FBI Does A Cracker-Jack Job

kade writes: "MSNBC has an article on a story about the FBI hacking the machines of a bunch of Russian crackers in an attempt to get evidence on them due to the the inability or unwillingness of the Russian goverment to assist them in fighting cybercrime." Another reader pointed to coverage on CNN as well.

OK but...

When do I get my speedboat?

Re:Great line

[DataPath]

Well, the issue is WHERE they broke the law. They broke Russian law, but that is out of their jurisdiction, so that action is ONLY viewable as illegal under either 1) international treaties, or 2) Russian law.
The only thing that could bite them is international treaty. What they need to do is lure those FBI agents over to Russia so they can be prosecuted for their little hacking gig.

Re:Great line

[Zachary+Kessin]

Assuming that it gets to trial you can assume that the Defense lawyers will argue that the FBI did need a warent to do this. I imagine a court will decide one way or the other.

One of my favorite bits of USSC writing is the Justice Brandeis desent on the wiretapping case from the 20's when the FBI said that they did not need a warrent to tap a phone. (Brandeis and Homes said that they did but were in the Minority)

In all probability the evidence will be challenged in court.

IANAL!

Re:Great line

[Zachary+Kessin]

They don't need a warrant because the United States Constitution does not protect non-US citizens acting outside the US.

But in theory it should contrain the FBI, I would think. Has this type of thing ever been tested in a court? I don't really know. If something similar has never come up before the judge will have to decide what the law is. This is why we have judges and courts after all.

Soda Crackers?

[sheldon]

Are these Russian Crackers related to the Saltine Crackers, or are they more like Graham Crackers?

But then Animal Crackers are my favorite.

Re:Great line

[KoReE]

Unfortunately, "the law" is an intangible. It is only made tangible by enforcement. Enforcement only comes when everyone involved in enforcing the law uses ethics. If no one enforces international law on the FBI, then they have jurisdiction anywhere they choose, because "the law" no longer exists. Now, even though I don't think that it's cool that it is this way, who do you think is actually going to enforce law on the the FBI? The KGB? The NSA? NATO? NAFTA? NAMBLA? Nope. None of them. So the FBI will probably continue doing this to its heart's (or lack thereof) content.

Re:FBI & Chechnya

[Troy+Roberts]

You may know something about Chechnya. I wouldn't know.

However, what ever crimes have been committed in Chechnya by chechens has nothing to do with what has happened in this case.

Here there were criminals stealing monies and resources from US citizens. The US ask for help from the Russian government, who did not even respond.

The FBI did not invite the criminals to comit any crime. They ask them to show there expertise as in a job interview. Why? So, that the FBI could sniff the ids and passwords. This is not entrapment, which you imply.

The only thing questionable the FBI did was tell the criminals that they were interviewing for a job.

The rights extended to non-US citizen by the US far exceed those extended by many other countries including Russia.

I personally feel these two got just what they deserve. They will have plenty of opportunity to defend themself in court.

I have one last observation. Either, you have a very small vocabulary or are not very well educated. The prolific use of vulgar words to make a completely idiotic argument does not lend anything to your credibility.

Troy

Re:It's not a look warrant!

[Troy+Roberts]

OK, lets make a more accurate analogy. A Mexican resident stands on Mexican soil and shoot a US citizen on US soil. In what country have laws been broken? Now, the US government ask the Mexican government for assistance and is ignored. The FBI lures the murder in to the US. Ask the murder to demonstrate his skills. He calls a friend to send his rifle. When the rifle arrives, the murder is arrested with the evidence taken into custody. This is a closer analogy. I for one and not sure the FBI needed a search warrent to view the data they had down loaded. Police do not need a search warrent to control and take evidence at the scene of a crime. They need it to collect evidence at a suspected location of criminal activity. Constitutional law does not provide for protection of non-US citizen. There is not international treaty that prevents the US from acting in its own defence. Troy

Re:Interesting

[Troy+Roberts]

Constitutional law does not apply to non-US citizen

Re:This quote says it all...

[Glytch]

I love that metaphor. I'm going to steal it sometime.

Re:The Interesting Ending

[garcia]

I would say that the Russian mob would have better offers to them (drugs, sex, and more alcohol than they usually have)

:)

Re:The Interesting Ending

[sacherjj]

Very common technique. Surely you have head of the "award winners" police scams. Where those with outstanding warrants are sent prize vouchers and they get to come to a certain location to claim them. One such event had television coverage where the "winners" were interviewed. They were taken 10 at a time into another room to be given their prizes.

Those prizes consisted of handcuffs and getting read some rights before leaving out the back for jail time.

What hack?

[nneul]

I'd like to know how "getting them to sit down at a computer running a sniffer" counts as "hacking into their computers".

Re:What hack?

[graniteMonkey]

Simply put, it's a sort of side-channel attack, much like those used to compromise encryption through means other than "brute mathematical force". It's quite remarkable that the FBI actually got crackers from Russia to sit down at FBI computers and hand them the keys to the house all by themselves. It was so easy that I'd competent thief shouldn't have bungled so badly.

One would think that the method used here would be considered by the /. community to be a "hack" by merit of its elegance and wit. But I guess since it's "the man", people like you will continue to look for ways to rag on them.

Re:What hack?

[locutus074]

One would think that the method used here would be considered by the /. community to be a "hack" by merit of its elegance and wit. But I guess since it's "the man", people like you will continue to look for ways to rag on them.

Well, I originally thought, after reading the article, that referring to it as hacking or cracking was going a bit far. But after reading your thoughts, I have to agree with you to a point. I think that it was a clever bit of social hacking (or social engineering, whatever you want to call it).

I still haven't figured out whether I agree with what the agents did, but I have to admit that I admire the way in which they did it.

--

Electronic Evidence

[RichMan]

Part of a trial is establishing a chain of evidence. How on earth can you ever prove that an electronic train of evidence has not been tampered with.

Prosec: "As you can see in the log files .."
Defens: "Objection: the material security of the log files has not been proven. The prosecution has to prove it that the log files are a true recording of what happened. That the log files and logging process was a completely secure and tamper proof system."
Prosec: "The log files show that no one accessed the system."
Defens: "Objection: Log files are just that, they can be edited. Was the console secure? Was the net access secure?"
Prosec: "When we examined the system."
Defens: "Objection: Prove that the system was not tampered with or completely ghosted by a backup system between the time of the events in question and the time the material was secured."

Re:Electronic Evidence

[Cid+Highwind]

But then we know how technically literate US federal judges are...

Prosec: "When we examined the system."
Defens: "Objection: Prove that the system was not tampered with or completely ghosted by a backup system between the time of the events in question and the time the material was secured."
Judge: Counselor, if you don't stop spouting electronic gobbledygook, I'll have you held in contempt. The prosecution may continue.

Re:Electronic Evidence

[yahwey]

Not only will it be hard to prove evidense, but they also downloaded everything *before* they had a search warrant. The agents downloaded the data, but did not view it until they obtained a search warrant from a U.S. federal court, he said. That's like breaking into my house, and taking a bunch of stuff, but saying, 'we didn't *look* at it until we got a search warrant.'

Re:Reverse Hacking?

[Maserati]

On the plus side for the FBI. They had their suspect sit down at the sniffer in Seattle, and then didn't look at the logs until they obtained a search warrant.

However, we're going to piss off a lot of countries if we continue to assert that the FBI can do whatever it wants outside of the US.

The War on Hackers has turned up a notch.

Invicta?

[PD]

Could this fake company name be a purposeful mishmash of the words "indict" and "convict"? Who said that the suits don't have sense of humor?

Re:Invicta?

[segmond]

I am going to register a company now, Invicta! If the FBI uses it again, I will sue them for damages!

Re:Invicta?

[Richy_T]

It's a real word.

Rich

Re:Invicta?

[Richy_T]

Don't know, probably Latin. It means "Unconquered" or something. It's very popular in Kent in the UK where some invading army failed to conquer Kent because of the "Men of Kent" or somesuch.

As I say, it's very popular, there are Invicta public houses, Invicta garages and even "Invicta FM" (often termed "Inflicta FM")

Rich

Re:Invicta?

[Richy_T]

I've just noticed as well that the tires on my minivan are, in fact, "Goodyear Invicta"s. And no, to the ACs who have guessed at the roots of the word, I don't think it has anyhting to do with Spanish or invitations. I think it comes from "in" for "not" (incapabale, invisible etc) and "vict" from the same as "victory". I.e. "No victory" or "unbeaten".

Rich

Re:Invicta?

[Lizard_King]

Actually, the name of the company that the FBI uses is Invita.

Re:Invicta?

[Lizard_King]

It's a real word.

In what language?

Re:FBI & Chechnya

[Ektanoor]

If I clearly understand this:

he takes the risk of venerating those same "terrorists" he so despises

then I'm not overreacting. There is nothing to venerate on those animals. And note: a large part of these "freedom fighters" are no ethnical chechens. It is just scum gathered from all ex-USSR, mainly from Caucasus, and which found a hot seat in Chechnya at the beginning of the 90's. On what concerns Chechens themselves then I know some of them, who are great people and have nothing in common with these swines that are even unable to read the Al-Khoran.

FBI & Chechnya

[Ektanoor]

You know this method reminds me how "chechen" groups sometimes lured people. I know it because I had a few acknowledgements being lured this way before the 1st Chechen War (1994-1996).

In Russia this is consider as the same as kidnapping. I think the FBI has done it because not even the average citizen will understand this. So you US Government Fuckers how better you are than those terrorist groups in Chechnya? How can you talk about human rights if you act the same way as bandits, terrorists and outlaws? Have these guys commited a crime? Maybe. Anyway it is a economic felony which barely touch people's physical well-being. But now their crime is pointless because you committed a bigger crime, you kidnapped people against their will in a foreign sovereign country. You lured people, invited to commit a crime and got them incarcerated. The typical move of "chechen" terrorists and mobs.

You disrespect local laws and rules and you what us to hear you? Go Fuck! Next time the US Government will talk about Human Rights in Russia they can pick the paper and stuck it in their ass. The sound will be more hearable than their voice.

Re:FBI & Chechnya

[Ektanoor]

Have you seen them you dude? Have you talked with them? Have you dealed with them? Have they dealed with you?

No? So what the fuck are you talking about? I saw people being threatened, beaten and nearly killed. By these same so called "chechens", "freedom fighters" and "independentists". I saw what they wanted to do out of Russia you jerk because I had to deal with these bastards out of Chechnya before the war came. I saw only extortion, explotation, rape, and brute violance that reached cutting fingers and stabbing people. I had to save people from their hands and even save myself. So you sucker don't talk to me about Chechnya.

On what concerns what I despise then I despise because it HAPPENED in front of me and WITH me, you motherfucker.

Re:FBI & Chechnya

[Ektanoor]

However, what ever crimes have been committed in Chechnya by chechens has nothing to do with what has happened in this case.

This does not change the nature of the method used to lure people. It is clear on the article that these guys were invited to US with the high probability to commit a supposed crime. According to the article: "asked the men to demonstrate their prowess on a computer outfitted with ?sniffer? software to record every keystroke".

Here there were criminals stealing monies and resources from US citizens. The US ask for help from the Russian government, who did not even respond.

BS. Pure BS. You think that FBI phones MVD and no one takes up the phone? There are several of such cases hapenning in Russia and there were already tens of arrests. Besides not only against credit card fraud but also against child pornography. Curiously I noted that the arrests were mainly done with european police forces. US police forces seemed to be missing in most arrest stories here. Now I start thinking why this happens...

The rights extended to non-US citizen by the US far exceed those extended by many other countries including Russia.

Give me a break a? One does not need to live in the US to see how double standarded is your system. You even don't have foreigners but only "aliens". Let's remember that some state of yours sent a german killer to the electric chair for a few deaths and you made a whole mess when some american citizen gets capital punishment for transporting drugs.

On what concerns Russia you haven't seen what saw. I saw people going directly against laws and rules to help foreigners to avoid returning to their countries. as most of these people may suffer persecutions or have their country in shambles. Now I would remind that I have now two friends in the US who are forced to leave soon because their visa expired. No matter that their country is on fire...

I personally feel these two got just what they deserve. They will have plenty of opportunity to defend themself in court.

Well dear American citizens, and what can I say of this guy? A court is only a court if it is located in the US? And did they really got what they deserve? The crime was commited in the other side of the globe. Was expertise preformed? Criminal experts, interviews, analysis? Maybe this guys are only "executors". Mercenaries burned in a "descent mission" to Invita, Seattle. Excuse me dear American citizens but your co-citizen is just the typical portrait of your American Fat-Colestherol patriots...

I have one last observation. Either, you have a very small vocabulary or are not very well educated. The prolific use of vulgar words to make a completely idiotic argument does not lend anything to your credibility.

My vocabulary is not perfect as I am not a WASP, BASP or any other kind of freak. But for such an educated jerk like you, it goes as far as your mind may understand. And i am not chasing credibility. I don't need that shit. I stated only and only my OWN fucking opinion.

Re:FBI & Chechnya

[Ektanoor]

Rarely a nation can be considered as a commiter of a crime. So I consider you naming "Chechen" someone guilty of rape gives already a level of how biased you are. The only equivalence one may take, is with the Republic of Chechnya, that was turned into a safe heaven for criminals. So I name the "chechen" groups, and not the Chechen nation.

I cannot understand your reference on Russians for someone advertising a site, with clear muslim marks... And, besides, which talks about Jihad. Jihad cannot be against a nation.

On what concerns censorship and mis-information then it is a prerrogative of every state. Unfortunately they cannot live with it. No matter it is Russia, the US, the EU, China, the Republic of Ichkeria or anyone else.

On what concerns the facts I testified. They are what I lived and overlived for nearly a year among people related to the Republic of Ichkeria. They are not to be cited as a game of who's right or wrong. I don't play games with the suffering of people, as I directly testified too many times for the death and suffering of millions on Earth. For evaluating the wrongs or rights of such events there are courts. Public forums are not a place to judge such things. Specially when they are political or pro-political ones.

Anyway, this personal testimony is what gives me the right to name "Chechens" as a nation with the right to self-determination and to name those, who destroyed this dream, as criminals and bandits with lots of self-esteem and bravado. Hope, one day, this nation will be wiser on choosing their leaders and capable of holding them from doing silly actions.

In any case I started to compare FBI to "chechen" groups not for "evidences". I used it to show where I see spectacular parallels in the nature of the actions taken to lure people. It's my opinion and it is an opinion based on an harsh experience. If you have another opinion let it be. But don't level MY opinion as a justification of YOUR opinion as they are diametrally different. In such case beware, as I am not easy with people playing words...

Anyway, Peace.

Re:FBI & Chechnya

[Mr_Icon]

It's very easy to speak about "Chechen freedom fighters" out of the comfort of your very remotely located arm-chair. Unfortunately, the situation is not black and white, but a bizarrely twisted spectre of problems. Chechen republic in early 90's was a lure for various criminal elements coming from all over Southern former-USSR and taking hold there because law was anything but enforced there. We are talking kidnapping, slave labor, extorsions -- the whole slew of horrid crimes. "Chechen Mafia" was one of the strongest criminal groups all over former-USSR, Eastern Europe, and some of it in Asia and Western Europe.

The war is not against Chechens as people, but against criminal formations. You may think of it as of a bust on a MAJOR criminal cartel -- and you do this in US, don't you? The Chechen military groups are not comprized of chechens at most, anyway, and nobody wants to wipe chechens as a nation -- why?

Of course, you may continue limiting your views to what CNN feeds you, but there is more to any story you hear, especially if it's spoon-fed to you by CNN and the like.

Re:FBI & Chechnya

[sandidge]

You mean that the US doesn't have a right to police the activities of all other countries in the world? How can this be? Something has to be wrong here... arrest this man!

Re:FBI & Chechnya

[mvdwege]

Ah yes, and I presume you are American are you? How bloody typical that you seemingly believe explicitly whatever an American newsservice says about an American law enforcement agency, but as soon as someone points out the obvious bias you start blasting his language?

Why is it that the average US citizen reacts with vitriolic nationalism whenever someone outside the US of holy A dares to criticize them? And why would those reading Slashdot, who are presumably rational enough to judge the criticism on it's merits, not be free of this same ugly behaviour?

Regards,

Mart

Re:FBI & Chechnya

[00001300]

Woo hoo!

Mod this drivel up. Ektanoor is actually giving us valuable insight into from the Russian perspective.

And by linking the Chechen freedom fighters with the FBI, he takes the risk of venerating those same "terrorists" he so despises.

Re:FBI & Chechnya

[00001300]

Ektanoor,

I apologize for making you upset. I genuinely appreciate your comments.

Most of my info about the Chechans fighting for independence from Russia comes from www.qoqaz.net. This is hardly an un-biased source, but it provides me with the rebel perspective on the war. So I do not claim any firsthand experience with those people.

I do not make excuses for any crimes such as you describe. If a Chechan is found guilty of rape, I will demand just retribution. And I believe the Chechans who are represented by the qoqaz.net website would do the same, and actually carry it out. The justice that is presented on the website is what allows me to advertise the url.

In modern warfare, civilians are the biggest losers. For example, almost ten years after Desert Storm, the civilians in Iraq continue to suffer. The children are paying and will continue to pay for Saddams actions. Even the children of the US soldiers are not safe from the (controversial?) effects of depleted uranium.

Ektanoor, the Russians have a history of censorship and mis-information. If you can back up your claims of atrocities being commited and going unpunished by Chechan rebels, please cite your evidence and let the facts speak for themselves.

My evidence is available on www.qoqaz.net for public evaluation.

Peace.

Re:FBI & Chechnya

[faendryl]

I have no strong disagreements with most of the post, but as to one aspect... Generally, killing people is considered a worse crime than transporting drugs, even though drugs are capable of killing people indirectly.

Re:FBI & Chechnya

[warmiak]

Heh, Russians finally get to taste what they were "serving" in places like Afghanistan ...

Re:FBI & Chechnya

[warmiak]

"? A court is only a court if it is located in the US? "
Hell yeah.
Even such a freak like you would have to admit that Russian system is NOT KNOWN to be very law-conscious ( neither now nor ever ..)

Re:FBI & Chechnya

[zoomcloud]

Dorogoi Ektanoor - Before criticizing the methods of the FBI, and the US system of laws, it is important to agree on the premise that the Russians committed a crime. If you do not consider hacking web sites and taking credit card information a crime, then you will never agree with any enforcement taken against such actions. If hacking and stealing from US companies is not a crime, then Russian authorities should not help US law enforcement. The FBI should not lure the hackers to a place where they can make an arrest. Everyone should just happily hack away at the fat Americans, right? Our company works with Russian programming houses. One of the biggest obstacles we face in building business is the reputation of Russia as a country which does not respect international law and intellectual property rights. How will Russia use its vast intellectual power to make life better for its people? There are only so many ways to steal other peoples' work. Russia may play by the international rules and find its place in the international community, or else follow a course of isolationism which will relagate the country to a second-tier status and development. Chem podnimatsa?

Re:FBI & Chechnya

[zoomcloud]

I do speak Russian, but I wouldn't use the vocabulary used by Ektanoor to make a point.

Re:FBI & Chechnya

[zoomcloud]

Comparing the FBI to Chechnya is a bit of a stretch. Last I checked, the official position is that Chechnya is part of Russia. Tactics used in your civil war (mass killing, rape, torture, etc.) don't have much to do with law enforcement in the USA. Russians broke the law in the USA, and came were arrested in the USA. Yes, they were victems of a "sting" - does anyone rational really feel sorry for them? I say the same thing about the American who was arrested yesterday in Russia for narcotics trafficing. He should stand trial in Russia, and pay the price if found guilty. While the US is not perfect, we do have procedures for law enforcement, and we can guarantee a fair trial for the young Russians. Can you really say that we could expect any cooperation from local Russian authorities ???

Re:Two key points

[Ektanoor]

Ok, so they brought them to the U.S., told them to log into their computers in Russia, sniffed the passwords, and then used the sniffed passwords to log into the Russian machines. This is hacking? Social engineering, maybe...

If this happened than FBI can happily know that it violated article 272, part 2 of chapter 28 of the Criminal Code of the Russian Federation. The article claims setences starting from 500 minimal salaries (about US$4000) and up to 5 years of detention. Note that this considers only the fact of illegally accessing a computer.

On what concerns the arguments about local police doing nothing against criminal hackers then I can state this is pure BS. In fact in every major Russian city there is now a special department called 'Direction "R"' that fights computer crimes. Maybe the guys are not as effective as FBI "bright minds". But still is amazing to see how FBI treats their colleagues.

More interesting is that Chelyabinsk is one of the later military centers in Russia. So I believe that if police is sleeping there (Direction R is a police force) than the ex-KGB is surely not sleeping. And I believe that even the most corrupt FSB general would not leave these guys in the fresh air. People are now fucking sensitive to such things after a few major break-ups in Moscow and other cities.

So I can take only one conclusion from FBI's actions: bravado.

What's next? SEALs landing in some Mokrovka village to catch a small group of teenagers playing a cracked Xbox?

Re:Many great lines here

[Ektanoor]

Excuse me people, but correct if I'm wrong. For several years I heard that "all are equal in front of the law" and, with exception of intelligence agencies, everyone else was bound to follow the law by the book. And, for years, I heard that in the US this was a sacred rule. So sacred that you made tons of serials and films about it...

Now, it seems that law enforcement has more rights to overcome the law?

Give 'em the Chair.

[FreeUser]

Give the russian extortionists the electric chair and reprimand the FBI Agents for violating Russian law and possibly violating American law. Allow the agents to pay their fines out of the confiscated funds, the balance of which are to be used to fund further anti-cracking/extortion campaigns ...

Seriously, I wonder if Russians realize that their government's unwillingness or inability to persue these sorts of criminals makes them look to the rest of the world like a haven of corruption and crime. As appearances go: Chechnya is to Russia as Russia to the rest of the world ...

Very interesting post! Please mod parent up!

[FreeUser]

On what concerns the arguments about local police doing nothing against criminal hackers then I can state this is pure BS. In fact in every major Russian city there is now a special department called 'Direction "R"' that fights computer crimes. Maybe the guys are not as effective as FBI "bright minds". But still is amazing to see how FBI treats their colleagues.

Just when I'm about to give up on slashdot as a source of never ending, mindless drivel I find a gem like this, buried beneath the countless posts posturing and belaboring the obvious. I for one had no idea that Russian law enforcement was this involved in tracking down computer criminals (as my other rather provocative post in this thread demonstrates). This is the sort of thing we here in the west hear nothing about, and it colors our perceptions of Russia inappropriately as a result.

More interesting is that Chelyabinsk is one of the later military centers in Russia. So I believe that if police is sleeping there (Direction R is a police force) than the ex-KGB is surely not sleeping.

Unless, of course, it is ex-KGB freelancers that are engaged in these activities, with friends and contacts within the existing law enforcement structure running cover for them. I have no idea if that is the case for these two individuals ... somehow I doubt it, as ex-KGB would never have been stupid enough to fall into the FBI's hands. I say this not to insult Russia but to point out a grim reality ... this sort of thing happens in the United States more than we like to admit, it is certainly plausible that it could happen in Russia as well.

So I can take only one conclusion from FBI's actions: bravado.

That is almost certainly the case. It is also a political game -- they can trot out successes like this one come budget time and probably get more funding as a result.

What's next? SEALs landing in some Mokrovka village to catch a small group of teenagers playing a cracked Xbox?

No, but if you are native American, speaking out against the government in Washington, watch out!

Re:What are the politics of this?

[elmegil]

persecuted under US law

Many of us are persecuted under US law, but only lawbreakers are Prosecuted under US law.

Re:What are the politics of this?

[elmegil]

So sorry, I forgot that all-important "alleged" before lawbreakers. Can't you let me flame people's spelling in peace?

Privacy invasion is okay now?

[MikeFM]

So how does someone being in a foreign country give our spooks the right to invade their privacy? So suppose some Russian spooks think I'm doing something that breaks their laws.. maybe not even our laws.. just theirs.. and so decide to hack into my machines and spy on me or destroy my files.. is that supposed to be okay?

I for one think our country should keep it's police in our country and think that other countries should do the same. If that other country doesn't give our country permission that is even more of a reason not to do it. It sounds like these FBI agents are nothing more than criminals.

Isn't the CIA supposed to handle international stuff? Or in this case possibly the NSA?

I am sure you all might feel different...

[andreass]

If it was your machine that Alexi cracked. Then tried to export us for $4,500 (?!?) then ran "rm -rf /" on our machine when we refused to give him money. This happened in December 1999, it was Alexi, we had his address, picture, but could not do a thing. He was even bragging to us that we could not bust him because he was in Russia and the Russian authorities would not act -- which was true.

I am personally glad he's in the slammer. And I'm sure all you bleeding hearts would be too if it was you that spent 72 hours without sleep trying to recover from his activities. My only complaint is that it took 3 years to do it.

Seriously though, what do we do about Internet users in countries with no low enforcement -- should we just cut Russia off from the Internet entirely? I think that would be worse than running sting operations like this one. If anyone has better ideas, post them! And "secure your machine" isn't the answer, no matter how secure the thing is, there will always be an exploit tomorrow that will root it.

Re:I am sure you all might feel different...

[andreass]

Oh sure, we'll just take our main mail server offline, I'm sure the customers won't mind.

Yes backing up the data was easy and quick. Building a machine that does mail, shell logins, back-end accounting, running the way it was running before takes a bit longer. Though 16 gigs does take a while. Needless to say, all these services are on different machines now, but we were small and on a budget in those days.

He stopped getting into UNIX machines after this incident, as he was not able to get back into to our rebuilt machine. At least NT must have been an easier target.

Re:being clueless

[ethereal]

Good point. The Russian government should really make an international incident out of this, since it is deception of their citizens with intent to take property held in Russia. There's no way the U.S. would allow another nation's government to do this to to a U.S. citizen. Unfortunately, Russian law enforcement is probably happy enough to be rid of these guys without having to go to the trouble of catching them that they won't do a thing.

And people complained about the U.S. being the world's policeman before? Just you wait....

Re:being clueless

[ethereal]

Hang on there - just because the Russian government isn't able to do something in their own country (and may not even want to, since they didn't invite the FBI to come in and arrest these guys) and the FBI does have the means and the opportunity to do so, doesn't give the FBI the right to do so. That's what being a sovereign nation means - you can maintain your territorial integrity even when it annoys other countries. If other countries violate your territory, you make an incident out of it as a matter of course.

In reality, if you don't defend your territory enough, you end up not being sovereign any more, because there's no world organization that enforces nations' rights against each other. But that's another story.

If they approached us for help on getting somebody in our country, and if it was all according to extradition treaties, we'd help them out.

If another country approached the U.S. for the extradition of a criminal, and the U.S. didn't recognize the crime (say, distributing soft-core pornography to Muslim countries, or sending Nazi memorabilia to France (the horror)) and so didn't hand the U.S. citizen over, and then a foreign power lured said citizen out of the country, entrapped them to get their password, and then used said password to steal information out of U.S. territory, you can bet the U.S. government would have a cow. If they didn't, then it would be open season on U.S. citizens the world over.

The Interesting Ending

[Jethro73]

Perhaps more interesting was how they lured them into this country with the promise of a job (and toilet paper, bread, etc.), and nabbed them when they got here... Brilliant!

Jethro

Re:The Interesting Ending

[Ralph+Wiggam]

I was thinking about that too. The FBI was investigating crimes against American companies and the cracked computers are on US soil. The CIA doesn't investigate crimes, just commits them. The military is not in the investigating business either. That leaves the FBI, probably with some involvment from the state department.

-B

Re:The Interesting Ending

[bugg]

But that's pretty different from luring in someone from another country; with the "free prize" sting operations, at least these are people who fall under police jursiction by their residency in the state in question (or residency in the United States if it's a federal operation)

What would have been less, well, wrong would have been to have the FBI work with Russian authorities to arrest them (perhaps by luring them to a job in Russia) and then continue the extradition procedures.

Re:The Interesting Ending

[BlueUnderwear]

Maybe what he meant was "US laws broken on US soil, but suspect fled to another country". Sure, if you smoke pot in New York, and then move to Amsterdam, they'd have grounds to arrest you/have you extradited.

Re:The Interesting Ending

[AntiBasic]

Nothing. Just like they did to that stupid kid in singapore with his fat whiny whore of a mother. He got caned and deserved it. He broke that countries laws and had to deal with it.

Re:The Interesting Ending

[Paradise_Pete]

Only Russian laws apply to Russians. American laws only apply to Americans...The reason that the FBI could nab them is that they came to the US.

Why? They were still Russians, and according to your premise, only Russian laws apply to Russians. Or maybe you meant to say something like "Only Russian laws apply to people in Russia. American laws only apply to people in America" But of course, that's not true either. For example, American citizens are liable for income tax even when living abroad. So what was your point?

Re:The Interesting Ending

[Forrestina]

as far as i know it should be the secret service or nsa. however, crimes of this nature that can be commited far from our soil are basicaly new, so i think there will be a bit of 'uh... who should do it?' for awhile.

-------

Re:The Interesting Ending

[susano_otter]

[I] think there will be a bit of 'uh... who should do it?' for awhile.

What's more likely is that each agency scrambled to put together a political argument in favor of getting authority over this new jurisdiction, and with it, more funding and recognition. The FBI may be with winner, with a fait accompli and attendant media circus.

Re:The Interesting Ending

[ichimunki]

What I find interesting is that this is the FBI doing this, which I've always thought was a domestic agency. Am I wrong when I suppose that international matters of this sort should be in the hands of the CIA or the military? Of course, I'm also willing to believe the whole thing was orchestrated by Microsoft to get their source code back.

Re:The Interesting Ending

[mother_superius]

Breaking into a US computer violates US law, even if you are doing it from Russia, genius Only Russian laws apply to Russians. American laws only apply to Americans (although they would like to think otherwise). International law also generally applies to Russia. The reason that the FBI could nab them is that they came to the US. Upon coming to the US, they could be prosecuted ,although I'm not sure if US laws can be applied to something that happened in Russia in a court trial). The judge's ruling will set a legal precedent for this.

Re:The Interesting Ending

[raju1kabir]

Furthermore, the CIA does not have investigative powers. They do not serve out serch warrants or the like. The CIA is under the Executive Branch of the government, whereas the FBI is under the legislative branch, and can serve search warrants and the like.

Sounds like you were sleeping in civics class.

Both the FBI and the CIA are under the Executive Branch (the FBI is part of the Department of Justice, a presidential cabinet department). The Executive Branch quite specifically is charged with execution of the law, including investigation of crimes. The legislative branch only makes laws.

Re:The Interesting Ending

[chris_mahan]

civics class? oh, that... hum, yes, of course, i stand corrected...

Re:The Interesting Ending

[chris_mahan]

The CIA investigates events outside the US. The FBI investigates events within the US.

For example, if a Russian diplomat is in Washington DC, the FBI investigates (tails) him.

The two agencies cooperate (they say), so that they do not overstep on each other's areas.

This is why the FBI went to the bombed US embassies in Africa a couple years back, since they're technically US sovereign soil.

Furthermore, the CIA does not have investigative powers. They do not serve out serch warrants or the like. The CIA is under the Executive Branch of the government, whereas the FBI is under the legislative branch, and can serve search warrants and the like.

As far as what they were doing with the hackers in Russia, I surmise only that since the hackers had commited crimes in the United States, it only makes sense that a US investigative body would investigate.

About the military, I don't think we want them investigating commercial crimes (you stole an apple, so we're sending the Marines).

New USMC slogan: "All your base are belong to U.S."

As far as Microsoft wanting their source code back, I am fairly certain that was not the case. They are already experts at introducing nearly unfixable bugs into their source code.

Re:The Interesting Ending

[Guppy06]

Would you rather the FBI try to argue that it can arrest people in Russia? The still have their nukes, ya know...

Re:The Interesting Ending

[Tech187]

A friend of mine who works in the Cable TV industry told me about a method they used awhile back to catch people illegally receiving Cable programming. They have the ability to program the Cable Boxes of legal subscribers. What they did was occasionally they would divert the legal boxes for a short while over to an alternate channel while playing a special 'Free Stuff!' promotion on the normal channel. Anybody who showed up for the Free Promotion by definition viewed it on a pirated Cable Box.

Re:The Interesting Ending

[Chris_in_Prague]

What would the US State Dept have to say if the tables were turned, i.e. Russian police arrest US citizen who broke into Russian computers and was lured to Russia?

You have just won a dinner in red Square with Natalia Sokolova!

Re:Indymedia raided by FBI

[sith]

They have come for your uncool niece?

Re:The US Constitution doesn't apply

[dr_strangelove]

The constitutional restrictions against unreasonable S&S don't apply to the rooskies.
They very definitely *do* apply to the FBI, manifestly an arm of the US Govt. and so subject to limits on what they can do.

Or, more simply, the constitution doesn't restrict people (see amend. 10), it restricts the US Govt.

That is, after all, it's purpose.

Many great lines here

[Lumpish+Scholar]

The Russians were part of "The Expert Group of Protection Against Hackers." (Are gangsters "The Expert Group of Protection Against Bricks Being Thrown Through Your Storefront Window Panes"?) No doubt about it, if these really are the guys the FBI says they are, they needed to be shut down.

Let's see: The theory is, "reverse hacking" is good, because it's done by law enforcement; but had a /.'er done the same thing, to shut down the same Black Hats, it would have been just plain old "hacking" (cracking), and would have been bad. Or that's the idea. Let me get back to you on this one....

Defendent "Gorshkov's attorney, Kenneth Kanev, said it was illegal for the FBI to obtain Gorshkov's username and password and use them to access potentially incriminating data from computers halfway around the world without a search warrant." Interesting point. Does this mean the FBI guys are in trouble? Does it mean the evidence is inadmissable? Are these questions independent?

U.S. Attorney "Schroeder says Gorshkov was using someone else's computer and had no reasonable expectation of privacy." If the Russians broke into third party computers, the FBI broke into them, too? (If the evidence is all from the FBI computer the Russians hacked into, and perhaps through, then it's a clean bust, IMHO.)

"They and associates who remain in Russia are believed to have made tens of thousands of probes and intrusions into computer systems, usually through a vulnerable version of Microsoft Windows NT." Is anyone suprised?-)

Re:Many great lines here

[Rogerborg]

• if these really are the guys the FBI says they are

Congratulations, this is the first post I've seen that even questions the possibility. Since when did coming up with a sweet social engineering hack allow a law enforcement agency to not only bypass due process, but to boast about how great it is that it kinda doesn't apply? And haven't we had enough of "trial by press release" by now? The presumption of innocence doesn't vanish just because the FBI sends out a press release which could be largely a work of fiction. Let's bear in mind that this is the agency that's boasting about how great it is at telling plausible lies!

Re:Many great lines here

[warmiak]

Well, yeah, we went to such lengths to get these freaks ...
I know , in Russia it would be dealt with quite differently: bullet in the back of the head, in the finest Russian tradition..

Re:The US Constitution doesn't apply

[MeanGene]

Nobody seems to understand it because you make no sense. Consitution (US or non-US) applies on the territory of the country, and applies to all people on it. Also, I presume, Invicta arrange for the proper work visas for these guys, so they came to the US very much lawfully.

Re:The US Constitution doesn't apply

[SpacePunk]

In my opinion they should have had the CIA put bullets into the heads of these individuals to avoid any 'international incidents'.

Not really a double standard. . .

[Salgak1]

. . .as they were gathering evidence outside the United States, of crimes committed in or on US entities or persons.

Obvious case in point: Manuel Noriega, still sitting in US Federal Prison...

Re:Not really a double standard. . .

[Tech187]

I have a copy of Noriega's book (it was cheap off the remainder table at WaldenBooks). Anybody, anywhere who is in prison has a 'I didn't do it' story ready to trot out. They've got a lot of time to come up with stuff like that in lockup.

The point of Noriega not being in a US entity: We kinda acted like we owned Panama back in the era when Noriega was doing his, er, tricks and stuff.

Reverse Hacking?

[Ralph+Wiggam]

What is reverse hacking? Ugly solutions to non-existent problems? White hat...black hat...grey hat...whatever illegal shit the FBI does in the name of law and order...it's just hacking.

-B

Re:Reverse Hacking?

[Janthkin]

Reverse Hacking is starting with a nice, elegant, and simple solution...and then turning it into Windows.

Re:Reverse hacking?

[vinnythenose]

Wouldn't reverse hacking be when you leave the system clean up after your hack and put all their security holes back in place? :)

Re:Reverse Hacking?

[Calle+Ballz]

The FBI didn't really hack anything. They conned the guy's passwords with a keystroke logger and then logged right in. No hacking involved. Probably illegal, but I figure that the laws about hacking apply to the FBI as well as anyone else... If the damage isn't over $5000, would the FBI have to investigate their own actions? But I guess the FBI knows as much about hacking as the geniuses with their name all over attrition.org who claim to "root" NT boxes.

Re:Reverse Hacking?

[The+Real+Andrew]

However, we're going to piss off a lot of countries if we continue to assert that the FBI can do whatever it wants outside of the US.

Yeah, everyone knows that the job of the CIA

Reverse hacking?

[Plasmic]

"FBI uses reverse hacking to catch Russians" -- CNN.com

Oh yeah, reverse hacking... that's kinda like when someone punches you in the stomach and then you use reverse punching to get back at 'em.

Let's take a look at an executive summary of the etymology of this term: it's cropped up in a couple of mailing lists and yet it seems to have no useful meaning. A mere 35 hits on Google for 'reverse hacking', but it seems to have a different meaning each time it was used, from "corporate cyber-vigilantism" to "hacking your own computer." Although, it's used exclusively on reputable mailing lists like 'The Hacker Bulletin Board' and 'Windows Security Advice'.

"Reverse hacking" was referenced as early as 1987 by 1 person in the phreaking community to describe "services putting a carrier tone in thier recordings to fool your friendly hacking program into thinking that the code was valid". If that doesn't prove that this term adds no value to the English language, I'm not sure what would.

Anyhow, it's amusing that I suspected that this term was only used by a moron at CNN, and after 5 minutes of investigation, I determined that it was only used by morons around the world.

Eye for an Eye?

[de+la+mettrie]

The FBI hacks hackers. Great, that's almost as intelligent as executing people as a punishment for killing someone.

...Oh wait, you Americans do that too.

Re:Eye for an Eye?

[de+la+mettrie]

Yeah, y'know, us heathen Europeans mostly don't think a punishment should fit the crime, it should help to better the criminal. I would feel strange telling my child "Look, we kill that guy to teach him killing is wrong".

Being military, though, I would make an exception for (professional, not drafted) military personnel convicted of treason, dereliction of duty etc. during wartime. If they enlist, they better know the rules.

And being a republican, too, I'm all for beheading kings, 'cause it's a great tradition and all... :-)

Re:Eye for an Eye?

[warmiak]

"they better know the rules"

Yep, if you kill there is a chance you will be killed.
Everyone knows the rules.

Re:Double Standard

[SEWilco]

"Comrade, can you help us break into Mr. Clinton's computer?"

You think the FBI will answer yes? And if the FBI answers no, the Russians are justified in trying to do it themselves?

Re:Double Standard

[SEWilco]

• A better double standard example is:
• Can Russian law enforcement break into the computer of a U.S. citizen?
• Can Russian law enforcement break into the computer of a third party which was being used without permission by a U.S. citizen?

Time To Create Russian Honeypots

[scotpurl]

Quick, someone get a honeypot up in the .ru domain. Then we can all see exactly how the FBI hacks.

Re:Time To Create Russian Honeypots

[slykens]

Quick, someone get a honeypot up in the .ru domain. Then we can all see exactly how the FBI hacks.

Better yet, VPN a subnet back to the US from Russia so that the system simply appears to be on a really bad connection in Russia, but in reality is an American system. FBI breaking into computers on American soil would be a great story, especially doing it without a search warrant simply because they THOUGHT it was somewhere else. That would be worth a few million dollars in constitutional rights violations and would learn them a lesson. The only way to know would be that extra delay, which could be attributed to a slow connection domesitcally in Russia.

Is there any sort of law that would make it an "international" system simply because traffic leaves the United States but returns to reach it?

Re:Time To Create Russian Honeypots

[sllort]

Here's how the FBI hacks:

1) They fly you to America
2) They pay you to log into your computer
3) They sniff the traffic
4) They log into your computer

It's a brilliant plan!!

Re:I can just see the next X-Files...

[skajohan]

I think the correct phrasing in this case should be "All your evidence are belong to US"

No privacy violation here

[Shotgun]

the use of the "sniffer" software violated his client's right to privacy

BWHAAHAAHA! Right to privacy! That's a good one guys!

"The cop just sat there and watched as I walked into the bank. You can't just sit there and watch criminal who are minding their own business. That's invading their privacy!"

Idiots. The courts have upheld that if a police officer believes there is sufficient probability to support that evidence may be destroyed, they may take steps to protect that evidence. Like they can stop drug dealers from flushing during a raid.

These jerks are BUSTED, plain an simple. Good going FBI with the human engineering!!

Re:No privacy violation here

[Rogerborg]

• These jerks are BUSTED, plain an simple

Woo! Yeah! And those FBI d00dz have such a 1337 press spin that it's not even worth following due process, or presuming innocence or nothin'. String 'em up! Boo ya!

dumb crackers

[segmond]

if those guys were smart, and were running OpenBSD with encrypted partition/swap space on their laptop, used their laptop and authenticated across with 3DES when trying to demonstrate their skills, we wouldn't be hearing about this.

Morons

[tiny69]

That's what they get for using the same login/password combo more thatn once!

Re:Indymedia raided by FBI

[gimpboy]

they have come for your uncool niece

use LaTeX? want an online reference manager that

Re:Indymedia raided by FBI

[gimpboy]

close your eyes, it cant happen here.

use LaTeX? want an online reference manager that

They did need a search warrent

[Dimwit]

About the "search warrent problem": People are saying that, because the FBI cracked the computers in Russia and downloaded the data, but didn't view it until they got a warrent, this sets a precedent to say that breaking into computers is legal, just not reading their contents. What this actually says is:

1) FBI doesn't need a warrent to break into computers in another country - we are not a hegemony, our Constitution doesn't apply to Russia.

2) They had the suspects in the US. They downloaded the data (copied it) into the US. Suddenly the data and its owners are in the US - now they need a search warrent to view it, as both are in the US.

Just my two cents.

Re:They did need a search warrent

[Dambiel]

>1) FBI doesn't need a warrent to break into computers in another country -
> we are not a hegemony, our Constitution doesn't apply to Russia.

um, i always thought hegemony was the 'how' in one groups domination of another, not the dominant, controlling group.

hmm, yep . notice that word 'influence' in there

Re:They did need a search warrent

[dachshund]

The question is: exactly how did they download the data without looking at it? Recursive FTP starting at the top-level directory? Or did they poke around 'til they saw things that looked interesting? One could argue that the poking around would be a violation.

This is all aside from the international angle-- I'm not sure how that plays out. I guess no matter how you look at the data, if you're viewing it from a computer in the US you're technically copying it into the country, even if it only lives in RAM for a few seconds. This sort of wild argument has often been used against "hackers" in order to convict them of theft.

Is that within their charter?

[werdna]

I thought international work was the jurisdiction of the CIA.

Re:Interesting

[west]

I doubt any evidence gained from a search with no warrent, regardless of the computer being in Russia or not, would NOT pass Constitutional muster. If it did, we need to extend the US constitution.

And just which court do you think you would go to to get such a search warrant? AFAIK, courts are only allowed to grant warrants where they have jurisdiction.

Certainly it has been proven in court that foreign nationals on foreign soil are not granted US protections. There are numerous examples of people being kidnapped (albeit usually by bounty hunters) to face US justice.

The natural result of forcing US protections on non-US citizens on foreign soil is that the US would have the right to prosecute foreign nationals who have violated American laws without harming American interests. This sort of extra-territoriality would not be thought of highly.

In this case, the FBI did the right thing. They obtained the files from Russia which had no protection (and to which they had no means of obtaining a warrant). When they files were available on US, they obtained the search warrant. I'm no great fan of the US justice system, but it seems they were following the rules. I'll be really suprised if the courts bounce this one.

Re:Double Standard

[jazman_777]

It is interesting to see the double-standard with which the U.S. Government operates.

Indeed. We typically have spy planes trolling up and down China's coast, and since we are The Light of the World [tm], we are entitled to do that, especially against Devil of the Day [tm]. Imagine China (aka "Devil of the Day[tm]") trolling spy planes up and down California's coast, and them selling missiles to Cuba. The Righteous Indignation! The horror! The shock!
--

Re:Amazing

[jazman_777]

The rules are always different for government workers in positions of power. In fact, lots of rules don't even apply to them. Like Bill Clinton, for example. He was the Commander in Chief of all of the armed services at the time that he lied about the Monica Lewinski scandal. I know the creed of the Air Force Academy is: "We will not lie, cheat, or steal, nor tolerate among us anyone who does." Uhhh, don't you think the 'high commander' would be subject to this rule? Apparently not, because he's got good lawyers and all the power. So don't think this will set a precedence in your favor of copying digital media. If anything, it will give the government more power to do whatever they want, and you less. Sorry man.

Hope all you rebels like northern North Dakota, or the hot wind-scoured plains of West Texas, because that's where the reeducation camps will be set up.

"He loved Big Brother". The chilling last line of _1984_.

--

Re:Double Standard

[jazman_777]

You're an imbecile. Ever hear of international waters?

Last I heard, the spy plane landed on a Chinese military base. Help me here, is that part of International Waters?

--

Re:Double Standard

[jazman_777]

I made a point:

They are not there (civil liberty) by any stretch of delusion, but they just may get there.

Thanks for supplying the examples for me.

--

Re:Double Standard

[jazman_777]

Plus, Taiwan and China have the same people, and Taiwan has less resources, but Taiwan is a prosperous and wealthy nation while China is still trying to keep peasants from starving to death while selling vegatables at government-controlled prices. The reason for this is quite simple: Taiwan is a free and open society, while China is not. China has meddled very little with Hong Kong's laws, because having an open economy creates wealth. Freedom brings prosperity to a nation. Those Russian hackers wanted to come here because they knew that being able to live in a freer and more open society would let them live better lives.

I don't recall mentioning Taiwan anywhere. Is Taiwan an independent country? Have the US recognized it as such?

What is interesting to me is the direction China and the US are taking. Deng Xiaoping said, "To get rich is glorious" which sounds like a paeon to the free market, which is the direction they are going--towards liberty. Even now, they are problably not much more economically regulated than the US are (no Americans with Disablities Acts, no EPA, FDA, etc, etc, etc). They are not there (civil liberty) by any stretch of delusion, but they just may get there. The US, OTOH, are moving toward a ponderous socialist worker's paradise...

Why are US Civil "Liberties" always accompanied by Government regulations, which always seem to remove Liberty?
--

Amazing

[Hard_Code]

"The agents downloaded the data, but did not view it until they obtained a search warrant from a U.S. federal court, he said."

Am I the only one completely amazed by this statement. Here, these agents plainly admit to *copying* data which may not be legal to have or view. Um, how is this different from copying some piece of music or literature you may or may not be allowed to use, without listening to or reading it? This seems like it could set (or shatter) a big precedent. Imagine that, *copying* digital data may not necessarily be equivalent to "stealing" it. Amazing.

Re:Amazing

[drafalski]

Way to sneak in your personal political agenda there...

Re:Amazing

[cavemanf16]

Ok, I admit that every party of government is guilty of such rotteness and corruption. I was just using Clinton as he was the most recent major example of such things. I wasn't trying to push a political agenda, so just SIMMA DOWN!

Re:Amazing

[cavemanf16]

The rules are always different for government workers in positions of power. In fact, lots of rules don't even apply to them. Like Bill Clinton, for example. He was the Commander in Chief of all of the armed services at the time that he lied about the Monica Lewinski scandal. I know the creed of the Air Force Academy is: "We will not lie, cheat, or steal, nor tolerate among us anyone who does." Uhhh, don't you think the 'high commander' would be subject to this rule? Apparently not, because he's got good lawyers and all the power.

So don't think this will set a precedence in your favor of copying digital media. If anything, it will give the government more power to do whatever they want, and you less. Sorry man.

Re:Amazing

[warmiak]

Yeah, calling Clinton liar (which he is) has nothing to do with political agenda.
Again, he LIED.

What are the politics of this?

[solios]

A situation similar to this could easily be considered an act of war- particularly if the hackers or script-kiddies were targeting .gov sites as opposed to corps [who, given the technology and $ at their disposal, are asking for it if they leave their systems open].

Technically, if the compromised hardware, software, company, what have you is physically *inside* united states boundaries, then the attacker could be persecuted under US law, yes? Conversly, if some 1337 d00d in Jersey hacked a Russian site and pissed them off, he should likewise be subject to the same considerations.

Yeah, it's the internet, no physical boundaries and all that. Root my server and the only thing seperating you from a fractured skull is the distance factor- something governments don't have to worry about. Crackers do this kind of shit because they know they're not going to get caught- a few serious, well-founded PROVEN criminal cases may serve as a deterrent, or at least get the issue out in the open.

Re:What are the politics of this?

[NixterAg]

A situation similar to this could easily be considered an act of war- particularly if the hackers or script-kiddies were targeting .gov sites as opposed to corps [who, given the technology and $ at their disposal, are asking for it if they leave their systems open].

Stealing is still stealing whether or not you lock your front door. Boy I hope you don't vote.

Re:Ah..

[grazzy]

please dont forget that the united stats of america is the nation of freedom.

ofcourse all us citizens should be allowed to do whatever they want.

hackers treating national security should be prosecuted though..

Re:Double Standard

[Tucan]

How about a Soviet <a href="http://www.ngb.dtic.mil/gallery/heritage_co<nobr>l<wbr></wbr></nobr> lection/amsky.htm"> Bear Bomber </a> flying down the coast of Florida instead? It used to happen all the time, when they could afford the fuel. Please, also, note the distinction between an EP-3 spy plane and a Tu-95 bomber.

Re:Hackers should have never been fooled

[Capt_Troy]

That's not what I got...

Whois Server Version 1.3

Domain names in the .com, .net, and .org domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Domain Name: INVITA.COM
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com
Name Server: NS.UNI2.NET
Name Server: NS2.UNI2.NET
Updated Date: 09-feb-2001

>>> Last update of whois database: Mon, 23 Apr 2001 07:35:40 EDT

The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and
Registrars.

Re:Crackerjack!

[CormacJ]

Crackerjack was a UK kids TV pantomime/game show.

It was introduced whit: "It's friday, it`s 5 to 5, it's CRACKERJACK !"

The prizes were pretty crap - you could win a cabbage, or a crackerjack pencil. Later I guess they must have gotten a budget and you could win a crackerjack pen.

One of the things the show had, was that anytime any of the hosts said the word "crackerjack" the audience would yell out "crackerjack" really loudly.

It was a very strange show.

Heres a short clip

Packet Sniffing

[tuiedm]

The Russians should have been using SSH for there remote communications.. At least that way it would have taken the FBI longer to figure out what they were actually doing and how they were doing it.

On a side note, the issue about the NT exploit. If it is a big firm that is running NT as an actual webserver, they deserved to be slapped. The major problem with NT and it's updates is that for most of them you have to reboot for the changes to take place. That just doesn't go well when you trying to provide a 24/7 service. I meen have you ever seen how long it takes a server with 5+ UWSCSI Drives and 1 1/2 gigs of ram to boot? Almost like 10 minutes, and most of that is just waiting for the SCSI controller to find all the bloody drives. Anyways, enough bableing.. I'm ranted for the day..

Ed.

Re:Packet Sniffing

[agentZ]

The Russians should have been using SSH for there remote communications.. At least that way it would have taken the FBI longer to figure out what they were actually doing and how they were doing it.

Maybe. But even SSH is vulnerable to a keyboard monitor. Since they were using the FBI's computer, they could have easily installed one. Looks like this:

ssh -l foo -p 31337 host.bar.com^MallYourb4se4reBELongtoUS!^M

and there you have it.

Entrapment (was Re: ...ramifications)

[Iorek]

Did they consider any of the ramifications? Entrapment was the first word that popped into my head. Am I missing something? What's the loophole?

-Iorek

Re: Entrapment (was Re: ...ramifications)

[Iorek]

...were arrested after the FBI established a bogus Internet security firm called "Invita," let the men hack into it...

Invita's sole purpose is to entice them to commit a crime. Are you saying the loophole is that Invita could be a legitimate company?

-Iorek

Re: Entrapment (was Re: ...ramifications)

[Iorek]

Gotcha. Scary stuff, no matter what side of the law you're on.

-Iorek

Re: Entrapment (was Re: ...ramifications)

[bmongar]

Wrong, Invita's sole purpose was to gather evidence on their previous crimes. They aren't charged with breaking into invita. If the fbi said there is this company invita and we want you to break into them for us. Then charged them with breaking into invita that would be entrapment.

Re:Entrapment (was Re: ...ramifications)

[bmongar]

It may be illegally gathered evidence, but it is nowhere near entrapment. Entrapment is enticing someone to do something they may not have done without your influence.

Re:Entrapment (was Re: ...ramifications)

[bmongar]

I should be more clear enticing someone to commit a crime they may not have done without your influence.

Re: Entrapment (was Re: ...ramifications)

[rachelle2121]

Entrapment and gathering information are completely different. Entrapment: An undercover cop propostioning a suspected drug dealer for to buy drugs. When he does, they arrest and charge with that crime. Gathering Information: A killer was caught by DNA evidence when a cop picked up a paper cup the killer had used and obtained matching DNA. The Russians were not entrapped. They were simply lured to the US and information was gathered. The right to privacy is another matter all together. However, the above example is true and held up in court.

Re:Great line

[po_boy]

That's the dissenting opinion that McVeigh quoted at his sentencing hearing. Pretty harshly written for a Supreme Court Justice.

Re:Very Bad Joke

[po_boy]

I thought it was the 3Ff B33 3y3!@#$

Re:The US Constitution doesn't apply

[Gertz]

The US Constitution does apply, the fed's proved it when 'The agents downloaded the data, but did not view it until they obtained a search warrant from a U.S. federal court, he said.' It's due process that applies to all accused persons that are being tried in the US.

The fact that the agents waited until AFTER they downloaded the evidence will probally mean that is it thown out of court, but this is another issue...

Gold Old NT

[selectspec]

Once again, someone proves that NT's only security is that it is likely to crash while your cracking it.

The Russians had a sense of humor...

[szcx]

From the MSNBC article;

"The Russian hackers drew the ire of the FBI when hundreds of emails were sent to agents. Translated, all of the messages read 'All Your Base Are Belong To Us'."

Those wacky Russians.

Re:The Russians had a sense of humor...

[szcx]

Is "Reading" GPL'd? Because grep is.

Re:The Russians had a sense of humor...

[graniteMonkey]

Back in my day, when we wanted to demonstrate our overwhelming 1337ness and ability to use advanced utilities like "grep", we often performed an operation known as "reading" an article like this. "reading" is incidentally a by-product of processing this article for many organic life-forms.

Hope they had a warrant

[$nyper]

If they did not have a warrant to search and seize the data. The evidence will still be thrown out of court and they FBI will have no joy.

One thing...

[D'Arque+Bishop]

I know a lot of people here are going on about how the US shouldn't be doing what we did, "hacking" into foreign computers, and the like, and tricking their nationals to come here and be arrested, but that does bring up a question I had... namely, should we really be feeling sorry for these morons? I mean... based on a prospective job offer, they came to a country against whose citizens they knew they had flagrantly committed crimes such as extortion and theft, and had identified themselves to their victims. Did they really think they wouldn't be identified at some point, especially when getting a work permit?

I dunno... the idiocy of some people amazes me sometimes.

How much clearer can it get?

[dave-fu]

FBI: HELLO. I AM FROM A NOTABLE AMERICAN SECURITY COMPANY. I WOULD LIKE YOU TO WORK FOR US. HERE IS AN OS INSTALLATION WITH SOME GLORIOUSLY GAPING HOLES. ARE YOU BADD ENOUGH TO COMPROMISE IT? BECAUSE OTHERWISE IT'S BACK TO KASHA AND VODKA, VADIM.
h4x0r: Done!
FBI: HA HA. SUCKER. YOU'RE BUSTED.

This isn't witty, this isn't elegant, this is pretty much textbook entrapment. Not that I'm saying they're innocent, but jesus christ. Supplying the means (the computer) and motive (a job on the line) and it's not entrapment?

Re:How much clearer can it get?

[Requiem+Aristos]

It's not, because they were not arrested for breaking into the Invita computer. They were arrested for crimes committed previously; Invita was only to help the FBI get into their computers.

Re:How much clearer can it get?

[bmongar]

No it isn't entrapment because, they aren't charging them with any crime committed in the bogus company. They used the company to gather information on the crimes they had previously committed.

How is this relevant?

[dave-fu]

Playing Devil's Advocate...
I'm a white-hat sysadmin. I know the tools, I know the holes, I keep my risk as low as possible and my ear to the underground so I know what's happening.
Tiger Team Extraordinaire, Inc. approaches me with a job offer, pending me proving my ability to penetrate a border system they've set up. Giddy as a schoolgirl, I bust on through their ineptly-armored system and leave a little love note in the root, then get out.
Two days later, the FBI comes knocking on my door and drags me in, charging me with defacing some random webserver I've never heard of.
Mostly, I'm questioning the paucity of this bust and am hard-pressed to explain away how they managed to prove anything with it.

for the FBI

[holzp]

"He who fights with monsters might take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you." - Nietzsche

There is a reason illegal means to capture criminals is considered so dangerous in the USA.

being clueless

[graniteMonkey]

You're confusing issues here. You might want to read the article again and note that the information was only searched once it was on US soil and only after a search warrant was obtained. In that sense it was perfectly legal. Now whether or not they had the right to bug the computer is a totally separate issue, where there might be room for discussion.

Re:being clueless

[graniteMonkey]

You're coloring these crackers as "innocent bystanders" with your analogy.

First of all, the correct analogy starts with someone fooling you into *giving* him your stereo.

Second of all, after giving him your stereo, you find out that the person you gave your stereo to is a law enforcement official. He then looks at the serial number on said equipment and hauls you in because he discovers that *you* stole it.

Re:being clueless

[bonoboy]

They didn't *read* the files until they were in the US. But they hacked machines that were in Russia to get that data. Are you saying my stereo isn't stolen until you get it back to your house, simply because you didn't use it?

Re:being clueless

[dfenstrate]

why should they make an international incident out of it? If they approached us for help on getting somebody in our country, and if it was all according to extradition treaties, we'd help them out. The FBI has the resources and wherewithall to do so. Their counterpart in russia apparently does not, and hence no right to bitch when we take care or it ourselves.

Re:being clueless

[Rogerborg]

• If another country approached the U.S. for the extradition of a criminal

Say, for example, Russia asking the USA to extradite an FBI agent for hacking machines in Russia owned by a couple of (innocent until proven guilty) Russians.

Please, oh please.

Re:being clueless

[tjohoo]

No, the correct analogy starts with someone fooling you into giving the keys to your house, (the article states that the FBI got passwords and accounts from sniffing the computer the hackers used in the US).

Then this law enforcement official you gave the keys to walks into your house (which is in Russia), without your permission, gets the stereo, brings is to the US, looks at the serial number (after getting a warrant to do so) and hauls you in because he discovers that you stole it.

I can just see the next X-Files...

[Greyfox]

Mulder: 1 4M 1337 H4X0R B140+CH!
Scully: 411 UR B453 4R3 B310NG 2 U5!

At which point hopefully the smoking man comes in and shoots them both in the back of the head.

Re:I can just see the next X-Files...

[UVABlows]

Correction:

Dogget: 1 4M 1337 H4X0R B140+CH!
Scully: 411 UR B453 4R3 B310NG 2 U5!

Re:I can just see the next X-Files...

[guinsu]

Shouldn't it be "all your base and lustful urge must be controlled" or even better "all your base and lustful urge must are be controlled"

Re:I can just see the next X-Files...

[benevolent_spork]

You must be patient, my evil brother. All will be revealed in the fullness of time. The plans of some will reach fruition, while the fruits for others will be perdition.

Very Bad Joke

[Stephen+VanDahm]

So now they're known as the FB1?


========
Stephen C. VanDahm

Re:Double Standard

[Vinson+Massif]

If a US agency finds your extraterritorial company's activities 'interesting', they have no qualms about cracking it. Nice.

I think I'll go check my f/w logs...

Great line

[RollingThunder]

I just LOVE this line...

He also maintains that no search warrant was needed because the FBI lacks jurisdiction in Russia.

Pardon me for being clueless... but if you don't have jurisdiction there... then you have NO legal right to do that, meaning you BROKE THE LAW. Just because it's another country doesn't whitewash it!

Re:Great line

[RedHat+Rocky]

Ah, but since the Russians declined to do anything about the crackers on their own soil, Ye Olde Big Red really don't have room to bitch, now do they?

Re:Great line

[SmokeSerpent]

I know, I'm waiting for the story where Russian authorities trick the FBI agents into cracking fake "hacker" computers so that they can get info to hack the FBIs computers, gathering proof to indict the FBI agents.

And then the FBI will trick Russian authorities into hacking "FBI" computers...

Re:Great line

[aozilla]

Pardon me for being clueless... but if you don't have jurisdiction there... then you have NO legal right to do that, meaning you BROKE THE LAW. Just because it's another country doesn't whitewash it!

Maybe, maybe not. If the U.S. and Russia already had an agreement to take that property, but the Russians were refusing to give it up, the U.S. had four options: go to an international committee (isn't going to accomplish anything), start a war over it, go in and take the information anyway, or let the Russians bully them around. If the Russians were under agreement to share the information, the U.S. made the best choice. If not, the U.S. better watch it's ass, because one of these days the rest of the world is going to get pissed off enough get together and teach us a lesson. China and Japan are already pissed off enough, and we never had very good relations with Russia. The Euro strongly ties the European Union together, but at least for now, they're pretty much on our side.

Re:Great line

[Some+Dumbass...]

Yeah, but strangely enough, the U.S. government isn't going to help Russia prosecute those crackers... (irony alert!)

Re:Great line

[Tuonenkielo]

Ah, but international treaties don't matter. Any treaty that would 'threaten the sovereignity of US of A' would be of course void and null by the presidential view of the US Constitution. And just think how threatening it would be for US Sovereignity that their law enforcement agencies couldn't treat other countries laws as toilet paper? All Hail US Sovereignity, even if you are anotehr sovereign nation...

Re:Great line

[tjohoo]

So what you are saying is that it is perfectly legal for people in the US to hack computers in other countries?
I am by no means an expert on US law, but i find this a tad hard to believe.

So the correct action for Russians would be...

[magi]

The Russians should grant the involved FBI agents a national medal of honour. They should also give them official permit to do their work in Russia, and promise them full assistance in gathering all possible evidence against the arrested criminals.

But of course, when the FBI agents would arrive in Russia, they should be arrested and charged for illegal computer cracking.

Really, on what international legal grounds does U.S. police force commit crimes in another nation? On what moral grounds can they convict the suspected russians for cracking U.S. computers, if they themselves commit equvalent crime in Russia, and expect to get away with it?

I don't respect the Russia's international behaviour much, and they probably have more than enough internal problems, but they really should react to this kind of things. If the FBI agents are not procecuted in U.S. for their tactics, and the actions are not at least apologized, it means that U.S. government officially supports FBI committing crimes in Russia.

It's 100% different thing to work in ''co-operation'' with local police by asking a permission. Without permission, it is simply an international offence. U.S. seems to have given up the last bit of their respect for other nations sovereignity and moral rights. Well, nothing really new in that.

Re:Two key points

[Paradise_Pete]

Very, very interesting precedent...

Well it isn't a precedent just yet. The court hasn't ruled, it's just this assistant US Attorney Schroeder guy who says it's ok.

Re:Double Standard

[TheCarp]

Whats interesting here...

Ok... You could argue that what happened (the cracking) was on russian machines owned by a russion, and the FBI has no jurisdiction there, so no warrent.

They may have thus broken Russian law, but until they go to russia (or russia petitions for extradition (assuming there is a treaty allowing it)) there is no problem.

SO.,.. what the FBI is saying is, what happens on a server in another country, happens in that country according to that countries law :)

I would be happy to see that argument set a precident in court. Pleased as punch I would be.

So what _I_ as a US citizen put up on a web page hosted in another countru, should be governed by THAT countries law...not US law. I am down with that.

-Steve

Re:Cracking? What cracking?

[TheCarp]

That wasn't in the article.

Still though, collecting passwords is one thing, sure. However, USING a password that you have collected to gain unauthorized access to a box is still unauthorized access.... fundamentally no different than exploiting a software bug to get in.

Its still a form of cracking

-Steve

Paypal culprits

[nharmon]

The suspects also allegedly set up a fictitious site that mimicked the Web site of PayPal in an attempt to gain access to users' accounts, Schroeder said.

I for one am glad to see the FBI going after real criminals for a change.

Reversed

[nharmon]

So what happens when this is reversed?

Say, for example, John Doe sells some Nazi merchandise on a website which French users can view. Then John travels to France, where he's arrested for a crime which isn't a crime in the country he "commited" it.

Opens the door to a lot of international mistrust.

Serious questions of Jurisdiction.

[catseye_95051]

If these computers were over-seas then the FBi probably over-stepped their authority ina bad way.

The FBI is absolutely forbidden from engaging in foreign survailance. This is the role of the CIA.

I suspect this is just the beginning of how the net is going to break down all our preconceptions of geography and force major changes in the structure of our scoiety,

Re:This quote says it all...

[BradleyUffner]

The biggest problem with NT isn't necessarily the security holes. It's the idiocy of the admins.

Is that really a problem of NT? All OS's have some stupid people running them. Let me pull some number out of by butt for a moment for the sake of argument. Say 10% of the people administering a network are idiots, no matter what the OS. It may seem like there are more bad NT admins, but that's just because there are more NT networks. It isn't a flaw with the OS, it's just human nature.
=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\= \=\=\=\=\

Re:Crackerjack!

[jgerman]

So, please enlighten the rest of us. I for one am interested.

Re:Crackerjack!

[jgerman]

Wow, if I had mod points I'd mod you up for that response... not only a description... but clips too.

Breaking the law to enforce the law

[Muttonhead]

First, what the Russian did was wrong. But before corporations and the FBI were on the net, if a problem like this had occurred in the past it would have been seen as a technical problem. People stealing stuff from servers? Where's the technical problem allowing it? After an assessment of the problem, the solution would have been a technical one: fixing the security holes.

But it seems to me that what the FBI did is a dangerous precedent, using "enforcement" to solve these problems because:

1. There are jurisdictional problems here. How can they reach across borders and that be legal?
2. The FBI has a very troubled past, from it's Hoover days to the burning of Waco. The nations's top law enforcers should never break the law as part of enforcing the law, and yet that is what we see over and over. If you break the law to enforce it you create lawlessness, which is a pointless way of life.
3. As mentioned above, these are technical problems and should be solved with technical solutions. Using law enforcement is the lowest form of problem solving on the planet. Leave doors open and some people will walk right through them. So close the doors! Isn't it clear that this is the intelligent way to solve this problem?
4. When all is said and done, how many times can you "trick" people across their borders into America? Where's the long term solution? Folks, it ain't with the FBI.

There is no "enforcement" solution. You can enforce all day long and it still won't solve theproblem. We need to get back to the original methods of solving these technical problems. However, one thing the FBI could do, for example, is demand (encourage) Microsoft turn off java and javascript in their shipping products by default. Why don't they encourage greater security from all software producers? These would be positive attempts at solving the problem. The customer is protected by proper architecture.

Perhaps the FBI isn't in the business of "encouragement," but I just don't see how law enforcement in the physical world translates to the digital, especially when computer security, especially with Microsoft, is low and our government has bent over backwards to discourage strong encryption.

Re:Indymedia raided by FBI

[portege00]

No wonder the agents in The Matrix were able to track down Neo so damn fast! I always wondered about that myself.

Re:did you make that up or did they change it alre

[heikkile]

Invita Koekkener is an old player on the Danish market for kichen furniture. The addresses and names mentioned above seem legitimate enough for a Danish company. www.invita.com seems to talk about their stuff.

Re:Crack onto others...

[marx]

So the message I get is that kidnapping people and demanding ransom money for their freedom is BAD BAD BAD when a couple evil criminals do it to innocent people, but it's okay for the government to put the kidnappers in jail.

There is one major difference here though, and that is that the US government hacked the computers IN RUSSIA. They were clearly not authorized to access them, even after they'd stolen their passwords. You don't need to make analogies to see this point, just switch the parties. The police in country X hacks an individuals computer in the US, and gains information which shows the individual is a criminal. They then prosecute the individual in country X.

The thing is, these individuals are no different than an ordinary Russian citizen. The FBI clearly has no right to hack an ordinary Russian citizen's computer. It doesn't matter what the FBI thinks. What they implicitly did here was issue a search warrant in Russia, without getting any kind of confirmation from the Russian police. If that is ok, then any law enforcement agency in the world could hack any private computer in the US, but I'm sure you would not accept that. How would that be different?

wow

[Lord+Omlette]

"He also maintains that no search warrant was needed because the FBI lacks jurisdiction in Russia."

So just remove the FBI's jurisdiction in the US and suddenly they no longer need warrants? Huh?

Peace,
Amit
ICQ 77863057

Re:This quote says it all...

[Yue]

that's just because there are more NT networks

He, he, you need several times the number of admins per computer for a NT network than for an Unix one, so they should be cheap and their strong point should be the patience to wait during many and often computer reboots.

My personal favorite

[NumberSyx]

He also maintains that no search warrant was needed because the FBI lacks jurisdiction in Russia.

By this logic, all the government has to do is setup a law enforcment agency which has no jursidiction in the US and they can gather evidence on its own citizens without regard to the constitution.

Jesus died for sombodies sins, but not mine.

Re:My personal favorite

[leviramsey]

There's nothing stopping MI5/MI6, DGSE, the Russians, the Chinese, et al. from violating your rights. As a matter of fact, Echelon essentially does just that: the US spies on the British citizens for the Brits; British spy on US citizens for the 'mericans.

Re:My personal favorite

[Rick+the+Red]

By this logic, all the government has to do is setup a law enforcment agency which has no jursidiction in the US and they can gather evidence on its own citizens without regard to the constitution.

They already have. It's called the CIA. And it already does. It's called Echelon.

Also, US Customs is, by Supreme Court ruling, allowed to violate the Constitution all the time, because until you clear Customs you are not legally in the U.S.A. and thus not legally protected by its laws and Constitution. Pretty cool, eh? Think about that next time you go to Quebec to protest tyranny.

Re:My personal favorite

[rahvin112]

"By this logic, all the government has to do is setup a law enforcment agency which has no jursidiction in the US and they can gather evidence on its own citizens without regard to the constitution." As already stated this was the goal of Echelon. Give the UK and land of OZ access to our intelligence information in exchange for spying on US citzens at the behest of our intelligence agencies. Perfectly constitutional and morally reprehensible.

Local Police searches neighboring town...

[James+T+Ensor]

I like this bit: "He also maintains that no search warrant was needed because the FBI lacks jurisdiction in Russia. " Apparently the FBI believes their lack of jurisdiction in Russia allows them to ignore rules they are normally subject to. Does this mean the police dept in the neighboring town is allowed to break into my house and search around because they lack jurisdiction?

---

"What is that sound its making?"

Devil's Advocate

[Wintermancer]

Interesting. The FBI breaks into a remote computer and uses the evidence found on them to arrest them.

Nice trick, guys!

Now, all the defence attorneys need to do is say: "Our clients are the victims here. Their computers were compromised/trojaned without their knowledge. Look, the FBI showed how easy it is to do. What prevented criminals from having done it as well? NOTHING!"

Really, now. In this day and age of one-click trojans (ie: SubSeven), it is far too easy to compromise computers and use them as staging areas for further criminal activity. To make a criminal case watertight, you need:

1) Wiretaps
2) Wiretaps
3) Wiretaps
4) Seizing the hardware invovled doesn't hurt, either.

Remember, the FBI has to prove they are guilty. Kinda hard to do without physical evidence or electronic evidence, don't you think? Reasonable doubt, y'know.

Food for thought....

Re:Two key points

[Ray+Yang]

You only violate US law if you break into a computer within the United States. Violating foreign law is okay, as long as you're reasonably safe from extradition.

Even better is that the protections for `civil liberties' only apply within the United States (or with respect to American citizens and permanent residents).

Morale of the story: the FBI gets away with it.

Side note about the crackers

[vor]

The article says the crackers used an exploit in NT where the patch was availible for TWO YEARS on Microsoft's web site. If you run an e-commerce company and don't use readily availible patches, you DESERVE to get cracked by one of these retards.

The people that run the site should also be ARRESTED for putting their customers personal information in jeopardy. Incompetence is no excuse. What are the admins getting paid to do? Most cracks come from the sheer laziness and cluelessness on the part of the network admins.

Crackers don't use brand-new, not yet on bug-traq exploits, they are a bunch of kids using cracks ages old where the patches to fix it are readily availible. Keep your system up to date, or don't bother putting it on the internet, cause you will and do deserve to get cracked.

Yes, admins should be held legally responsible.

[vor]

Never did I say that the actual crackers who broke in should not be prosecuted. I said the people responsible for the negligence in allowing the security breach should be held responsible.

If I buy CD's from CDNow, I am entrusting them with my personal information. They are the trusted keepers of my credit card number. If, by negligence, someone is able to steal my credit card number, they should be held legally responsible. Of course if a hacker breaks in using a previously unknown bug they cannot be held responsible. However, in cases like this, where a fix was availible for two years, they company SHOULD be held responsible if my personal information is compromised.

To liken to your child care analogy, lets look at a day care center. If the day care center states all workers undergo an extensive background check (much like an e-commerce site guarantees your personal information security), and a convicted child molester ends up working there, they should be held responsible if he molests children at the day care center. The center is TRUSTED with the SAFE care of your child, much like an e-commerce company is TRUSTED with the SAFETY of your credit card number.

If an e-commerce company has admins who spend their time playing mindsweeper and cybering on ICQ while totally ignoring their networks security, they are negligent and should be held responsible for blantant security breaches. There are thousands of "network admins" who don't know their ass from their elbow in network security, who got their MCSE from the back of a newspaper, working at these companies. And it's scary that we entrust our personal information to incompetant people. That's why companies should be held accountable for security breaches.

FBI Entrapment

[kashko]

Imagine what the USA would do if the situation had been reversed.

This is effectively no different from kidnapping the crackers and should be grounds for throwing out the case.

Anyone notice --

[sparkane]

that these Russian hackers are apparently the ones behind the /. story here which was posted in March. That was apparently the first time public knowledge of these attacks had been leaked to the public.

Now note that these two guys were arrested in November, per the MSNBC article.

Whoa.. these hackers were neutralized half a year before there was even public knowledge of their hacks. Kind of weird when you remember that Ars Technica got all hot and bothered about their scoop "The Great Hack Attack", that these sorts of attacks had only been a matter of time; and now we know that when Ars was standing up on the box, the attacks had been stopped.

Someone should submit this to Cryptome.

Re:This quote says it all...

[Kingfox]

They'll only have to pay $50 + court costs, $75... but if you get a lawyer to do a class action suit, then you can actually hit them up for the whole $2.7 million with ONE court case.

As evil as class action suits are in the eyes of many, they're great for just that sort of thing. $75 is a thorn in the side, but a class action suit is a huge lamb-feces encrusted iron spike.

Re:Double Standard

[mheckaman]

Actually, I believe that entrapment only involves getting someone to "commit a crime they would not have commited otherwise", the law enforcement agency need not commit a crime itself.

So Russians in Russia have to comply with US laws?

[DABANSHEE]

I wonder haow the US would react if the Russians tricked some American's to fly to Russia, then prosecuted then for breaking Russian laws, while they were residing in the US. This is as bad as the US putting warrents out on Burmese, Mexican & Columbian drug lords who have never been to the US, so have never been under US juristiction. Whatever happened to the concept of national juristictions.

Re:Double Standard

[_xeno_]

And this would be different from normal FBI policy how? Seems to me that the FBI always wants to be the ones with the power to do nasty things while preventing civilians from these rights - for example, Carnivore.

I'm pretty sure that civilians sniffing e-mail would be considered cyber-terrorism, but the gov't doing it isn't, since they have our best interests in mind, of course (sarcasm). This isn't the first time that law enforcement is doing dubiously ethical things in the name of protecting the people that they would prosecute private civilians for - just try wire tapping or bugging private property. You'll wind up in jail why the FBI is simply "doing their job."

In another way, though, this isn't necessarily a bad thing - if I knew I could trust every FBI member to use the authority in a way to ensure justice, I wouldn't mind knowing that law enforcement could randomly check up on various suspects. There are many powers the government has which they in theory have because they won't abuse them - why else do we allow the government to have a military in peace time? As long as this trust is never abused, these extra powers are generally a good thing - but I get the feeling that trust in the government is getting heavily abused these days. I guess I'm just cynical.

Re:Double Standard

[_xeno_]

I can only think of one way that doing that becomes legal under US law - the FBI was attacking a non-US citizen. Since the Russian was not a US citizen, he has no US rights under US law.

That explanation nicely ignores the fact that this happened in Russia and would therefore fall under Russian law. Which means that if Russian law allows the FBI to snoop on crackers, the FBI is in the clear, I guess... except I thought that US law said the FBI only had athority inside the US...

I kind of hope this becomes an incident simply because I can't think of any way that this is legal.

FBI's jurisdiction arguement

[maastrictian]

Quoted from the cnn article:
"Schroeder [FBI] says Gorshkov [crook] was using someone else's computer and had no reasonable expectation of privacy. He also maintains that no search warrant was needed because the FBI lacks jurisdiction in Russia."

Does this arguement make sence to anyone else?

Re:FBI's jurisdiction arguement

[ScuzzMonkey]

Which argument? The first sentence is pretty well established case law; if it weren't, you wouldn't be able to keep logs and no one would ever get busted for cracking. The second, I dunno. Jurisdiction regarding information is not, in my mind, the same as jurisdiction regarding physical apprehension. I mean, they can collect information about the movement of suspects outside the US without any by-your-leave from anyone, or read a foreign newspaper, or whatever. I think jurisdiction is probably the wrong word. Russian law may have been violated, but OTOH, it doesn't seem like the Russian authorities were too keen on following up on the original case against the crackers, so I doubt they're too concerned about the FBI doing it. Personally, I don't have an issue with it--there are places in the world which are pretty much beyond the pale of ordinary international cooperation for law enforcement. Just because there are not any agreements for enforcement in those areas does not mean that criminals operating there should just get a bye. If local law can't constrain them, why should it constrain the Feds?

Re:FBI's jurisdiction arguement

[ScuzzMonkey]

It seems that way because that's what the FBI have said, and it fits our prejudices.

Well, maybe that's why it seems that way to you but it seems that way to me because I've tried to get Russian authorities to move on extortion threats received from Russian nationals, and not gotten very far. I don't have any trouble believing that the victims in these cases didn't have any better luck. Do you have any evidence to the contrary, or were you just talking out of your ass because you don't like the FBI?

Re:FBI's jurisdiction arguement

[ScuzzMonkey]

It wasn't a statement, it was a question. As for Russian authorities, personal experience. But the question stands. Having trouble answering?

Re:FBI's jurisdiction arguement

[Rogerborg]

• Russian law may have been violated, but OTOH, it doesn't seem like the Russian authorities were too keen on following up on the original case against the crackers

It seems that way because that's what the FBI have said, and it fits our prejudices. This is the same FBI that are also boasting that they're great liars, remember? The same FBI that are releasing all their evidence to the media, threatening their chance of securing a fair trail.

This is a publicity stunt to increase their prestige, funding and jurisdiction. We don't have any investigative journalists left to find the other side of the story, but it's always best to consider the source and the motivation.

Re:FBI's jurisdiction arguement

[Rogerborg]

• Do you have any evidence to the contrary, or were you just talking out of your ass because you don't like the FBI?

  I have as much evidence as you've provided to support your statement. Fire away.

should have used S/Key

[peccary]

Or another one-time password scheme. Other posters have suggested SSH, which misses the point.

Move along ...

[ReidMaynard]

... nothing to see here ... just another bad troll.

A Stiff Sentence ...

[ReidMaynard]

5 yrs of AOL only internet, on a 486/25 runing Windows 3.0 ... with a flickering monitor.

Crackerjack!

[shippo]

On reading this article I immediately shouted out Crackerjack. Did anyone else?

Pity it wasn't posted at 4:55pm on a Friday.

Note: This will have no relevance to those outside the UK, and even some younger UK readers will have no idea what I'm talking about.

more like bull crap

[dilvish_the_damned]

hacked by Krad and Frontpage.

Cracker-Jack Job??

[FortKnox]

We here at the Society for the Conservation and Reinstitution of the Wholesome Snack Cracker-Jack (c) (SCRWSCJ) are appalled that you have used the Cracker-Jack (c) name without its wholesome carmel, nut and corn goodness.
SCRWSCJ insists that all future references to the wholesome Cracker-Jacks (c) are used with utmost respect, referred to with its greatest goodness.
We at SCRWSCJ anticipate that all future references to Cracker-Jack (c) will be used correctly, and to our standards. May the long life of Cracker-Jack (c) and the SCRWSCJ live on long into our children's lives. Remember kids, its carmel-popcorn-nut-crunchy-wholesome-goodness!

Thank you.

Re:Indymedia raided by FBI

[electricmonk]

no, jackass, the CORRECT line for this version of "California, Uber Alles" is this:

Come quietly to the camp

Re:Indymedia raided by FBI

[broody]

Thanks for the news. I missed that one.

Re:Double Standard

[firewort]

Actually, that doesn't work well either- Non-US citizens have US rights. The rights claimed by the Bill of Rights aren't just for Americans, only originally asserted by them. Illegal Aliens get due process.

The way I understand it, since it's a US Law Enforcement agency, they're bound to uphold and respect US rights and procedure, whether their targets are US citizens or not.

A host is a host from coast to coast, but no one uses a host that's close

What?

[Mr+44]

So your POS SCSI controlled takes 10 minutes to enumerate drives, and you are blaming NT? Explain that one to me....

Not really an act of war

[Ratteau]

Even if they were cracking .gov sites, their actions would not consititute an act of war, unless, of course, their actions were sanctioned by a recognized world government. I think the question of politics here has to come in on what will be the Russian reaction to this tactic? Will they demand the return of the men even though duped, they came here of their own volition? What will happen in future attempts at a similar ploy? Since this arrest occurred in early November, and we havnet heard anything about it until now, I dont think Russia will do anything. In fact, with the state of the criminal world over there right now, they are probably glad to have a couple less to worry about.

very true

[Ratteau]

Problem is, that the FBI "reverse hacking" of russian computers is done by an official US government branch

Touché, I was only seeing the other way around. I do think the WWIII thing is a bit of a stretch, but you never do know...

Hackers should have never been fooled

[AintTooProudToBeg]

$ whois invita.com

Registrant:
Federal Bureau of Investigation (INVITA-DOM)
935 Pennsylvania Avenue, NW, Room 7972
Washington, DC 20535
US

Domain Name: INVITA.COM

Administrative Contact, Technical Contact, Billing Contact:
Louis J. Freeh (LF10359-IN) louis@fbi.gov
Federal Bureau of Investigation (INVITA-DOM)
935 Pennsylvania Avenue, NW, Room 7972
Washington, DC 20535
USA
2023243000

Record last updated on 06-Apr-2001.
Record expires on 24-Apr-2003.
Record created on 24-Apr-1998.
Database last updated on 24-Apr-2001 02:37:00 EDT.

Domain servers in listed order:

NS1.FBI.GOV 165.87.201.243
NS2.FBI.GOV 165.87.201.244

Crack onto others...

[poot_rootbeer]

So the message I get is that breaking into computers is BAD BAD BAD when a couple evil Russians do it to hardworking Americans, but it's okay when the good ol' US government does it right back to 'em.

Maybe I'm just yet another paranoid government-hating Slashdotting Big-Brother-phobe, but why should I believe that law enforcement agencies will only wear white hats when they perform these kinds of actions?

Re:Crack onto others...

[warmiak]

Oh well, after all we pay taxes to have FBI protect us.
This is similar to CNN reporter refusing to pass inteligence information to Pentagon during War in the Gulf. He cried that his integrity was at stake.
Fucking idiot did not realize that without Pentagon his integrity would be worth nothing ...

It's a real company!

[sulli]

Here's their web site. They are famous for Mastermind, a game that I remember playing back in the seventies and that's still available now!

Re:Double Standard

[dfenstrate]

An even better question is:

Would the FBI help out Russian officials, if they made a request that was within applicable treaties?

The answer is yes, becuase the FBI has the resources and will to do so. The FBI recieved no help from Russian officials on this, so they have no right to complain

DMCA, UTICA

[VivianC]

The statements and actions of the FBI really raise some questions:

• Are these agents now criminals in Russia?
• If you have no jurisdiction to get a warrant, does it really mean you can do whatever you want?
• Can you use the same logic in domestic crimes (a rape in Chicago isn't in the FBI's jurisdiction, so they can search houses without a warrant)?
• Does this violate the DCMA by breaking the hackers encryption?
• If this was done from the FBI Academy at Quantaco, VA, does it violate provisions of UTICA?
• Are government agents immune for US and International law?

This could be a huge can of worms. It will be interesting to see if Russia views these searches the same way.


Viv
-----------

Re:Uh-oh!

[RetroGeek]

Quick, take out a patent!

-----------

fbi hackers

[pcidevel]

Man, and here I was thinking that all of these port scans were coming from script kiddies.. little did I know that the fbi was trying out their 1337 h4X0ring $k|11z on my pc. Okay.. I admit it.. I suck at l337 speak!

Re:One word

[ScuzzMonkey]

You've either never been cracked or you are a freakin' genius or your didn't recover right. Just because you find a compromise on day X, it does not mean that it happened on day X... could have been yesterday, last week, a month ago. It takes time to go back and validate all of your data even if you were doing regular backups through that time. You have to find the last trusted backup, not just the last one you happened to make. It can take weeks to properly do forensics and work your way back to a trusted backup set.

Re:One word

[ScuzzMonkey]

A vanilla webserver is a little different than a full-blown e-commerce system with a back-end database to worry about, sure. Presumably you can re-format, re-configure, slap source back on it and be running again in no time.

It's easy, and to some extent valid, to observe that different policies and procedures would prevent or minimize damage after the fact. People should always use a compromise as an excuse to review their procedures. But security is always a compromise on usability, and determining ahead of time exactly where to draw that fine line is an impossible art.

Incidentally, if you don't feel that NT/IIS has adequate security, it seems to me that you've missed your own point--properly installed and configured, that setup can be as secure as anything else on the market. But perhaps you were trying to say that in your case, you couldn't provide the functionality that you wanted with the security you wanted. I guess that would be my point--you've got to make that tradeoff somewhere, and I'm not sure you should castigate these guys for doing so. Nobody likes a whiner, but I think it's reasonable to be pretty pissed off when you get jammed like that.

Re:One word

[ScuzzMonkey]

I certainly wouldn't argue that most breaches--and I would go so far as to say ALL breaches--are preventable; it's just that it's much easier to see what would have prevented them in retrospect than it is beforehand. Certainly people should follow minimal best practices, at least--I completely agree with you on that point.

I guess I just find it disturbing that you seem to hold the victims more responsible for the problem than the attackers. Prudence is one thing, culpability another. To draw a poor analogy, if you're going to walk at night in a bad part of town, you should be prepared for muggers--but that doesn't mean you should just accept being mugged. You should still call the cops, try to find the guys who did it, and take them off the streets. That's not whining, it's civic responsibility. Vengeance is not the point--justice is. There may always be someone else, but that doesn't excuse these guys in particular--they should be pursued and removed from the scene.

Aside; that's an interesting argument against NT/IIS--usually what people say is that it's less secure because there are fewer reported vulnerabilities weekly than other, more open platforms... implying that more open platforms are better reviewed for security. If you really believe that, though, you should take a look at the actual numbers: securityfocus stats Considering the percentage of all webservers that are hosted on NT, it actually has fewer reported vulnerabilities for its market penetration than some Other operating systems (not naming any names here ;) And if I remember the attrition.org numbers correctly, it's actually cracked less often per share, too.

I don't like how MS handles flaws, either, but it's really just a mirror for corporate America. I've never worked anywhere where the PHBs were more concerned with fixes than features--until after they got hit.

Re:One word

[ScuzzMonkey]

I don't think your view of law and duty is actually all that different from mine. I agree with pretty much everything you've said; I just don't think (returning to the lousy mugger analogy) that it's acceptable to say "Don't walk in certain neighborhoods," instead of trying to address the root problem. Your point that such things are often symptomatic of greater social ills is well-taken--however, it crosses your point of individual responsibility being the only really relevant matter. If the muggee needs to be responsible for watching his or her back in indian country, then the mugger also needs to be responsible for, well, being a mugger. And I don't think that justice is not a deterrent, either. I think it's a great deterrent, where it's actually applied. Deterrence, however, is not easily measured in most contexts, so I can't cite anything for you particularly... it's just an observation of human nature. If you have an expectation that you're going to get caught and punished you're less likely to commit a rational crime. Murder would be an example--it has a very high clearance rate, and it's also the least common violent crime. And I guess, in short, that I don't think that being stupid means its okay to be victimized. I suppose I'm idealistic enough to think that our society should be such that you simply shouldn't have to worry about getting mugged/cracked.

Aside: The point about the stats, though, is that even though NT is higher than everything but the aggregate of all linux distros, it's not as much higher in exploits as it is in market penetration. If NT had 100% market share, they would have 100% of all exploits. In other words, you should see a correlation between how wide-spread an OS is an how many 'sploits are found for it, presuming all other factors are equal. But NT actually has a lower percentage of 'sploits against it than it has market penetration. So, for instance, if you took certain other operating systems and extrapolated them out to having the market share that NT currently does, you would actually see them with more exploits against them than NT has. You could argue that this is a Bad Thing and that more problems found mean more fixed; but I don't think you can argue that NT has more exploits for market share than other operating systems.

I don't have a comment on the nature of the exploits, since I can't seem to find any relevant stats for that. Off the top of my head, I can only think of a few popular IIS/NT exploits that allow full file access or arbitrary code execution.

FBI lacked jurisdiction?

[extrarice]

From the CNN article: Schroeder says Gorshkov was using someone else's computer and had no reasonable expectation of privacy. He also maintains that no search warrant was needed because the FBI lacks jurisdiction in Russia. This must be a new def'n of jurisdiction... if "crime-fighter A" doesn't have jurisdiction in a particular region, that is a free license to do whatever he wishes? Seems like the crime figthers would soon find jurisdiction troublesome and seek to remove the notion. What the feds should have done is get permission from the local Russian authorities and proceed through the channels. Be afriad when fallable human beings become above the law....

Help Wanted! US FBI agents for Rusian IT jobs!

[maxwells_deamon]

FBI Agents Wanted !

FBI Agents needed for challenging positions at new Siberian Internet company.

Experience with sniffing tools, "reverse hacking" tools, skirting government regulations and using search engines at resume web sites.

Pick up one way tickets at you nearest Russian Embasy.

We are confidant you will stay!

Re:join the FBI then

[maxwells_deamon]

But they are not law enforcement officers in Russia. If one of the officers who downloaded the data visited Russia, He/she could realistically be arrested there (IANARL: I am not a Russian lawyer)

It is not likely to happen, but legitimate. Thus the joke.

They could even be prosecuted in the US unless they could argue the hot persuit clause or something similar

Re:Double Standard

[NecroPuppy]

Actually, since at least some of the alleged crimes took place inside the boundries of the US, it's the FBI's job to handle.

Interesting

[Auckerman]

"He also maintains that no search warrant was needed because the FBI lacks jurisdiction in Russia."

This raises an interesting constitutional issue. Lets say, for example, your are an american business man and often travel to Russia. Now, the FBI thinks your a low life money launderer for the Russian Mob and the only reason you haven't been arrested in Russia is because you pay off the police. They don't have much to prove this. In fact, they can't even get a wire tap for your cell, which is provided by an american company.

So one day, you are in Russia and using a Russian ISP, you check your email. Now the FBI, through perfectly legal means, gets your IP, breaks into your computer, and finds....NOTHING except a LOT of porn with couple images that MAY be girls under 18. You come back to the states, they arrest you under for child porn (when they know its contestable) so they can get warrents to check your house in the vague hope of finding something to prove you are with the russian mob.

At no point did they get a warrent.

Sound far fetched. Maybe. But it does raise an interesting Constitutional issue for American Citizens. If I travel to Russia, the FBI, who has not jurisdiction there, should NEED a warrent to invade my property in Russia. Here it is implied that since Russia is not America, the govt can use means that fly in the face of the Constitution to catch someone.

I doubt any evidence gained from a search with no warrent, regardless of the computer being in Russia or not, would NOT pass Constitutional muster. If it did, we need to extend the US constitution.

Re:Interesting

[Auckerman]

"The natural result of forcing US protections on non-US citizens on foreign soil is that the US would have the right to prosecute foreign nationals who have violated American laws without harming American interests. This sort of extra-territoriality would not be thought of highly."

"In this case, the FBI did the right thing."

Here you have done two things: Put words in my mouth and contradicted yourself.

I'll start with the first. I have neither implied nor suggested that US laws apply over seas. What I have implied is that the FBI, which enforces federal law (among other things), should have American Law apply to it, regardless of where the person who is being investigated lives. This is not to protect foreign nationals, but to limit the right of the FBI to investigate ME when I travel abroad. Since, in this case the FBI did NOT know what nationality the people were, it could have been American Citizens. FBI does NOT and should NOT have the authority to do that to me, regardless of where I am at.

Re:Interesting

[Auckerman]

"And just which court do you think you would go to to get such a search warrant"

I'm sure down the road from their office is a federal court that has a judge who would sign a warrent to invistage crimes commited against people on American soil. They HAVE juristiction, else they couldn't arrest these people for their crimes.

"Certainly it has been proven in court that foreign nationals on foreign soil are not granted US protections."

What if these people had been americans? FBI didn't know where they were, they could have just as easily been americans.

"The natural result of forcing US protections on non-US citizens on foreign soil is that the US would have the right to prosecute foreign nationals who have violated American laws without harming American interests. This sort of extra-territoriality would not be thought of highly."

"In this case, the FBI did the right thing."

I have address part of this in a previous post and above, and would like to point out the contradiction. First you point out how "extra-territoriality would not be thought of highly" then go on to say "In this case, the FBI did the right thing". Interesting. Since by the FBI's claim (and your assumed acceptence of said claim), it had no jurisdiction in Russia, yet it was investigating a crime commited by people on Russian soil against American interests. Isn't that the "extra-territoriality" that wouldn't be "thought highly of" you were talking about? How is it a good thing in the light of it being "extra-territorial"?

My claim is the crime was commited on American soil. The server that was attacked was on US soil, the data was stolen from US soil, every part of the crime was on US soil. US laws do apply, even such inconveinces as warrents and due process. As such the FBI needs a warrent.

Re:Indymedia raided by FBI

[teatime]

WTF? I am just stating the facts. If I can't say 2+2 is 4 I am not free. Sorry to see someone with such an extensive vocab doesn't like the truth being shared.

Re:Indymedia raided by FBI

[teatime]

You expect me to take you seriously?
Spooging, Cum-Wanker, please. BTW no one asked you to participate so you can leave yourself out of being led into the "depths of bullshit". If you did even cursory research you would note that the report on the raid was reported in the Seattle Post intelligencer ntot by Indymedia .
I am curious what do you think about the federal mandate requiring all cell phones to have a GPS?
That piece of info reported by Fox News no less not exactly the paragon of anarchism .

For that matter Mr spooge, maybe we can put a chip in the back of your head Mr. "Spooging Cum Wanker" and force you to clean up your horrible language and learn some manners.
.

Re:Indymedia raided by FBI

[teatime]

Mr Spooge,
Thanks for the lively conversation. I will shut up now.
peace..

Re:Uh, teatime. . .

[teatime]

Thanks. I know I feel stupid.

Indymedia raided by FBI

[teatime]

The Indymedia center in Seattle was raided by the FBI. Not only that but the federal government has required that all phones have a tracking device by 2005 We should not support a government that hacks into the citizens of other countries computers. It is only matter of time before they do it to us. If they haven't already started. Welcome to the corporate police state.

Re:Indymedia raided by FBI

[Dolly_Llama]

It's the suede-denim secret police....

FBI has changed

[Alatar]

It's no surprise, really. The FBI doesn't do old-fashioned gumshoe investigations any more. The only tactic used nowadays is deception (lying) to get confessions, and then using those confessions to get evidence against others.

Re:FBI has changed

[Alatar]

No, they're not "playing hard" at all. The point is they don't do investigations. They merely threaten and bully and lie to get their convictions, which is all they really care about. It's fine as long as it doesn't happen to you (it could never happen to you, right?)

Re:FBI has changed

[3am]

'The FBI doesn't do old-fashioned gumshoe investigations any more. The only tactic used nowadays is deception (lying) to get confessions, and then using those confessions to get evidence against others.'

oh, are they playing hard against the poor criminals?! boo-f**king-hoo...

hmmm....

[canning]

The agents downloaded the data, but did not view it until they obtained a search warrant from a U.S. federal court, he said.

*cough* bullshit *cough*

That was honest of them. I know I couldn't resist sneaking a tiny peek.

Re:Ah..

[bmongar]

ut what are they doing against US crackers hacking Chinese computers? Hire them.

The REAL reason NT admins are "idiots"

[Fragmented_Datagram]

As Micrsoft makes their Server OS almost brainless to administer, NT admins come to expect that everything will take care of itself. I've known quite a few NT admins and if the task is any more complicated than clicking the "Install" button, then they're lost. I suppose it's the nature of the beast. As software gets simpler and simpler, the users get dumber and dumber. They expect to be hand fed everything and when things aren't immediately obvious, they're lost. It's a somewhat scary thought to think that as technology progresses, less and less people actually know how it works. I suppose it's a necessary trade off, but it does seem to put a lot of power in the hands of very few individuals.

This also means Russians can search US computers

[mike449]

They don't need a warrant, right? It's not their jurisdiction!

If somebody doesn't have jurisdiction somewhere, it doesn't mean he can do anything. This means he can do nothing.

It's not a look warrant!

[shyster]

Obviously, the FBI agents broke Russian law, but I don't think the Russians would try to prosecute, and I don't think the US Gov't is going to give the agents up for extradition...and I really doubt the agents will be tricked into going to Russia. =)

Did the FBI break US law? It certainly seems that they might have. The whole wash about not having jurisdiction is BS, as the article states the sniffing and login were done in the US...Seattle to be precise.

After Ivanov arrived in Seattle, accompanied by Gorshkov, agents posing as Invita officials asked the men to demonstrate their prowess on a computer outfitted with "sniffer" software to record every keystroke. After arresting the duo, they used account numbers and passwords obtained by the program to gain access to data stored in the computers in Russia, Schroeder said.

Now, the sniffer wasn't a problem, I don't think, since the FBI legally owned that computer and are free to install whatever monitoring tools they want (BTW, I don't think it was a sniffer but a key logger). The using of the passwords to log onto an account that was not theirs, however, is a crime. And I believe that if a private US citizen were to hack another computer in another country, that US law would still be applicable. If I kill a Russian citizen visiting the US, am I not guilty of murder in the US? Or am I only guilty in Russia?

So, the FBI broke the law by hacking another computer. This would be OK if they had a search warrant, but, obviously, they didn't get one until after the fact. I wonder if they tried to get one before the operation, and were turned down by a judge who stated that they didn't need one. Barring that, I would say they definitely need a search warrant before downloading the data (including simply viewing the data and gaining access). After all, for the time between downloading the data and having a search warrant for it, that data was effectively stolen merchandise.

And, besides, it's called a search warrant, not a look warrant!

Re:Double Standard

[Lawbeefaroni]

The CNN article mentions that the prosecution's argument was that the FBI didn't require a warrant because Russia isn't under their jurisdiction. Can someone explain? Does this mean that a Dade County Sherrif (Florida) can break into my Ann Arbor (Michigan) apartment sans warrant to legally gather evidence?
Of couse this was only their argument and not necessarily the law, but it's fairly brash. As was the "expectation of privacy" argument.

I bet they used scripts.

This quote says it all...

[leviramsey]

Ivanov, Gorshkov and other unnamed associates used the Internet to gain illegal access to the computers of more than 40 banks and e-commerce sites in 10 states, often by exploiting a known security vulnerability in Windows NT, prosecutors say. A "patch" for the vulnerability has been posted on the Microsoft Web site for almost two years, but the companies hit by the cyberbandits hadn't updated their software. [Emphasis mine]

The biggest problem with NT isn't necessarily the security holes. It's the idiocy of the admins. The only way to stop this: make it expensive to hire retarded sysadmins. Do this by suing these outfits (not necessarily Microsoft) for gross negligence and lack of due diligence in protecting your credit card information. Yeah, you'll probably only get $50 plus court costs, but that'll be $75 they have to pay. These Russian hackers stole 38,000 numbers from an undisclosed site; That's almost $2.7 million for hiring an incompetent admin!

Re:This quote says it all...

[leviramsey]

But at the same time but having 38000 suits, in all 50 states, in small claims court is good... it's the legal equivalent of a DDOS...

Re:The US Constitution doesn't apply

[Faies]

The US Constitution DOES apply here, though not in the way that I've been hearing people say. You are correct that the United States would not need a search warrant to hack computers from halfway around the world. The US does have every right to do so as you state.

However, when these people are in U.S. territory the rules change. You are guaranteed the rights of any other US citizen when present. These men entered the country legally with passports. They have a right for their communications, keystrokes, etc. to be free from surveillance while here. It's like what happened to the US citizen in Singapore who was vandalizing property while there. He was given due process and equal punishment as dictated by law.

The only exceptions to the rule are under the "critical zone approach" as ruled by the Supreme Court. The Court fully recognizes that the Fourth Amendment does not apply in "critical zones" (often international airports). The FBI may have conducted this search legally if they had only obtained the warrant beforehand (including a provision for obtaining the keylogger data).

And hegemony? For crissakes, its been that way 100% since the Cold War. It doesn't matter whether or not we're enforcing Constitutional law. Instead, if we do *anything* in our self-interest with the military, we're hegemonic. Take the Kuwait oil fields and the Gulf War as an example. And, well, I might be facing the draft in a few years so I'll refrain from complaining about the military. ;)

hm....

[guest12]

Registrant:
Invita Koekkener A/S (INVITA-DOM)
Fabriksvej 20
DK-7441 Bording,
DK

Domain Name: INVITA.COM

Administrative Contact, Billing Contact:
Krogsgaard, Johannes (JK10757) invitajk@POST1.TELE.DK
Invita Koekkener A/S
Fabriksvej 20
Bording, 7441
DK
86861677 (FAX) 86861677
Technical Contact:
UNI2 / Henrik Bo Hansen (UNI2-DK) domain@UNI2.DK
UNI2
Gl. Koege Landevej 55
Valby
DENMARK
+45 77 30 10 01
Fax- +45 77 30 10 00

Record last updated on 09-Feb-2001.
Record expires on 12-Oct-2001.
Record created on 11-Oct-1996.
Database last updated on 24-Apr-2001 02:37:00 EDT.

Domain servers in listed order:

NS.UNI2.NET 129.142.7.99
NS2.UNI2.NET 195.82.195.99

Re:hm....

[glenkim]

The record was last updated in February. They were arrested in November. It is possible that the records were earlier more believable. However, it is possible that they were just careless.

I think its fair

[RogueAngel7]

I know a lot of people may not see it this way, but I think the US FBI actually played fair on this.

For one, when these Hacker/Crackers from russia started in on US Businesses they had to know they were opening up a can of worms.

Breaking in to a closed computer system is a violation of US, Soviet, and International Law. They must have know this too.

When the FBI did get involved, they requested (several times) that Russia arrest them (for breaking Soviet law) as is the usual custom. Russia declined for thier own reasons.

Reaching an impass of sorts, The FBI found one of thier resumes online through an EMail one of them sent to a US ISP requesting a job, after the guy hacked the ISPs System. (Im sorry but, this has arrest me written all over it.)

The FBI then lured the Hacker/Crackers to the US with a promise of a job from a Security company that DOES NOT EXIST. I looked online for the company, and found no information leading to it. Did they even check it out?

The FBI Arrested them once they set foot on US Soil, and then hacked in to their computers to find evidence. (Which I would guess is also the usual course in an FBI investigation when direct seizure of the hardware is imposible).

I feel I must state that the FBI didn't ever break or violate the Hackers/Crackers Rights, because they don't have any. They aren't US citizens, or nationals, and as such the constitution doesn't apply to them. (Sux, but its true)

The FBI didn't have to Issue a warrent, because US search and siezure laws don't apply to them. (Soviets don't really have any as far as I know)

Thankfully I believe that Miranda (Arrest) Rights still apply to them because you don't have to be a us citizen to benfit from them, you only have to be arrested in the US.

The only thing the FBI might have flubbed is breaking Soviet and International Law for cracking in to the overseas PC's. But that would be for Russia to push, and would have little bearing in this case.

I feel real bad for those two, no matter what they did. They are stuck in the US legal system, and have No Constitutional rights.

Either way I think the FBI played this one fairly, the two hacker/crackers choose the weapons, and the FBI won the duel.

RA7
-

Re:Double Standard

[raju1kabir]

the tactics they used for obtaining the passwords are extremely questionable, and probably border on entrapment.

There is nothing even vaguely like entrapment going on here. Entrapment is when a law enforcement officer commits a crime in order to encourage a suspect to commit that same crime, and then turns around and arrests the suspect when he does. For instance, if I'm a cop and I take you to the store and I shoplift something and say "go ahead, it's fun!" and then you shoplift something too, you Get Out Of Jail Free (tm) because I entrapped you.

Just tricking someone into revealing information about their guilt is not entrapment; it's simply a worthy and useful police tactic.

Re:The US Constitution doesn't apply

[Space_Nutty]

IANAL, but once they were on US soil, the constitution would apply. Since what I have gathered from the threads so far (I haven't been able to get back into the article to confirm my skim earlier), the hackers came to the US, had their codes sniffed as part of a demo, were arrested and then the hacker's machines were hacked by the FBI.

Since this doesn't appear to be appear to be a national security issue, and the hackers were in custody where they couldn't "damage" or erase their machines, the FBI should have gotten the search warrent before hacking the machines.

Also, since the FBI hack of the Russian machines originated from the US (and particularly since it was knowingly extended into Russia), I think the laws of both nations apply.

did you make that up or did they change it already

[dirtyhippie]

did you make that up or did they change it already? $ whois invita.com Registrant: Invita Koekkener A/S (INVITA-DOM) Fabriksvej 20 DK-7441 Bording, DK Domain Name: INVITA.COM Administrative Contact, Billing Contact: Krogsgaard, Johannes (JK10757) invitajk@POST1.TELE.DK Invita Koekkener A/S Fabriksvej 20 DK-7441 Bording, DK Domain Name: INVITA.COM Administrative Contact, Billing Contact: Krogsgaard, Johannes (JK10757) invitajk@POST1.TELE.DK Invita Koekkener A/S Fabriksvej 20 Bording, 7441 DK 86861677 (FAX) 86861677 Technical Contact: UNI2 / Henrik Bo Hansen (UNI2-DK) domain@UNI2.DK UNI2 Gl. Koege Landevej 55 Valby DENMARK +45 77 30 10 01 Fax- +45 77 30 10 00 Record last updated on 09-Feb-2001. Record expires on 12-Oct-2001. Record created on 11-Oct-1996. Database last updated on 24-Apr-2001 02:37:00 EDT. Domain servers in listed order: NS.UNI2.NET 129.142.7.99 NS2.UNI2.NET 195.82.195.99

So then....

[Husaria]

Won't the FBI now be violating any possible Russian laws then, and knowing the Russians, they'll come up with some elaborate scheme to make us look like a horse's ass.
Since the FBI are indeed hacking those crackers...this is shaping up to be an international incident.

No cracking at all!

[pbemfun]

Um, sorry, but there wasn't any 'hacking' involved here. The FBI sniffed their id's and passwords on a machine they gave to the Russian crackers and used the information to log into their own computers. I never knew that network sniffing was hacking...guess I better watch our networking people more closely!

Tyler

Your mission, should you decide to accept it

[aelvin]

... agents posing as Invita officials asked the men to demonstrate their prowess on a computer outfitted with "sniffer" software to record every keystroke. After arresting the duo, they used account numbers and passwords obtained by the program to gain access to data stored in the computers in Russia....

Back in the Good Old Days, one of the "agents" would then have peeled off his false rubber face to reveal that he was, in fact, Mr. Phelps.

Re:The US Constitution doesn't apply

[nrftwicked]

Bait-and-switch huh? so if I lure a child into my house with a cookie, and then lock the door behind them, it's not kidnapping? That's ridiculous, the FBI is in the wrong.

That's Entrapment, brotha!

[BSDevil]

Enough said. This is similar to the RCMP agent posing as a drug dealer, selling a guy some crack, and then arresting him once the transaction is complete. If I remember correctly, the definfition of entrapment is somthing like "it's entrapment if the crime comitted would not have been commited if it had not been at the behest or suggestion of the police officier" - somthing the Dupreme Court deemed illegal long ago. And shouldn't what the guy have typed into the Invicta computer have been copyrighted to himself (gotta love the Berne Convention), and thus the Feds wouldn't have the duristiction to look at it whithout his permission (as he could deny them the right to record it).

Note that my entrapement definition is the Canadian one, btu I think it's the same as with the USA. I'm seeing several challenges to this if the Ruskies have a good lawer.

Re:Double Standard

[Hormonal]

Why would they go to all the trouble of breaking into his computer, when the same information can surely be had elsewhere more easily?

First of all, they might want to break into Bush's computer, since he is the President now (unless they're looking for Bill & Monica's Webcam Porn stash)

Secondly, there's got to be some other gov't agency that already monitors said computer, and some employee of said agency probably keeps a copy of those files somewhere less secure than the machine itself.

No, I don't think the FBI would help the Russians, but if they wanted to, they'd probably just give them an FTP address, rather than break into the machine all over again.

Re:Two key points

[Rogerborg]

• If this happened than FBI can happily know that it violated article 272, part 2 of chapter 28 of the Criminal Code of the Russian Federation. The article claims setences starting from 500 minimal salaries (about US$4000) and up to 5 years of detention. Note that this considers only the fact of illegally accessing a computer

Nice! Please mod up, pretty please. Oh, how I'd love Russia to ask for the extradition of the FBI goons who've not only admitted to breaking a Russian law, they're actually crowing about it.

Re:Double Standard

[Rogerborg]

• They were supposed to get a search warrant from a judge in the local oblast before they... hey, wait a second... Oblast? Oblast! This is a FOREIGN COUNTRY!

Hey, yeah, you're right! It's so obvious! So it's equally OK for Russian (Chinese, Iraqi, pick your own demonised nation) spooks to hack and crack boxen in the USA because it's convenient for them?

Hey now!

[dpete4552]

"...a bunch of Russian crackers" "FBI Does A Cracker..." Hey now!, there's no need to be racist. ;)

-
AIM: dpete455
Yahoo!: dpete455
Jabber: dpete455@jabber.org

lame

[3am]

what a stupid point to make, and how unrelated to the topic.

people that run the site?!

[3am]

no, the people that CRACKED it should be arrested. nice to ignore all issues about personal responsibility...

'oh, since you left your window open to your house, and i stole your childrens' clothes, you should be arrested for child abuse...'

great point, bravo...

You are Confused.

[3am]

the russian gov't should be concerned with it's deteriorating infrastructure and the collapse of it's currency

we're just arresting some known criminals, and were able to do it because they are fundamentally idiots (did you see the simpsons where homer 'won' the boat from the springfield police dept?).

hurray to FBI for protecting american citizens from criminals.

join the FBI then

[3am]

here's the only problem:
-you're a private citizen
-they're law enforcement officers

oh, wait, that's all the difference in the world. your post made a nice little sound bite, but really fall flat when reality comes into play.

Re:Double Standard

[3am]

last i heard, it was hit by an idiot chinese pilot....

Re:Double Standard

[3am]

Falung Gong

US citizens (scholar) being jailed without charges

Gov't firing on and killing 2 in a village that refused to pay taxes they couldn't afford (at least we JAIL them here...)

oh... Tianemen square

Tibet

do i really have to give more examples of flagrant human rights abuses by the PRC?

Re:Double Standard

[3am]

my bad. however, look at this article from the nytimes (you need username/pass), and you will see a good example of how economically free china has become:

http://www.nytimes.com/2001/04/22/weekinreview/22B OXA.html

Worrying

[Hasie]

I live in South Africa and this scares me. What is going to happen if this is allowed to set a precedent? Will the FBI and another American law enforcement agencies start hacking into computers and stealing data instead of trying to obtain search warrants? And what is to stop them hacking into my computer and stealing all my data if they merely suspect I am guilty of a crime? Where does it end?

As with all power

[CrackElf]

The power of government must be held in check, unless the government is to be trusted. And that means trusting every money grubbing power hungry politician that seeks out a place in the structure. Now, I am not saying that every person that works for the government is evil, or even that every politician is. I am just saying that those who are most likely to abuse power are the same ones who will most diligently seek it out. Those that seek it out are the most likely to aquire such power. And that means that a signifigant number of the people in power are willing to abuse it. And even if that were not the case, I do not think that we should condone the government committing the electronic equivalent of unlawful search and seizure.
-CrackElf

One word

[CrackElf]

Backup. It should not take 72 hours to recover the data. And, with a daily backup, you should loose at the absolute most 24 hours. Security and data integrity includes regular backups. Every IT department should be ready for data loss and data leakage scenarios. Because even if you catch the cracker, most of the time it is after the damage is done.

Re:One word

[CrackElf]

A web server that was, at the time, my responsibility, was cracked. The system was isolated and backed up, and the damage was minimal. And, after that, I instituted better policies esp. with updates, since it was a known exploit.

What i did not do was whine about how some malevolent cracker had gotten into my system and fucked things up. If it had not been him (or her, or it), it would have been someone else. It was my fault for not instituting better policies regarding updates and patches (and for allowing my superiors to override me and set up an NT server running IIS, which i do not feel has adequate security).

I have been on teams where data was lost. I have been on teams where cracks have destroyed weeks of work. And in all of the cases that I personally observed, better policy and procedures regarding updates, detection, isolation, passwords, physical protection, and backups would have prevented and/or minimized damage.

It sounded like his IT department in this case was totally unprepared for such an attack. While it does not excuse the cracker, neither does it excuse the IT department. That was my point.
-CrackElf

Disclaimer: I am not a genius, feakin or otherwise. If I were I would have figured out how to retire by now so that I could work on my own projects in peace.

Re:One word

[CrackElf]

Yes, a vanilla webserver is very different than a full-blown e-commerce system w/ back-end databases. The system that I was working on had to do with personnel information for the government. Since the web server was properly isolated from the distributed transaction servers which connected to the databases, the cracker was unable to gain direct access to the databases. And since I had instituted fairly sound policies, he/she/it was unable to gain access to any other servers.

I am not perfect, and i did not create the perfect system. Nor am I trying to say that. But I am trying to say that most of the security breaches that I have observed were preventable with commonly known policies and procedures. People dont back up. They dont patch. They dont isolate systems. The dont force mixed passwords. (except for isolation, these basic prolicies will not overly compromise useability). They often assume that they will never be cracked. And then when they do get cracked the act so suprised.

The point is that you should implement policies to minimize the risk and proceedures to minimize the damage before a security problem arises. Instead of trying to get vengeance on the script kiddies (or full fledged crackers) after the fact, since it really does little good, it wont bring back lost data, it will not retrieve lost transactions. There will always be someone else to test the limits of your security.

BTW: The reason that I believe that NT/IIS is less secure than other systems is the raw quantity of security issues weekly as compared to other systems. Part of this has to do with the fact is that microsoft changes protocols and interfaces very rapidly, and each new protocol or interface will have its own security issues. And part of it has to do with the company's features first, fixes if we have to attitude.

Re:One word

[CrackElf]

Ahh, I have a completely different view of law, civic duty, blame (culpability), and crime. I do not blame the victim. I try to proffer advice to people before they become victims. If I am a 'victim' I ignore that fact, and try to contain and stop the current situation. Then I try to ensure that it does not happen in the future. After those are taken care of, I look for the root cause of the circumstances that led to the situation in the first place (and determine if I can effect change on it). I will definitely call the authorities afterward as there is a chance that I will get my possessions back. I might do it out of revenge as well. I personally do not believe that 'justice' (who was it that said that justice is just codified revenge?) is, in fact a deterrent in a significant percentage of crimes. Too often in our society people love to become victims and point the finger at someone else. When does it stop? When does someone say, ohh, i fucked up, i had better fix it and make sure that it does not happen again? When do the parents and teachers at columbine say 'we were not paying attention to the problems in our homes and schools' instead of saying 'those violent video games made those kids bad'.

Your analogy is a bad example, but i will try to give you my perspective. Although I do feel that a mugger should be taken care of, I feel that this is a mere symptom of a bigger problem. The true problem is the ghetto that has been caused by the greed and stupidity of society. When the only options society gives a teen growing up in that environment are to work in sub standard conditions at minimum wage for the next 50 years or leading a life of crime to receive some of the basic necessities and some pleasures of life, the problem is bigger than a simple mugger. The mugger blames society, society blames the mugger. Blame becomes irrelevant. Personal responsibility does. In the short term, people should avoid walking through certain neighborhoods or dress and act in a manner that will deter mugging, maybe keep the bulk of their cash and id in their sock instead of their wallet. And, as for the mugger, they should determine, and someone should point out to them, what the pro's and con's are of a live of crime as opposed to forcing the system to give him/her/it a proper education so that they are armed to fight for their rights in whatever job they take. And I say that taking one guy off of the street does not change the street nor the conditions that brought about the mugging in the first place. It sure feels good, and you might get your possessions back, and you might feel safer at night. But it wont make the street any more secure, and it wont undo the fact that you were mugged.

I bring the analogy back to the technical industry. Fix the immediate problem. Make sure that it does not happen again. Try to determine the underlying problem if there is one (like your sensitive databases are on the same server that is on the web, and thus known). Fix it if you are able. By all means go after the bad guys. Wether you feel that it is a deterrent, justice, or revenge. But I feel very strongly that if you do, you should not let that cloud the fact that you need to take responsibility for the security at your site.

Aside: As for the stats, it shows that even with all of the additional packages (eg: rh comes with many, many optional packages), in most of the years, individual windows platforms are pretty much greater than all but the aggregate of all linux distros followed by this site. Not to mention that I believe that if you separate out actual exploits that allow for uninhibited access to the entire file system or execution of arbitrary code, ms wins the prize.

I agree with your prognosis about corp America. Thus I believe that the long term solution to create better security in corp America is to outlaw pointy hair :)

cracking

[CrackElf]

The point of my post is that a system administrator has to have the proper policies and prepare for the most unfortunate contingencies. It does very little good going after the cracker, because the damage is already done. Yeah, it would be nice, but are you really going to be able to arrest and convict all of the script kiddies out there? One should make their system robust. Both through keeping the physical and virtual security up to date and by enacting policies and procedures that will minimize the damage. Most of the security breaches that i have seen in my carear have not been some new, unheard of exploit, and could have been prevented, or at the very least, greatly minimized by the proper policies and procedures.
-CrackElf

Double Standard

[diatonic]

It is interesting to see the double-standard with which the U.S. Government operates. I'm sure I would be prosecuted to high heaven if I tried to hack into Bill Clinton's computer to get the skinny on what went on between him and Monica. All your evidence is belong to US!

Re:Double Standard

[diatonic]

Let's see... the article said they downloaded the data from the Russians computers without a warrant... and the tactics they used for obtaining the passwords are extremely questionable, and probably border on entrapment.

Re:Double Standard

[Guppy06]

If the hackers in question attacked Chinese property and violated Chinese laws, then I wouldn't have a problem with it. I'd have a problem with the People's Liberation Army parachuting into the US to arrest these hackers, but as long as they enter Chinese territory of their own free will, then there's nothing to complain about.

Re:Double Standard

[Guppy06]

Yeah, double standard. They were supposed to get a search warrant from a judge in the local oblast before they... hey, wait a second... Oblast? Oblast! This is a FOREIGN COUNTRY! These were not US citizens, they were not living on US soil, and until they enter the US, the US Constitution doesn't apply to them. Why do you think they had to be lured here before they could be arrested?

The only odd thing I see here is that I think this might have been the CIA's jurisdiction, since they're the ones usually in charge of information-gathering outside US borders.

If you want to argue that the US Constitution protects the rights of those nowhere near our borders, then I hope you're one of the first to volunteer for the military as they're deployed to China to enforce our Constitution on them.

Re:Double Standard

[Guppy06]

"Does the proposition 'all men are created equal' mean anything to you"

Yes, it measn that all people, no matter where they come from, have the opportunity to become US citizens. They didn't become citizens before hacking US computers, so...

"I always thought that we hold our rights to such a high standard that they apply universally."

We, as Americans, have the right to decide (through democracy) what laws do or do not apply to us and our property. A people's right to self-government. If the suspects made no effort to be a part of our self-government, why should we force it upon them?

"If a country does not have these protections, don't we call them 'undemocratic' and threaten them with sanctions or worse?"

The suspects were made aware of their rights when they were arrested. They have the right to a lawyer. If they cannot afford legal consul, it will be provided to them free-of-charge. They have a right to only be held in prison for a year and a day before being put on trial. They have a right not to be interrogated without consul available. They have the right to a trial before a judge or a jury (their choice), where they have the right to challenge any and all evidence presented against them. They have the right to continue to have some contact with the outside world while incarcerated (probably with the local Russian Consulate). They have a right not to be denied bail without due process of law. They have the right to appeal a guilty verdict. And, last but not least, they have a right not to be subjected to cruel and unusual punishment.

It's not like they're being dragged off into a dark alley and shot. They haven't "disappeared" like Chinese dissidents.

"But it is ok for the US to do any damned thing to people who are not inside it's borders because the Constitution does not apply."

The computers attacked were owned and operated by US citizens on US soil. Once the suspects entered US territory, the Constitution applied to them. It does not, however, apply to the evidence-gathering while they were outside the US.

Re:Double Standard

[Tech187]

International conventions dicate that when a damanged plane issues a 'mayday' they are then to be allowed to land at nearby airfields. Such a signal was issued.

Re:Double Standard

[Spagornasm]

Your analogy falls short on both counts.

1) During the cold war, Soviet subs were routinely heard by the SOSUS nets barely 15 miles off our coast, and American bases and Carrier groups were routinely buzzed by Bear Foxtrots. China does not do what we for several reasons. First off, China does not have any forward bases in the Americas. Thus, their much shorter-range surveillance planes could never hope to fly up and down our coast. Secondly, China could (and probably does) have submarines and disguised (usually as trawlers) spy ships all over our west coast. China has simply acted a bit childish.

2)There is a fundamental difference between Taiwan and Cuba. To begin with, China is not very subtle about its desire to take over Taiwan - by force, if necessary. The US has no such agenda with Cuba. Cuba is a dictatorship controlled by one despot - Taiwan is a free democracy. Cuba has (and did during the Missle Crisis) wanted ballistic missles for the purpose of having a bargaining chip with the US for better trade deals. Taiwan wants Aegis cruisers to hold back a China that has just recently installed almost 1,000 medium ballistic missles along its closest approach with Taiwan. Taiwan is about self preservation, and Cuba is decidedly not.

The funniest thing to think about: Taiwan was a part of China for perhaps 6 or 7 years out of the last CENTURY.

Plus, Taiwan and China have the same people, and Taiwan has less resources, but Taiwan is a prosperous and wealthy nation while China is still trying to keep peasants from starving to death while selling vegatables at government-controlled prices. The reason for this is quite simple: Taiwan is a free and open society, while China is not. China has meddled very little with Hong Kong's laws, because having an open economy creates wealth.

Freedom brings prosperity to a nation. Those Russian hackers wanted to come here because they knew that being able to live in a freer and more open society would let them live better lives.

Re:Double Standard

[Spagornasm]

The problem with the New York Times is the same problem with almost every single news source in the world - they are very very biased. Though, in the NYT, the prejoratives and value statements are there a little bit more obviously, they're not that different from other news sources.

The editorial board of the NYT is a rather liberal, leftist group. They sympathize with China. This article is not surprising. Compare it to similar articles found at places like Fox News, or the Washington Times.

There are always two sides to a story, and just reading the political coverage in the NYT, it's obvious that they don't care about that.

Re:Double Standard

[Spagornasm]

Does that excuse the actions of Castro against his own people? Does that excuse the fact that children are taken away at 8 years old to work in the sugar cane fields?

C'mon. Cuba is a terrible country, not becuase of its people, but because of its government.

Can you blame us for wanting to help those people? Why the hell would hundreds of them risk (and sometimes lose) their lives on flotsam to reach the US? Because they're HAPPY in Cuba?

U.S. International Notoriety

[dust2dust]

Well, it's nice to know that the the U.S. government prosecutes those that violate its laws by pretty much violating the same law itself. Lets face it: stating the word "secutity" in a sentence along with the word "internet" is an oxymoron (I know you could twist the words, but you know what I mean). I personally think that anything, ANYTHING should be allowed on the internet. These so-called security products that supposably protect people from 'malicious' hackers are often laughed at by the very people they try to intimidate. I'm not neccessarily siding with the russian hackers here. What they did was wrong and I'm not going to forgive their connivances, however, if the U.S. government is willing to make a provision that it can break its own laws to execute them, then we are heading down a dangerous path. Just look at the recent jailing of the woman who didn't have her seat-belt on. I don't think there's a single sane person anywhere in the world that would validate the handcuffing of a person who commited such a small crime. Now I'm getting off topic a bit, but lets face it, the U.S. clearly stepped over its own line when it reached into the heart of russia to illegally sieze evidence. They stomped all over Russian sovereignty because they were blinded by the prospect of getting a second 'big break' on the war on cybercrime. On a related note, we seem to be gaining an AWFUL lot of notoriety when it comes to our foreign policy / scare tactics: The recent China fiasco, the Peru incident, and this current story come to mind... P.S. Those of you who have gotten the 'eye for an eye' theory spinning around in your heads, I think we first have to PROVE that they did it to say that they are guilty. The way the press is spinning it, they are already as guilty as sin, but under modern law, they are not. Don't forget that or that will be our undoing.

Re:The US Constitution doesn't apply

[Guppy06]

Neither is the example of the ship firing from international waters, so long as the ship isn't acting under orders from a foreign government.

Re:The US Constitution doesn't apply

[Guppy06]

By your analogy, ANY arrest could be considered "kidnapping."

The US Constitution doesn't apply

[Guppy06]

I've said it twice already here, but nobody seems to understand it, so I'll say it again: The US Constitution (and it's protection against unreasonable search and siesure) does not apply here. They weren't US citizens. They weren't even resident aliens, illegal or otherwise. No Russian oblastey, respublik, okrugov, or krayev have ratified the US Constitution and become a US state. It hasn't even been put to a vote. The only time our Constitution applied to Russian territory and Russian people is when Seward helped buy Alaska.

This is wholly outside the jurisdiction of any US state or federal laws. The only "laws" that do apply are international treaties, and I have yet to hear of any that forbids a nation-state from taking nessecary action to protect itself from outside threat.

If the US were trying to enforce Constitutional law outside its borders, then the Chinese and others are right: We really ARE hegemonic. And I'd hate to be part of the military that tries to enforce those laws on the rest of the world.

Re:The US Constitution doesn't apply

[Guppy06]

"In a previous attempt to do something similar a U.S. Law Enforcement office was arrested and charged with kidnapping on foreign soil. He spent 3 months in jail before he was released."

However, there was no kidnapping involved in this case. They flew to the US voluntarily. Bait-and-switch, yes, but no kidnapping.

"Law enforcement agencies have no jurisdiction outside of the country."

The computers being hacked were within the US.

"This is against international law."

The crime was against US citizens and US property within US territory. What you're saying sounds like we don't have the right to attack a ship shooting missiles at the US if the ship is outside territorial waters.

Re:The US Constitution doesn't apply

[Guppy06]

All amendment 10 says is that the rights not explicitly granted to the feds by the Constitution belong to the states or the people.

On the other hand, amendment 4 says:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated(.)

There's nothing anywhere in the Constitution that suggests that "people" here means anything but the "people of the United States," as mentioned in the preamble. If it meant all people, then you'd be suggesting that US law applies to everybody and every nation the world over.

Besides, if you're in the process of comitting a crime, and the feds are sitting there watching you do it, wouldn't a search of you and your posessions be "reasonable?"

Moral: Don't Use Windows NT

[Guppy06]

From the above-mentioned CNN article:

... Gorshkov and Ivanov used computers ... to scan the Internet for vulnerable business operating systems. They ... are believed to have made tens of thousands of probes and intrusions into computer systems, usually through a vulnerable version of Microsoft Windows NT

Ah..

[glenkim]

But what are they doing against US crackers hacking Chinese computers? ... That's what I thought.

Re:Ah..

[db_two]

You own the patent for One-Click Trolling... Is that on the Delphion Patent Server --- I would really like to read it..... Ha Ha .... This is doing wrong all in the name of right. These guys had no permission to do what they did from the russian government.... even if the ends justify the means. I could easily see Russia holding our FBI Agents as international spies... Hopefully the world is becoming a somewhat friendlier place... David Byrd CEO - Twenty First Century Technologies, Inc. URL: http://www.nite-surfer.com Home of the Nite-Surfer Illuminated Keyboard
David Byrd
CEO - 21st Century Tech., Inc.
URL: http://www.nite-surfer.com

Cracking? What cracking?

[nuclearcamel]

They invited the Russian to use a computer with a keyboard sniffer, and then took all his passwords. They woudn't have needed to CRACK anything.
This seems mostly to have been social engineering, something which the FBI probably has lots of experience in.

Holy crap

[sllort]

Check it out the FBI defaced the hacker's web site.

Now that's just cold.

Two key points

[sllort]

Two very interesting things in the article:

1) "After Ivanov arrived in Seattle, accompanied by Gorshkov, agents posing as Invita officials asked the men to demonstrate their prowess on a computer outfitted with "sniffer" software to record every keystroke. After arresting the duo, they used account numbers and passwords obtained by the program to gain access to data stored in the computers in Russia, Schroeder said."

Ok, so they brought them to the U.S., told them to log into their computers in Russia, sniffed the passwords, and then used the sniffed passwords to log into the Russian machines. This is hacking? Social engineering, maybe...

2) "The agents downloaded the data, but did not view it until they obtained a search warrant from a U.S. federal court, he said."

Now this is interesting. They don't need a search warrant to break into your computer, only to read what's there. Which means that breaking into a computer isn't search and seizure.
Does this mean that if I break into FBI computers, but don't look at anything, that I haven't hacked them?

Very, very interesting precedent...

The govermet and privacy

[Anon-Admin]

It seems that the government has decided that although the constitution of the US holds the rights of an individual to be god given, god only gave those rights to americans. Everyone else is fair game. This truly bothers be! In the past the government got around this by creating a corporation to do the intelligence gathering (CIA, OSS, ETC.) Now they wish to do it them selves? What's next, "Sir your computer was on the internet and as you may not be aware, Computers on the net are open to search. The Founding fathers did not have computers when they wrote the constitution and could not have foreseen them. There for there is no right to be secure in your computer."

Next you know they will outlaw the constitution! OOPS they did that already. The constitution was written on himp paper and as most are aware himp is ILLEGAL in the United states.

Interesting question on legality

[Jonny+Ringo]

This goes under old rules applying to new technology. The fbi used a sniffer to capture the crooks information, but did not look at it untill they got a search warrant. - What the hell? They think that this is legal? They are "searching" their computer, therefore they should be required to have a SEARCHwarrant.'

That's like the fbi breaking into your house with blind folds on, and taking everything, then looking at your stuff once they got the search warrant (course that would never happen).

The same

[rachelle2121]

It's interesting....people that steal information and attempt to extort money OUTSIDE the US, claim they are protected because American rules don't apply. I guess it works both ways!

I Am Confused.

[the_2nd_coming]

did the FBI suspect that they were invovled in this and cracked the computers to get the evidence? if so I would think that the Russian Government would be pist as hell.

The FBI did not have a warent to serch the computers in russia.(as far as I can tell from the article)

I think the russian government sould arrest the FBI agents for Illegal computer activity :)

Fourth Amendment

[RALE007]

Schroeder countered that the U.S. Constitution's Fourth Amendment protection against "unreasonable search and seizures" is not applicable outside the United States and that the FBI had no ability to serve a search warrant in Russia.

if they're not protected by our laws because they are out of the country, how can they be prosecuted by those same laws? Laws are made to protect people (believe it or not), you should have a fair playing field. Their real arguement shouldn't be "well they're out of the country they're not protected by those rights", the truth is they're out of the country and the FBI has no jurisdiction to do what it did, but if they said it that way then they'd look like the villans.

Re:hrm

[benevolent_spork]

Bah!

You impugn my honor, Sir, as well as the honor of evil_spork.

I have not seen the inside of a college dorm for years, having left the hallowed ivory halls for the greener but far more dull pastures of employment.

I will not demand an apology from a lowly AC, but would consider it apropos (mind you I mean not "man -k", but rather "fitting the circumstance").

Hacking is Bad

[queenb**ch]

According to the "media pundits", all hacking is bad (refer to Ziff-Davis, etc. ad nauseum). Hackers are evil and dangerous. Now we have them working in our government, and in law enforcement, no less. Wonder how long it will take them to turn their "reverse hacking" techniques on the unsuspecting public?

The only good news is that I know several of these "in-duh-viduals" and they wouldn't be able to hack their way out of a wet paper bag with a chain saw. How they got lucky (or even if they did) with the Russian Hackers beyond me.