To use it, you need to make a deposit of 200 thousand rubles per month, and each request will cost 800 rubles, says the OSINT researcher. — For this money, the user is promised access to information about bank accounts, video surveillance cameras, the Potok database for tracking car movements, and so on. There is even a free position for the media in the offer. Mandatory conditions are a letter from the editorial account, and a photo of the journalistic ID.

As Izvestia found out, the service uses so-called P2P payments for payment: in other words, the user transfers his funds to the bank card of the drop. Further, funds can be withdrawn to beneficiary accounts through transaction chains and crypto exchanges. On the project's website, an electronic mailbox is listed among the contacts, the owners of which did not respond to Izvestia's request to comment on the service's activities. The website description lists an Armenian company with an address in a private house in the village of Verin Ptkhni. However, there is no information about it in the official register of legal entities of Armenia.

The opinions of experts about the true owners of the second most popular Probiva service are divided. One of the cybersecurity experts believes that a citizen of Ukraine may be behind the bot. Two other Izvestia interlocutors, on the contrary, believe that the service is linked to specific Russian companies. However, none of the respondents dared to voice the details of these versions on their own behalf.

The rest of the bots largely copy their popular counterparts, differing only in their narrower specialization, individual exclusive datasets, or output format. But unlike the Antipov project, their creators remain anonymous, and account replenishment is carried out through cryptocurrency or P2P drops. In fact, all market participants except for the "Eye of God" remain anonymous.

How bots are used

Antipov always emphasized his openness to cooperation with government agencies, at whose request sensitive information was regularly removed from the issue. The "Eye of God" offered its services free of charge to law enforcement operatives. To do this, the user only had to confirm their membership in law enforcement agencies.

— Some people in the regions actually wrote letters from electronic mailboxes on the official domain of the Ministry of Internal Affairs, — says the interlocutor of Izvestia in law enforcement agencies. — After the news about the blocking of the "Eye of God" in the RCN, my colleagues and I simply created a separate bot based on it. When collecting information for the first time, it is important to have a quick and convenient tool, and the accuracy and completeness of the information can then be rechecked officially.

Izvestia's interlocutors among the security forces claim that the popular Probiva bots remain a popular source of information for intruders, including terrorists.

"In the most high—profile cases involving the murders of Daria Dugina and Vladlen Tatarsky, the victims were repeatedly punched with the help of well—known bots," says a law enforcement source.

Photo: Press Service of the Investigative Committee of the Russian Federation

The same applies to many prevented crimes, says another source.

— In terms of obtaining information, the Ukrainian special services often act quite simply, without bothering with the use of some deep agents or complex technical means. A performer is being recruited, and data about the target of the assassination attempt is being collected in the same bots," says the Izvestia source.

According to him, the first thing that all operational staff advise any victim of threats of physical elimination to do is to take the opportunity to hide their data in popular bots for penetration.

The availability of personal data without saboteurs contributes to a criminal situation, the Izvestia interlocutor believes.

"Even if we ignore the situation with high—profile crimes and telephone fraud, the banal desire of citizens to identify the culprit of some conflict themselves, say, an accident and deal with it in their own way, creates risks of new crimes," says a source in Izvestia law enforcement agencies.

At the same time, operational employees of law enforcement agencies have long been using less massive services designed for a limited circle of people, he explained.

In the criminal environment, they also do not greatly regret the loss of an accessible source of information. An anonymous provider of "security services" known on the Darknet under the pseudonym "The Pianist" answered negatively when asked if the problem of banning or restricting the functionality of well-known bots would complicate his criminal activities. "For other performers, singles, maybe. We have our own probiv department," the source wrote to Izvestia.

Who provides the data

Initially, bots for "penetration" are filled with free databases available on the web, then the owners of such resources come to the conclusion that they need to receive private leaks, which are bought or exchanged in private communication on special forums and chats, Ashot Oganesyan, author of the Telegram channel "Information Leaks", explained to Izvestia.

"In most cases, there is a long—established relationship between hackers (90% Ukrainian) who leak data and database buyers, either intermediaries or representatives of bots," says Oganesyan. — As soon as hackers have a new base, they write about it to their regular customers or announce it in their TV channels. Often, the most expensive databases are bought on an exclusive basis so that they do not end up in other competing bots.

Photo: Social Media

In 2024, Russia became a leader in the number of leaked data, according to a February report by cybersecurity company F6. Its analysts have recorded 455 new cases of public database leaks on companies from Russia and the CIS on underground forums and in thematic Telegram channels. In 2023, there were 246 of them. Experts from the InfoWatch analytical center in their latest report claim that the number of such incidents over the past year is even higher — 592. Russia accounts for almost a tenth of all such cases on the Internet.

"In total, the leaks of 2024 contained more than 457 million rows of user data. As before, the criminals made most of the stolen databases publicly available for free to cause the greatest damage to companies and their customers," the F6 report says (available to Izvestia).

Of the total leaked data, 237 million records contained email addresses (154 million of them were unique), 153 million contained user passwords (103 million were unique), and 459 million contained phone numbers (220 million were unique).

The number of leaks on the market is such that the prices for merged databases are quite small.

"Small dumps of tens of thousands of lines are sold in bulk for hundreds of dollars,— says Oganesyan. — Dumps with hundreds of thousands of lines are already being sold piece by piece in the range of $500-1000. Millions of lines — for units of thousands of dollars. Any exclusive product subject to further non-proliferation [among competitors] can cost tens of thousands of dollars.

Among the active distributors of leaks in 2024, F6 experts identify several of the most famous characters. So, a participant in the underground BreachForums forum under the nickname Sh4dow began on January 1, 2024 with the sale of the database of the Russian online store of manicure and pedicure products ParisNail. Since then, the attacker has posted 45 different leaks and made at least three deals.

Petya152r5 from the same forum published 7 databases of microfinance organizations with 74 million lines of personal data of Russian users in 3 months.

But F6 considers BadB to be one of the most effective among data merchants. Vladislav Khorokhorin, a veteran of cybercrime and co—founder of the famous CarderPlanet trading platform for stolen bank card data, is known by this nickname.

Khorokhorin was born and raised in Ukraine, lived in Israel and Russia, and therefore acquired citizenship of all three countries. It first came to the attention of cyber threat researchers more than 20 years ago. In 2009, he was detained in Nice at the request of the United States, where he served seven years in federal prison for participating in the embezzlement of $9 million. He was saved from a huge prison sentence by a deal with the investigation. After serving his sentence, Khorokhorin returned to Ukraine, where he established an official business in the field of cybersecurity.

"Since the beginning of 2022, [BadB] has been actively engaged in political propaganda on its Telegram channel, where it publishes news reports, as well as database leaks," the F6 study says. It was he who, on November 8, 2024, announced the high-profile hacking of more than 30,000 Russian servers on the Bitrix platform. As a result, from September to December, BadB published 22 databases of various Russian websites. One of the channels of his group publicly recruited Russians to participate in cyber attacks on defense enterprises, nuclear power plants and other critical infrastructure, Izvestia was convinced.

How bots earn money

Starting from about 2023, the main income of the "Eye of God" falls on the B2B segment, says Antipov.

— The Telegram bot generated about 30% of revenue. The net profit of the project was about 5-8 million rubles per month, but I always tried to reinvest these funds in development," the entrepreneur told Izvestia. — The bot activity was conducted through the sole proprietor. Then I created a legal entity, Antipov Group LLC, to conclude B2B contracts, but later decided that the name did not quite correspond to the line of business. As a result, Antipov Group LLC became a software development platform for projects such as Avtogram (verification by car number) and Comlit (verification of legal entities), and GB Center LLC became the main legal entity for working with companies within the framework of BIG DATA.

"The activities here are conducted in strict accordance with Russian legislation and are aimed at developing the domestic Big Data market," says Antipov.

Instagram FacebookThe main costs, according to him, went to a massive data search: searching for numbers on WhatsApp*, Facebookth, TikTok, "huge farewell investments in collecting information on Instagram*" (* belong to Meta Corporation, recognized in Russia as an extremist organization and banned in the Russian Federation). Facebook*, TikTok*, <url>*, <url>*, <url>*, <url>*, <url>*, <url>*, <url>*, <url>*, <url>*, <url>*, <url>*, <url>*, <url>*, <url>*, <url>*, <url>*, <url>*, <url>*, <url>*, <url>*, <url>

— Many people may consider this useless, but in the B2B segment such information is in high demand, - says Antipov.

Photo: Antipov social networks

According to him, now the main role of Telegram bots is not so much making a profit from subscribers as collecting data for further processing.

The creator of the "Eye of God" insists that he has always advocated maximum cooperation with the state and law enforcement agencies. And the current situation is in the hands of less transparent competitors, the most dangerous of which are projects created by the Ukrainian special services.

What the lawyers say

With the addition of article 272.1 of the Criminal Code, personal data protection measures have significantly increased, lawyer Ekaterina Kutuzova notes.

"The maximum sanction includes imprisonment for up to 10 years, a fine of up to 3 million rubles, which in itself indicates the seriousness of the state's approach to the problem," she said.

Tougher penalties in general will not change the situation, says lawyer Ilya Vasilchuk.

— It is often very difficult to bring the guilty person to justice. It may be located in jurisdictions that are currently inaccessible to Russian justice," Vasilchuk says. — Therefore, in my opinion, recent changes in legislation will not significantly affect the information services market, which processes a huge amount of personal data.

Users can be held accountable if they disseminate the information they receive illegally, says Elena Grin, associate professor at the Moscow State Law Academy. As for data processing services, the only way to legalize them, according to the lawyer, is to obtain the consent of those persons whose information is being processed.

According to the long-standing law on Personal Data, information providers can only be primary sources, such as official media, GIS and data aggregators, says Igor Bederov. All data must be of legal origin, and any internal data such as bank accounts or financial transactions cannot be obtained from open sources.

— But many entrepreneurs working in the gray zone did not see the prospect of serious sanctions for themselves, — says Bederov. — Due to the introduction of criminal penalties, the situation has changed dramatically.

Data providers that had been operating since the 1990s began to withdraw from the Russian market, and many were forced to reconsider their approaches and reduce the amount of information provided from illegitimate sources. Many have started using illegal databases, passing them off as the results of neural networks.

—The closure of major Russian services, in particular the Eye of God, may lead to Russian users continuing to seek access to information, believing that it should be comprehensive and inexpensive," says Bederov. — As a result, they can turn to Ukrainian services, among other things.

In his opinion, this, in turn, may lead to new leaks in the interests of foreign intelligence agencies, the introduction of malware on the devices of Russian users, and payment for the services of Ukrainian bots may be regarded as financing terrorism.

The Ukrainian hacker Khorokhorin has already reacted to the closure of the "Eye of God" and Bederov's comments on his Telegram channel. He wrote, "Don't scare people. Ukrainian bots are free. Yes, we do not remove information from the search results. Yes, you can punch through everything, including card numbers."

According to Bederov, in the future, Russian personal data processing services should start working legally. For example, by offering users scoring points instead of detailed reports, switching completely to AI data processing, or selling only certain categories of anonymized data.

Although Izvestia's law enforcement sources claim that they have received a command to block the work of the "Eye of God," Antipov claims that he still knows nothing about criminal prosecution against the project participants. The neighbors of the apartment where the entrepreneur and his business are registered, interviewed by Izvestia, also did not hear about the searches.

— I have cameras on all sides. I've had three searches in my life. It all started from where I lived [actually], and then we stopped here [at the registration address]," Antipov said. — So far, I have not observed any searches, but I assume that there will definitely be some kind of interrogation. Everything is logical. The law is out. They're checking it out. In my understanding, the fact that I publicly announced the changes [restricting the release of data at the request of users] should have helped to avoid this, but apparently not.

Will it be possible to restore the work of the "Eye of God" without violating the law or not, Antipov has his own plans for the future. He is working on big data processing products using artificial intelligence. According to him, the "Eye of God" is "not the best example to be proud of," and its goal is to create competitive Russian products in the field of Big Data and OSINT.