Slashdot Mirror
Russian Agency Charges FBI Agent With Hacking
eNonymous Coward writes "An FBI agent who helped lure two Russian 'hackers' to the USA in 2000 so that they could be arrested is now being charged with hacking himself by the Russian FSB. You might remember that Gorshkov and Ivanov exploited an NT vulnerability to steal information from corporate networks, which was then used to extort money from the companies; they're also accused of being behind the CDUniverse and Western Union credit card database thefts. Last year a federal judge ruled that the FBI's action was legal, but the FSB disagrees."
Turnabout's fair play, eh?
"Einstein argued that [...] God is not capricious or arbitrary. No such faith comforts the software engineer." ~ Brooks
I say extradite this fed to Russia, and hand him over to Dmitry Sklyarov. I'll leave the rest for you to imagine.
Will we be exchanging programmers in the future?
...the US is always in the right, and their laws on everything are the world's laws...right?
Or is that just what they've mistakenly tricked themselves into believing?
Invalid ID number. Does not appear to be a GUID or
a Passport ID
I wonder if this is related to the fact that my browser is refusing cookies, Javascript and all other spyware (being behind Squid and Junkbuster). Or maybe it -is- the article???
I'm not an expert on Internation law, but I can't understand how a federal judge can have the sort of authority to declare the action legal when it doesn't appear to be a federal matter. By the same token, a russian judge could just as easily say the two hackers were not breaking the law, though I can't see that holding any bearing on the actions of the US/FBI. If that pans out unfavourably for the russian pov, then it's likely that future 'conflicts of interest' like this will be more difficult.
Russian FSB? How fast is it clocked?
Interesting, Thats the price to pay i guess. And actually it makes the FBI look quite... Stupid!
After arresting the men, the agents used account numbers and passwords obtained by the program to gain access to data stored on the pair's computers in Russia.
So their program contributed to their own demise. It's a sad story.
Next time I write a sniffer program, I'll have to remember to ignore my own IP address (:
Ladies, form queue here -->
It seems like the Russians blew their chance at arresting him by announcing it to the press.
A crime, is a crime, is a crime, and should be solved officially. Stealing data is just a normal crime, also if it is done by FBI.
The judge noted that investigators obtained a search warrant before viewing the vast store of data -- nearly 250 gigabytes , according to court records. Wouldn't that take a 5H!T L04D 0F T1M3?
What we see depends on mainly what we look for. -- John Lubbock Now search for that bug slave!
I believe the Russians have a very strong case here - the FBI invited them over to the USA and then asked them to hack a system, then bang them up for hacking. This is hardly fair - and the Russians are absolutely right: if the FBI were using keystroke-tracking software, they're the ones who were committing the offence.
It surprises me, though, that you have two very good hackers, and neither of them thought to err on the side of caution and check the computers they were working on for such things...
Like car accidents, most hardware problems are due to driver error.
It surprises me, though, that you have two very good hackers, and neither of them thought to err on the side of caution and check the computers they were working on for such things...
Yeah I bet RMS could get them jobs at the FSF... no $pay$ albeit free doughnuts.
Aw, fuck it. Let's go bowling. - The Big Lebowski
"Finally, Coughenour rejected defense arguments that the FBI's actions "were unreasonable and illegal because they failed to comply with Russian law," saying that Russian law does not apply to the agents' actions."
This is what it all really comes to. Does US have the right to make it's agents untouchable to other countries laws? What if this had happened the other way around? (US criminals, Russia agents arrest them and hack to their computers.)
What I notice is the US Govt's case is based on: 1> the fourth amendment doesn't apply cuz it didn't happen here, and 2> Russian law doesn't apply cuz it didn't happen there.
Pavlov wouldn't be so famous if he'd used a can opener instead of a bell.
The matters of legality here seem almost nodifferent from what the government normally does to catch other 'common' criminals like drug dealers...they create a sting and snag their men. Just becuase it involves computers and not drug traffiking/dealing does not make it much different.
This was an interesting case. The description of how the agents lured the russian "hackers" to the US was beyond belief.
Michael was back at the office downloading data from their computers like mad while they took them to lunch.
The russians were very chatty, too chatty for their own good. IIRC they had something like 350 pages (an entire binder) of transcribed conversations with them. As is usual, the "hackers" were tooting their own horns.
I was called as a witness in the case to testify to data they had recovered and statements the russians had made. The russians had lied about the level of access they had. However, these people were very persistent, they spent a month or so just learning and tinkering trying to get a relatively small amount of data.
It's clear what their motives where though. They were stealing credit cards, setting up Ebay auctions and using proxy PayPal accounts to pay themselves for Ebay auctions they had setup themselves.
I got to learn how serious Paypal takes "hackers" and abuse. Both paypal and ebay (now the same) have dedicated professionals to tracking down "hackers" and fraud.
You know what might be interesting? Both the Russian and American laws may be right.
Think about it: the "sting" was under US jurisdiction as far as the physical location of the agents and the operation, so peeking at the records might be allowed. However, the hoovered computer was in Russia, so Russian laws apply to those efforts as well.
The what might help is to visualise what the non-computer version would be. Say the data in the US is a perfect fax of the Russian originals: did the agents "break and enter" into a data warehouse with forged keys, or did they trick the warehouse into voluntarily sending the copies? If the method in which these copies were obtained is illegal in Russia, are they still admissible in the US as evidence?
It's way too complicated, and I have no idea how I should feel about it.
Playing an amateur psycologist here but.
Perhaps the people in Russia don't have the same image of the US govt the US citizens do. I am sure the russians have a healthy distrust of the russian govt but their image of the US may be skewed by watching too many episodes of I love genie or dallas. It's kind of ironic that the average american geek distrusts the US govt more then the average russian geek.
War is necrophilia.
What I don't understand is why they even came to the US if they were wanted? They must have been very very desperate to need a job that badly to risk so much. They should have guessed that it was too good to be true.
Buying a Dell computer is equivalent to dropping the soap in a prison shower.
IGOR TKACH, an investigator with Russia's Federal Security Service, or FSB, started criminal proceedings against FBI Agent Michael Schuler for unauthorized access to computer information, according to the Interfax news agency.
... he knew that the systems administrator could and likely would monitor his activities," Coughenour wrote. "Indeed, the undercover agents told (Gorshkov) that they wanted to watch in order to see what he was capable of doing."
The agency reported the complaint had been forwarded to the U.S. Justice Department and that the FSB was awaiting a response.
The FBI said Thursday it had no comment on the case, and the Justice Department did not immediately respond to a request seeking comment.
Interfax quoted sources with the FSB as describing the criminal complaint as an effort to restore traditional law enforcement borders.
"If the Russian hackers are sentenced on the basis of information obtained by the Americans through hacking, that will imply the future ability of U.S. secret services to use illegal methods in the collection of information in Russia and other countries," the news agency quoted one source as saying.
RUSE WAS WIDELY PRAISED
Schuler and other agents were widely praised for an elaborate ruse that led to the arrests of Vasily Gorshkov, 25, and Alexey Ivanov, 20, in November 2000. Court papers described the men as kingpins of Russian computer crime who hacked into the networks of at least 40 U.S. companies and then attempted to extort money.
The pair was lured to the United States after Ivanov identified himself in an e-mail threatening to destroy data at a victimized company, Stephen Schroeder, a now-retired assistant U.S. attorney in Seattle who prosecuted Gorshkov, told MSNBC.com last year.
FBI agents then found Ivanov's resumé online and, posing as representatives of a fictitious network security company called Invita, contacted him to offer him a job.
Once Ivanov and Gorshkov arrived in Seattle, agents posing as Invita officials asked the men to demonstrate their prowess on a computer outfitted with "sniffer" software to record every keystroke. After arresting the men, the agents used account numbers and passwords obtained by the program to gain access to data stored on the pair's computers in Russia.
Fearing that an associate would "pull the plug" on the computer in Russia, the agents downloaded evidence before obtaining a search warrant, according to court papers.
AGENTS HONORED
In a news release issued last week honoring Agents Schuler and Marty Prewett with the director's award for excellence, the FBI's field office in Seattle said the case was the first in the the bureau's history to "utilize the technique of extra-territorial seizure." The procedures employed by the agents had been incorporated into the attorney general's guidelines for law enforcement personnel, it said.
Court papers allege that Ivanov and Gorshkov broke into and obtained financial information from a number of large U.S. companies and penetrated the computer networks of two banks -- the Nara Bank of Los Angeles and Central National Bank-Waco, based in Texas.
They also were accused of orchestrating "a massive scheme" to defraud the Internet-based payment company PayPal, based in Palo Alto, Calif., by using "proxy" e-mail addresses from such institutions as public schools and stolen credit-card numbers to buy goods.
Prosecutors have indicated they also believe the Russians are linked to two other high-profile cases: the theft of data on 300,000 credit cards from the CD Universe Web site and another
15,700 credit cards from a Western Union Web site.
Gorshkov was convicted in Seattle in September 2001 of 20 counts of wire fraud, charges that carry a maximum sentence of 100 years in prison. Sentencing was scheduled for January, but court records do not reflect that a punishment had been imposed.
Ivanov also has been indicted in New Jersey and Connecticut, where he currently is in custody and awaiting trial.
In pretrial motions, Gorshkov's lawyer, Kenneth Kanev, argued that the FBI agents had violated Gorshkov's Fourth Amendment right against unreasonable search and seizure by secretly obtaining passwords and account numbers.
But U.S. District Judge John C. Coughenour of Seattle ruled that Gorshkov and Ivanov gave up any expectation of privacy by using computers in what they believed were the offices of a public company.
NO EXPECTATION OF PRIVACY
"When (the) defendant sat down at the networked computer
He also found that the Fourth Amendment did not apply to the computers, "because they are the property of a non-resident and located outside the United States," or to the data -- at least until it was transmitted to the United States.
The judge noted that investigators obtained a search warrant before viewing the vast store of data -- nearly 250 gigabytes, according to court records. He rejected the argument that the warrant should have been obtained before the data was downloaded, noting that "the agents had good reason to fear that if they did not copy the data, (the) defendant's co-conspirators would destroy the evidence or make it unavailable."
Finally, Coughenour rejected defense arguments that the FBI's actions "were unreasonable and illegal because they failed to comply with Russian law," saying that Russian law does not apply to the agents' actions.
NT VULNERABILITY EXPLOITED
Ivanov, Gorshkov and other unidentified associates used the Internet to gain illegal access to the U.S. companies' computers, often by exploiting a known security vulnerability in Windows NT, according to court papers. A "patch" for the vulnerability had been posted on the Microsoft Web site for almost two years, but the companies hit by the cyberbandits hadn't updated their software.
(MSNBC is a Microsoft-NBC joint venture.)
At least one company, Lightrealm Communications of Kirkland, Wash., acceded to a demand that it hire Ivanov as a security consultant after he broke into the Internet service provider's computers, according to court documents. Ivanov then used a Lightrealm account to break into other companies' computers, they indicated.
Eastern Europe and nations of the former Soviet Union have become a hotbed for computer crime aimed at businesses in the United States and other Western nations.
When MSNBC.com first reported on the problem of overseas computer crime in 1999, Mark Batts, the special agent in charge of the FBI's Financial Institution Fraud Unit, said he was not aware of any prosecutions of credit card thieves operating from Eastern Europe and the nations of the former Soviet Union.
Did you notice that the US courts accept the fact that data is just as much property as your car is (for the MPAA's sake), and the fact that it is clearly not (if it has been gathered as evidence)?
Did you also notice the fact Russian law does not apply the federal agents hacking Russian computers, but clearly US law applies to Russians hacking American computers?
This is disgusting...
-- Please put this in your sig if you think
pots calling the kettles black....
---
I think it would have been entrapment when they would have been prosecuted only for the demonstration.
-- Please put this in your sig if you think
The alternative (the one the Russian FSB [Federal Security Bureau], formerly known as KGB [Committee for State Security]) and certain French censorship judges want is that you are somehow subject to all laws combined - which is a horrible mess. Is this post subject to UK law? (I'm in the UK ATM) Or US? (US server) Or Canadian (accessable from Canada) - in which case it should probably be translated into French as well?
This seems simple to me: when in country X, you are subject to the laws of country X. Everybody else should STFU: I will not accept French, Russian or for that matter Taleban laws as applicable in any way except on their own soil. Hell, if the former KGB considers the FBI's investigation illegal, imagine how illegal the CIA spying on the USSR is - or those spy satellites Boeing and Lockheed make?
This is an important point that isn't getting much media attention right now. Bush has requested that all US military forces and peacekeeping forces be given 100% total immunity from international war crimes laws! There's no reason whatsoever that this should happen.
It's up to Russian courts to enforce Russian law. It's up to US Courts to enforce US Law.
It's better this way, really. Would you want Russian courts enforcing the US DMCA against Skylarov?
It was all legal. The FBI had reasons to believe that these Russian corporations were running Kazaa and sharing both The Decleration of Independence and the US Constitution. Also MP3s of the Star Spangled Banner.
How about if FBI and FSB (and GRU/CIA/etc) could try to put their resources into stopping terrorism, injustice, and similar things instead. The corporations needs to soup up their computer security but about two notches and not rely on FBI refusing to go outside and only wanting to play with their computers.
But, not an american myself, I wonder, doesn't the US police/Feds whatever have the right to set traps?
How come that the FBI can have a US search warrant to look at russian data.
And then the judge tells us russian law does not apply? And the American Constitution does not apply?
What's going on. If I live in a foreign (non US) country, I wont have any rights. Not the rights of my country and not the rights of the US.
Do I still have my basic human rights?
Disclaimer: This opinion was created without the use of any facts
http://www.canoe.ca/CNEWSTechNews0105/10_hackers2- ap.html
High-tech net snags hackers
By ALLISON LINN-- The Associated Press
SEATTLE (AP) -- Invita Security Corp. looked like a typical Internet company: It had offices, computers, employees and a secure computer system. The only thing missing was the customers.
Far from being a failed start-up, the aptly named Invita turned out to be a bogus company set up by the FBI to ensnare two young Russians accused of breaking into U.S. Internet companies' computers, stealing sensitive data and trying to extort money.
Authorities say Alexey Ivanov, 21, and Vasily Gorshkov, 25, both of Chelyabinsk, fell for the bait. They were arrested and jailed on charges including conspiracy and fraud and are set for trial May 29 in federal court in Seattle.
The FBI declined to comment. But in recently unsealed court documents that read like a spy novel, agents tell how they snagged the alleged thieves by creating the shell company and inviting Ivanov and Gorshkov to try to hack into it.
After Ivanov and Gorshkov succeeded from afar, FBI agents posing as Invita employees invited the two to Seattle to discuss a partnership and further display their hacking prowess.
As the Russians demonstrated their skills at the shell company, the FBI used a computer eavesdropping technique to reach across the Internet and break into the suspects' own computer system in Russia.
Internet security experts say the case illustrates well how the FBI's cybercrime-fighting abilities have evolved -- though the defense is questioning the legality of the agency's methods.
"What they did was phenomenal. It was exceptionally effective," says Kevin Mandia, who worked for the Air Force office of special investigations and taught FBI courses in hacker attacks before joining the Irvine, Calif., Internet security company Foundstone. "Five years ago they wouldn't be able to do that kind of thing."
Mandia says that the FBI, after being ridiculed as ill-equipped to fight computer crime, has made remarkable progress, including adding a program that has trained more than 1,000 agents in cybercrime.
The FBI believes the Russian suspects or their associates could have been involved in hundreds of crimes against U.S. companies, including Kirkland-based Lightrealm.com, an Internet access company, and Palo Alto, Calif.-based PayPal, an online payment business.
First, the FBI alleges, the hackers broke into computer systems. Then, authorities say, they sent e-mails to company officials demanding payment in exchange for not distributing or destroying sensitive documents including financial records.
After tracking down the suspects over the Internet, the FBI invited them to Seattle in November for the Invita gambit.
Court records show that while Gorshkov was using an Invita computer, the FBI secretly used a "sniffer" program that logs every keystroke a person types.
Using passwords recorded by the "sniffer," the FBI was then able to enter the computers in Russia where Gorshkov kept his data and download immense amounts of information.
In court documents, Gorshkov's lawyer, Kenneth E. Kanev, has challenged the FBI's right to use that material, claiming his client's privacy was invaded because he did not consent to have his computer usage recorded. Kanev contends the FBI should have obtained a search warrant before downloading the information.
The investigators say they were forced to follow this procedure because they needed to secure the incriminating information before the two suspects' Russian counterparts destroyed the data.
The Invita case could define how far U.S. law enforcement can go to catch non-citizens who break into American systems.
"This case is going to resolve a very thorny legal question," says Marc J. Zwillinger, a former Justice Department computer expert now in private practice in Washington.
The case could test the admissibility of evidence obtained through the covert recording of computer keystrokes, a technique the FBI also used in a case against an alleged mobster in New Jersey, Nicodemo S. Scarfo Jr., that is expected to go to trial later this year.
Today's most serious hacker threats come from outside the United States or go through computers abroad. Russian hackers, in particular, have been behind several of the biggest Internet theft cases.
US is now divided as the "Red" and "blue" states. Red States = communist countries. Coincidence? I think not
Nationalistic ideals have killed more people in the whole history of the human race than religious holy wars and real political agendas combined.
A democratically elected One World government, a non-nationalistic military service and a justice system are the only really feasible way to go in the future.
Easier said than done. You're also assuming keyloggers are software. Not many people pop their keyboards open before use to check for the presence of a surreptitiously-installed microcontroller and a serial EEPROM. [I can put a device no bigger than a nickel into a keyboard that watches for "su" and records the next 20 chars (or up to the next cr) and can do that hundreds of times with memory to spare for less than $20 - and I'm a rank amateur. You can bet the FBI's versions of hardware keyloggers are a lot spiffier - and probably smaller - than that.]
If they think you could be one o' them terrorist hackers, they won't even need a warrant to stick one in your machine when you're not looking.
Yeah, well I did.
Excuse me? Is there *any* legal basis for that? You only need apply for a search warrant after you've confiscated all the material you need if you think the bad guys might try to cover their tracks?
Incidentally, if the FBI agents knew all along that they wanted to access this data, why didn't they apply for the search warrant before starting the whole sting operation?
Let's hope that other nations will help reign in the US law enforcement and legal system, for the benefit of everybody in the world.
Okay, this has nothing to do with the Cold War but countries must find it amusing using ppl as political pawns and putting ppl away to make examples for the rest of us. The one thing to never become in your life is an example used by any govt. Who know, perhaps the U.S will put something on the bargaining table for the Russians and both could benefit somehow?
Analytic & algebraic topology of locally Euclidean meterization of infinitely differentiable Riemmanian manifold
Oh, it sounds good to set up these little questions, but actually every single one is answered by well-defined law. Of course, in each case, it's only the former ("OK") category when the action complies with the existing law within the jurisdiction of the agent committing the act. Usually, in international affairs, there is no defining jurisdiction -- and therefore, the action is not "OK".
That's why the Bush administration's go-our-own-way, knee-jerk unilateralism is a Bad Thing. The United States has spent 50 years helping craft an international environment that handled many of the cases offered above -- and, overwhelmingly, handled them in a way favorable to both the narrow interests of the United States and, amazingly, to the cause of human dignity and freedom.
Now that we're the world's sole military superpower, and darn near the world's sole economic superpower, Bush & Co. think we can ride roughshod over the international agreements that form that framework. (And we're not talking Kyoto or ICC -- they've played pretty fast-and-loose with the Geneva Convention, too.) With no defining jurisdiction agreed between sovereign nations, each feels justified to do whatever it wants. Ironically, with no defining jurisdiction agreed between sovereign nations, none actually are justified.
When you undermine the idea of international law, you make everyone into vigilantes. As a die-hard American patriot, it pains me to see my country turning into a "rogue state".
The Mongrel Dogs Who Teach
looking at:
He also found that the Fourth Amendment did not apply to the computers, "because they are the property of a non-resident and located outside the United States," or to the data -- at least until it was transmitted to the United States.
and
Finally, Coughenour rejected defense arguments that the FBI's actions "were unreasonable and illegal because they failed to comply with Russian law," saying that Russian law does not apply to the agents' actions.
That sounds scarily close to saying "US Law doesn't apply to our actions" and "Russian Law doesn't apply to our actions" so we'll do whatever we damned like...
a grrl & her server
There are sometimes things on CSPAN which could be "put" on Gnutella (et. al.) like the Traficant speeches and etc...
I wish there was some sort of effort out there to actually "pirate" things which are in the public domain.
PBS could start sending out Divx files; considering we already paid for the programming, let us host it.
Get your Unix fortune now!
Interesting to see that the most abduction paranoidal country is the one that makes the most controversial abductions...
These two hackers were practically abducted from their country. No matter what they did, they are being hold by US authorities on the basis of facts and actions that happened in a third country and which FBI seizured by breaking a federal law of that country. Meanwhile there are no concrete facts that FBI at least asked Interpol to catch these guys...
Not long ago, in Moscow a 7 year old girl was physically abducted from his mother's house and a few weeks later was found in US territory with her father. Interesting to note that US judges seem concerned not about the abduction but who should be the tutor of the child...
Interesting also to know that before another US judge already ruled that the child should stay with her mother...
These two facts show a problem. It seems that in the US grows a trend that "We are The World, the rest is savannah", If this trend is not turned down then we all will get into trouble. Just imagine FSB hunting oligarchs in Miami or California beaches or Mossad blowing Palestinians at 5th Street. If there is no respect for others laws then only the law of the Jungle will rule with Ben Laden the only judge around...
I'm wondering how the law defines "stealing sensitive data"?
Did their computers tell hackers "Stop, there's sensitive data"?
Why not they just accuse the software vendors who sell the un-safe shit? Or their stupid customers because they use too simple passwords ? Or just fire their idiotic employee?
Why let MSNBC filter your news? These others are one step closer to the source.
If you don't have access to Clarinet (which you should) then you can check via the web:
- Reuters
- The Associated Press
- United Press International
- BBC
- CBC
- NPR
- even Times of India
There are also many excellent non-English sources as well: Denmark's P2, Norway's NRK and others.(AFP don't count - spelling, grammar, and factual errors. NYT - heavy circulation does not a good news source make. )
Go look up the fourth amendment. It doesn't say 'residents'. In fact, neither 'resident' nor 'citizen' occurs in the bill of rights - referred to instead are 'people'. This entire notion that the bill of rights doesn't apply to foreigners is sheer fabrication - but one we've seen a lot of recently and one I sadly predict we'll be seeing a lot more of before things get better...
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
the problem for the fsb now, is to lure people to Russia to arrest them. I mean, a lot of people wants to go to the usa, but russia? maybe all this spam about those St Petersburg brides is just a plot from the FSB?
It'll be interesting to see if this gets used politically to increase US resistance to the International Criminal Court. It's not as if the administration really needs to make their position more popular in the states, but haveing a this come up at this time.... Well, the Bush administration probably sent Putin a nice muffin basket and with a lovely card.
And on lighter news did anyone else see this? 116 trillion dollars? Appearently, Scott Evil will be taking the LSAT! I mean, I feel for those people, and maybe agree with some of their reasoning in assigning blame, but combining comic book supervillain plots with actual lawsuits seems less than productive.
--Jimmy has fancy plans; and pants to match.
The more likely response is bemusement over Bush's foreign policy, amusement over some of his 'speeches', and in many ways consider him to be crazy (in the 'completley unpredictable' sense).
"Jurisdicton, my ass" to quote some film which I can't remember...
We'll stop subverting your computers, as soon as you stop poisoning and flouridating our natural bodily fluids!
I'm sorry, it must be all that pure grain alcohol and rain water getting to me.
Whoever stated that signature sizes should be limited to one hundred and twenty characters can just go ahead and kiss my
like, i suppose, here(finland) that would be provoking to commit crime, like the cops can't really go walking the streets with a brick, and give it to people and give them 100$ for throwing it in the window, and then arrest them for causing havoc.. but i suppose fbi's got some special rights, after all, we need 00 agents with special rights to battle terrorists who got satellites with 'lasers' and are going to blow the earth up!
world was created 5 seconds before this post as it is.
Turnout was on the low end of the 20 to 100 people Tiemann expected. Some programmers complained of the early 10:30 a.m. start time. One said he had to drag his friend out of bed. Others cited the fast clip of the gangly Tiemann, who took off promptly from the conference hall and rushed up the street, forcing some programmers to jog breathlessly behind him.
Sooo... I think it's gonna be a while before we see a followup story on this, or at least it won't be on the main page.
If they charged the Russian crackers with offences relating to the actions they invited them to do that would be entrapment. Surely they just conned them out of evidence relating to other crimes that was on their computers in Russia.
If hacking is a crime then submitting patches to Linux is crime.
As opposed to, say, holding numerous foreign citizens from diverse states hostage in a military installation, denying them any legal rights or access to representation, and refusing to acknowledge them as either prisoners of war or criminal suspects who should be legally tried?
Y'know, I only mention it because, well, that lot sounds entirely like the sort of behaviour that would get those responsible up before the ICC in short order, to be tried on whether or not their actions were reasonable. And it's not as though the entire rest of the world, from Arab states to the US' closest allies, is criticising the policy or anything.
What you want is one law for you, and one law for everyone else. That is hypocritical, pure and simple. Every argument that could be made to defend that position would apply equally to all the other states involved, yet they are agreed, at least on the major points, that the ICC is a good thing and they are prepared to stand before it if necessary. The US wants exemption so it can continue to perform with impunity acts that would otherwise be regarded as illegal by the international community (kidnapping, assassination, military acts without due declaration of war, etc). Hell, the US now votes with certain "terrorist-harbouring" nations in opposing anti-terrorism legislation supported universally by the rest of the western world.
You want one law for yourselves and one for everyone else, and you want your own courts to oversee it all. The rest of the world things that's unreasonable, for some reason. It really is that simple.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
pot... kettle... black...
They were not convicted of the hacking they did for the FBI.
They were convicted of past hacking based on the information the FBI stole from their home computer in Russia.
I am impressed by the technical expertise of the FBI agents. What they did is not exactly brilliant, but it requires more skills than your average script kiddie.
...but they do anyway.
The funny thing is I have much the same reaction to Bush's actions.
The Simpsons were right, as usual: "Move back to Russia!"
... does this mean that if i put up a public computer somwhere. i could legaly sniff passwords and data because people using it could not expect privacy using my public computer?
ie. have we no expectation of privacy when using a computer on a network/ sending information over a computer network? knowing that a sysadmin could sniff the information? weak argument at best.
something is rotten in the state of denma.. no.. usa
In case you haven't noticed, the bill of rights doesn't make a whole lot of sense.
Take for example the ninth amendment:
"The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people."
Now, what does that mean legally? What are these other rights that the people retain? The right to drink and drive? The right to chew gum?
Is it possible for a federal law to be unconstitutional because it violates any of the rights referred to by this amendment? If so, how can we know if a law violates one of these rights, since the amendment doesn't tell us what they are? Or if not, then what good is this amendment anyway?
Face it -- if you try to interpret the Constitution literally, as a legal document, you will get nowhere. It was written by a bunch of 18th century men in powdered wigs who never could have imagined that it'd stick around this long. The language is archaic. Disputes arise because most concepts from the 18th century do not translate well into the 21st. In particular, what is the equivalent of a militia today -- the National Guard, a bunch of good old boys with hunting rifles, or what?
The only reason we haven't had to ditch the Constitution is that the language is sufficiently ambiguous that a court in any particular era can interpret it to mean whatever happens to be acceptable and practical to the country at that time.
And don't think for a moment that having the Constitution, or any constitution, is essential to protecting our freedoms. The UK has gotten along quite well without one.
Doesn't it strike anyone else as worrying that whenever the USA acts in a questionable way, it justifies itself by stating that its Constitution doesn't apply to non-US citizens or outside of the United States? If the USA truly believed in its Constitution, it would apply the relevant rights that it gives to all people, regardless whether they are US citizens or not.
It shows that the people in power in the USA do not believe in their own constitution, as they are always trying to sidestep its clauses.
~c
OK well the article I just read about the Judge OKing things seems to scream a few things at me. First and most important I have to question if the FBI's actions fell into the realm of entrapment. I dont know how those laws read but it sounds like the way these guys were lured over wasn't exactly legal. Although I have to admit that if what is reported is true, then these two Russians arent exactly high on the common sense ladder. I don't see any reason for the story to be fabricated but it just seems too easy.
Also the second thing that I saw that concerns me highly is the fact that these guys were using an exploit that M$ had patched. Now the companies that didn't update with this patch, knowingly left themselves open to the attacks. This to me is just foolish and I find these companies at fault as well since they knew they were open to attack.
There are several things about this I just didnt like. Of course this is all old news.
However with this FBI agent being accused of hacking by Russian officals has sparked issues. I find it funny that the posted MSNBC article talks briefly about the fact that Russia has charged an FBI agent and focus's more on the arrest of the two Russians. Of course the two are interlinked but from the reactions of the FBI and other departments of the US government, I am guessing not a damn thing is going to happen.
From what the articles say happened it just doesnt sound like procedure was followed and the FBI is in fault for removing or downloading data without proper authority.
ALthough I guess this is a pointless rants. I mean the US is going to do whatever it pleases, legally or not. Makes ya proud to me an American huh? *sighs*
Looking beyond how their deceived the hackers and tricked them into obtaining their login info ...
The FBI used the login info to access computers on Russian soil without the permission of their owners. That in my book is illegal. The FSB is 100% correct in issuing an arrest warrant for Schuler.
What the FBI should have done is to contact the local Russian authorities to investigate the matter further. Yes, nothing may come out of it, but that's how it works in the world of international relations.
You just don't dismiss other countries' laws because it's inconvenient. It's a two-way street. It'd be interesting to see Australian or Indian intellegence agencies cracking US computers and getting away with it.
One day everyone will be afraid to enter another country because they unknowingly may have broken a law there.
Wearing pants should always be optional.
I used to work at CDUniverse. I know internal secrets that can be useful to aspiring hackers! Ask me for knowledge, and then send me money into my off shore bank account!
Matrix.
"and if you give me that juris-my-diction crap..."
I suspect...
How about 'checking those links' before posting stories.
/ads/managers/batchads.inc, line 304
The link to the arrest story gives me the following:
UPSClient.UPSClient.1 error '80070057'
Invalid ID number. Does not appear to be a GUID or a Passport ID
Does it implies that in US you have no expectation of privacy when using computer at work, public library or internet kiosk?
Didn't you read the EULA taped to the monitor before you logged in?
-- If god wanted me to have a sig, he'd have given me a sense of humor.
Once you embrace violence to stop violence, you perpetrate what you set out to destroy.
mod parent up!
OK OK..a couple points of law:
If there are exigent circumstances (i.e. the destruction of evidence or risk of life) officers can grab data or make entry. This is extremely discouraged in the field because it requires a lot of articulation at trial time before the judge and opens so many questions. BUt if an officer can articulate the reason why it can be done. The fact is it is rare to be able to use that justification. Many a no knock warrant are denied for lack of clear articulation.
Entrapment: no way. They offered to pay for these guys to come over for a job interview and asked them to show thri stuff.............how is that illegal? The morons then proceeded to play on a network that wasn't theirs and no guarantees of privacy on that network and they got stung. They were charged for the previous crimes mainly and the session in the USA was used as intelligence and further evidence gathering.
Entrapment is when police officers entice someone to do something they wouldnt normally do or they plant the idea in that persons head. It does happen.but it is rare. This is not entrrapment.
What they agents did was not illegal here but probably illegal over there. That's just the way it is and for the USA and Russia to sort out. Course the Russians pretty much let the mob and other criminals run amok with fraud and child porn.
Getting a search warrant after an exigent seizure is common practice. They explain why the ignored the Fourth Amendment and ask for permission to go ahead from there.
What right to privacy does an individual have on a machine he doesn't own and when there re no specific use guidelines set up? None. Sorry...but if you share information with somone you dont know how can you trust them not to reveal your illegal activity?
While I am no expert...I have worked in the arena of criminal cases......and the lack of knowledge on Slashdot about terms , case law, and standard practices is pretty amazing.
I am glad they got these extorting braggart thieves.
oh and by the way..yeah the sysadmins of these victim companies were stupid for not updating their systems.but is it all right to steal from stupid peeople? SUre the customers have a beff...but it doesn't make the criminals actions ok.
That's not surprising, considering that Russian governments have historically never been either democratic, or moralist, usually instead veering towards kleptocrat dictatorships.
/any/ government...
Judging from Putin's attitude towards independent Russian media and his willingness to pardon his predecessor, those tendencies haven't been entirely banished. So I'd be surprised if they trusted
Only the dead have seen the end of war.
How long until our constitution is ignored alltoegther in the name of "cyber terrorism". And what they did is legally entrapment. The more I read in the news the more it scares me that the greates nation on earth is turning into a corporate nation. Rampant abuses of rights should scare us not make us feel safe.
-For it is the very essence of imperialism to turn information systems into wild, bloodthirsty animals-
I thought our (USA) police tried to work with other law enforcement agencies worldwide (interpol, etc). I wonder why such a path was not used this time? Are we still such enemies with Russia?
*shrugs*
-- www.globaltics.net
Political discussion for a new world
Perhaps a useful analogy would be drugs...
DEA sets up an operation and entices two Meth lab designers to help them set up a Meth lab. During the course of the operation, one pulls out starts smoking some crack and bragging about how much more crack, dope, heroin, and acid he has back at his house and look here are the keys to my garage where I keep the stuff -- good thing my buddies are there to destroy everything if anything ever happens to me. If the DEA then took the keys and opened the garage and confiscated the goods, it wouldn't be breaking and entering and they probably wouldn't need a warrant because the evidence is "in imminent danger of destruction."
The Russian hackers in this case were stupid in that they logged on to their own server, from a network they were unfamiliar with, and proceeded to download cracking tools to that network. They were greedy and they made stupid mistakes.
As unpopular as this idea might be with some people, there are some areas that would benefit from a goverment with worldwide, legitimate jurisdiction.
science is a religion
They were arrested in Washington state, last time I checked, that's in the US, not Russia, though we did take 155 years ago from Canada.
For the truly adventurous, here's the FSB's home page
I put the 'fun' in fundamentalism
The whole point behind the Carnivore system is that the data is captured but not examined until you have a search warrant.
Schroeder's cat: If I have a copy of data I can't access, at what point is the data actually "seized"? When it is a copy of bits, or when it is examined and found to be data?
Never confuse volume with power.
in civics class.
Many Americans gave their lives so that we can enjoy the hard won freedoms that we do today, AND hand them out like fucking party favors to whoever else comes along and values those freedoms.
That was the whole fucking point of the Monroe Doctrine, the Marshall Plan, Korea, Vietnam, Desert Storm, The South African, Cuban and Iraqi embargos, etc.
Fucking sincerly,
KFG
Before you make ignorant statements such as the above. While liberal revisionist judges have impuned the Constitution in the last 30 years, The federalist papers were written to give historical context to the provisions of the Document itself, why they did what they did.
People explicity refers to the US citizenry which was in existance - 1792 as opposed to 1777, we had won our independance and had been functioning as a confederation, like the current E.U., which was not working. So the idea of "people" referring to some vast loosely nit group of world citizens is pure bunk - the world, and these men in particular, were very Nationalistic, otherwise, the peace treay with englan would have merely demanded representation in Parliment.
You people should sue your parents for allowing you to be educated in public schools.
It's why we are americans and not Russians, doh!
Can you say "Soveriegn State" ? THought not, your a member of the EU.
Bush seems to operate on the theory that if he acts like a damn cowboy yahoo from Texas every time he opens his mouth, the other nations of the world will be too confused to figure what he's really after until he's mostly there. Thus the U.S.' even-more-schizophrenic-than-normal foreign policy recently.
Plus, he's keeping Paul O'Neill because he's the only other person in the administration who's more likely to make embarrassing public statements than the President is. O'Neill single-handedly crippled the economy of Brazil a couple weeks ago - he makes regular super-villains look pretty tame by comparison.
No, I don't hate America, but I'm pretty fed up with the people that are giving Americans a bad name at the moment.
Your right to not believe: Americans United for Separation of Church and
The general theory on entrapment is that you can provide the opportunity for someone to commit a crime (leaving your car unlocked, etc.) but you can't try to talk them into it or get them to do something that they wouldn't have done without your coercion. Someone must really commit the crime of their own free will in order to be culpable.
Your right to not believe: Americans United for Separation of Church and
This isn't entrapment because they are being charged with hacking *other* systems (at least that's what the article implied). They aren't being charged for the demonstration they did for the FBI. The FBI just used the demonstration to gather information they needed to prosecute them for the other offense. As to whether the FBI violated other laws (US or Russian) I'm in over my head but I suspect that they didn't violate US law. I believe there are circumstances where you don't need a search warant (reasonably suspicion? Any lawyers around to comment?) to conduct a search. If that's true, that probably would apply here - the people were wanted for hacking, it is reasonable to assume that they had evidence of this on their personal computers.
Go Badgers! -- #include "std/disclaimer.h"
Wrong number of arguments or invalid property assignment: 'instr'
No article.. ;(
<^>_<(ô ô)>_<^>
Of course if this were some middle eastern country or south american regieme, George W would be using this as all the reason he needs "to keep the world a free place"
Also, I don't think they were charged with hacking while in the U.S. That was merely to get the passwords.
Also, I don't think the FSB is complaining about the keystroke-trackers (just a guess, the article isn't clear) ... the russians had no reasonable expectation of privacy. I think they are complaining about using that info to open the hacker's accounts.
Jack Valenti and the MPAA are to technology as the Boston strangler is to the woman home alone
and I did not speak out -- because I was not a cracker.
Then they came for the white hats
and I did not speak out -- because I was not a white hat.
Then they came for the file swappers
and I did not speak out -- because I was not a file swapper.
Then they came for me -- and by then there was no one left to speak out for me.
With apologies to Pastor Martin Niemöller
Guys, you don't even know what FSB is. It is, in fact, re-branded KGB. To give you some perspective, considerable percent of Russians thinks that those explosions in Moscow and other Russian cities were performed by FSB. And yes, there are some facts that say it might be true. For example this "training" in Ryazan, when police has found a bomb, and experts were shown on TV saying there were explosives, next day FSB comes into play and says it was sugar and these bombs were a "training" for police. Show me the expert in explosives who can't tell sugar from heavy explosives! Show me the the training when even the minister of internal affairs (in charge of police) doesn't know what's going on and says _on TV_ that a bomb was found!
Now to the FSB practices related to information. According to Russian laws, all ISPs have to implement a System for Operative Search Actions. Which basically means they have to provide network traffic and uncontrolled means of intercepting and invading any network activity that goes through them. In other words, FSB doesn't even have to get a warrant to read your mail, and the cost associated with these activities (ILLEGAL in USA) gets passed on you. You pay for your email being read by "men in gray".
Their charges against FBI agents (who did absolutely the right thing, IMO) are the worst case of hypocrisy I've seen in years.
*
The rulings make legal sense to me. However, it does raise computer security issues for any sort of remote access.
:)
Teaches me to be even more paranoid (not that I have anything to hide, but if the FBI can do it, the same technique could be used for fraud, etc.) Imagine if someone in a corporation were to do something like this to steal employee's credit card numbers.
The solution it this is to set up a way whereby you use a passphraseless public key for ssh authentication and then delete it from the allowed keys list when you are ready to logout. That way, no password
LedgerSMB: Open source Accounting/ERP
The software used in this case was WinWhatWhere Investigator
Did anyone else think "Front-Side Bus" when they saw the acronym "FSB"???
/. lament, if most /.-ers actually realized it... :-P )
Yes, yes, I know: I really need to get out more...
(Which would be a common
Get real, The US makes the rules. He who holds the power makes the rules. Its always been that way.
At least, that's what we tell EVERYONE when they are hired.
SysAdmin, telecommunications company
Is there a way to learn whether you are wanted by FBI or another govt agency before geting to US and facing the music? Some sort of public APB database? Can you ask that in the US embassy? And will you get the right answer?
Seriously, if they can give this sort of information to the most wanted guys, they surely can give it to not-so-much wanted, and least wanted, and unwanted.
We asked them over to demonstrate their hacking skills. And what we busted them for was based on the evidence of OTHER systems that were hacked.. and all the people on PayPal who where defrauded.
Some people like to configure the options in their browsers. You see, browsers have "configurable options". One of the reasons they use these is to maintain some control over the information that websites can access. Evidently, this website wants a "Passport or GUID". I can only think of one reason for this. (There may be others.) They want to track what the individual is doing; if you don't allow them to staple this ID to your forehead, they won't let you in the door.
Now of course a passport or GUID can be used to tie the user to registered user.
Gee. I can't imagine why they would want to do such a thing.
The software used in this case was the beloved WinWhatWhere Investigator It has previously been the subject of much wrath here at SlashDot.
Even *I* could use the BackOrifice keysniffer five years ago
.sig: No such file or directory
What's more troubling to me is that the selectively apply The Consitution to these people.
All U.S. laws stem from The Constitution, hence charging someone under U.S. law means they are charged under that document. To then turn around and state that those people can't use the same body of laws they are charged under to defend themselves is utterly and completely rediculous.
Article X: The powers not delegated... by the Constitution...are reserved...to the people
Right. So are you at war, or aren't you? Your president and government are claiming all sorts of powers that they're only allowed to use at war time, yet there has been no declaration of war, with all the disadvantages that would have.
If you're not at war, you have committed an act of war against the nation of every prisoner you're holding by keeping them against their will and without due process. Your government is also committing various minor transgressions such as totally disregarding various parts of your Constitution "in the interests of national security", blah blah.
OTOH, maybe you really are at war. In that case, against whom are you fighting? Under what circumstances will the war be over, and will the powers be relinquished? When will you acknowledge the basic rights due to various parties involved -- not just those in custody at Gitmo -- and behave in an acceptable manner for a nation state at war? When will you declare war, and thus force all the normal international agreements about war to come into force (starting with all countries stating their allegiance, or declaring neutrality and ceasing trade with either side, for example)?
Oh, please. You guys trained Osama bin Laden FFS. And right about now, you'd do well to remember that we're about the closest ally you've got (not that that's saying much these days).
Yep, I realise that. Did you ever stop to think that maybe the fact that half the Arab world is prepared to commit suicide in order to kill thousands of your people, or the fact that not one single nation has shown support for your plans about Iraq, might in some way be due to the fact that you have this isolationist, superior attitude?
Riiiight. But it's OK for you to go toppling the odd government here and there (Iraq, say) because you don't happen to like their leader, and you claim he is developing WMDs to use on you? What about their national sovereignty? Just reverse that argument for a second. While they are claimed (by some, not all) to be in that position, you are definitely a nation state with WMDs that is planning to attack Iraq. With the overt preparations you are making for that attack, Iraq would now be quite justified in throwing every single WMD they have at you in a preemptive strike, and it would be self defence.
Before you flame that, just stop and think about it, OK?
You might recall that WW2 effectively started with a declaration of war on Germany by our Prime Minister. Some of us were prepared to stand up for the rights of our neighbours. You guys needed a surprise attack on Pearl Harbour before you even lifted a finger. I'm sorry, but you guys have absolutely no right to go taking the moral high ground in any discussion on the ethics of nation states, their behaviour toward other states and their conduct during war time.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Two individuals were invited to a foreign country and were given the opportunity to input whatever information they wanted into a computer. Said individuals accepted the invitation, and proceeded to type root passwords into that computer.
MEANWHILE...
Using information that had been typed directly into a computer it owned (in the old-fashioned sense), a government agency sent information to another computer in another country, and then recorded the information that was sent back to the first country by that computer. It used that information to try suspected criminals, which is a task with which Congress has charged it.
This a great thing that has happened. If the internet is in any danger, it is in danger from hegemonic governments' passing laws based on basic misunderstandings of what the internet is. The most basic misunderstanding is that the internet is anything other than a group of computers sending electronic signals to each other. I.e., that it is a "place", that it "belongs" to copyright holders, that it is responsible to do anything for anyone, etc. When an agency of the most hegemonic government acts in a refreshingly realistic way concerning the internet, that is a great thing.
There has never been any need for new laws to "address the internet". Fraud is fraud, and a webpage set up to mine unsuspecting lusers for credit card numbers would have been illegal 50 years ago. Logging in using a password you've obtained legally, abusing a poorly-designed protocol, using a program in ways that its writer did not intend, etc. should all be legal actions. Anything done to restrict these actions legislatively as opposed to technically will only hurt us in the long run. I see a glimmer of hope in the fact that the FBI has used the internet in a realistic manner. If we can use hypocrisy as another argument against all sorts of laws that we don't want or need, so much the better.
As an aside, it seems that there could be a question about whether the passwords were legally obtained. I assume this was addressed in the hearing, and the judge found it acceptable. My point is that once the passwords were legally obtained, it is ludicrous to claim that sending them to a computer in another country should be illegal.
later,
Jess
I am programmed for etiquette, not destruction!
...that I start shitting golden bricks so I won't have to work anymore.
That usually means that it has to be apparent that a crime is being committed, it never applies to looking for evidence for a past crime. IIRC this is called probable cause.
At least that was the case a year ago...
Disclaimer: IANAL, IANAA.
I think perhaps I'm not being clear here. I have nothing whatsoever against the average US citizen; indeed, several of the nicest people I've ever met come from the US, and I'm proud to call them friends. Nor do I have anything against legitimate military action, such as going after al Qaeda, and I certainly do not support terrorism. Nor do I have anything against ripping the testicles off anyone who supports the September 11 acts slowly and letting them bleed to death over as long and painful a period as possible. Let me be quite clear on these things, because I don't want you to think that I'm against any of them. Nor do I believe that everyone supports their government 100% on everything, though we have to recognise that the rest of the world mostly sees the actions of those governments (and in this case, the vast majority of US citizens in every poll since September 11 have supported just about everything the US government is proposing).
There is a point where actions cease to be reasonable. To me, that point comes when you start ignoring the very values you claim to be defending. The US is holding prisoners, using political rhetoric to justify their actions. You never answered my questions about whether you're really at war, and if so, with whom and until when, so it's hard to argue that holding those people without due process is unreasonable in a logical way. However, either way you answer, I think that argument can be made.
You yourselves are currently in the very same position you claim Saddam is in. You are a belligerent nation, equipped with WMDs, planning to wage war against another state who has done nothing recent to attack you. The symmetry of the situation is staggering; the only certain difference is that you claim they are getting ready to attack you, but everyone knows for a fact that you are getting ready to attack them. There is simply no ethical stance that justifies your position. Any argument that supports your action against Iraq applies even more so to them attacking you first.
And by the way, I don't know what you're seeing on the news in the US, but over here, we are seeing UN weapons inspectors and senior military staff coming out against attacking Iraq with the information currently available. If they are a genuine threat, you certainly have a right to defend themselves, but as of right now, I have seen absolutely no evidence beyond the say-so of Bush and his cronies that there is a problem. Not a single thing has been produced that objectively supports their position. The more cynical amongst us might start to think that, y'know, he was just using the "war on terrorism" to cover up trying to finish daddy's job, in a politically motivated effort to distract US citizens from the state of affairs at home, particularly your economy. But that would be cynical, I'm sure.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
At best the accused's status as law enforcement will count for nothing, at worst it will encourage them to prosecute more strongly, so as to send the message that law enforcement is expected to obey the law.
I say at best they will be encouraged to prosecute more strongly.
It's kind of odd huh? Russia at one time held it's "authorities" above everyone and the law. What they said was law - and we are taught about how many Stalin killed for those who opposed his rule and laws. Now they are ones who (seem to) realize that if the people in charge aren't kept in check the people will suffer more than if crime ran rampant.
Get your Unix fortune now!