Slashdot Mirror
Russian Agency Charges FBI Agent With Hacking
eNonymous Coward writes "An FBI agent who helped lure two Russian 'hackers' to the USA in 2000 so that they could be arrested is now being charged with hacking himself by the Russian FSB. You might remember that Gorshkov and Ivanov exploited an NT vulnerability to steal information from corporate networks, which was then used to extort money from the companies; they're also accused of being behind the CDUniverse and Western Union credit card database thefts. Last year a federal judge ruled that the FBI's action was legal, but the FSB disagrees."
My thoughts exactly. When I read the article, the only thought that came to mind was "Sklyarov." I'm making popcorn, this might be a great show to watch. I think most of us can agree that the USA needs (or at least really wants) Russia as an ally... It'll be interesting to see how this plays out.
This was an interesting case. The description of how the agents lured the russian "hackers" to the US was beyond belief.
Michael was back at the office downloading data from their computers like mad while they took them to lunch.
The russians were very chatty, too chatty for their own good. IIRC they had something like 350 pages (an entire binder) of transcribed conversations with them. As is usual, the "hackers" were tooting their own horns.
I was called as a witness in the case to testify to data they had recovered and statements the russians had made. The russians had lied about the level of access they had. However, these people were very persistent, they spent a month or so just learning and tinkering trying to get a relatively small amount of data.
It's clear what their motives where though. They were stealing credit cards, setting up Ebay auctions and using proxy PayPal accounts to pay themselves for Ebay auctions they had setup themselves.
I got to learn how serious Paypal takes "hackers" and abuse. Both paypal and ebay (now the same) have dedicated professionals to tracking down "hackers" and fraud.
"I can't understand how a federal judge can have the sort of authority to declase the action legal when it doesn't appear to be a federal matter."
The case appears to be before Judge Coughenour, a federal judge sitting in Seattle. During the course of a typical case, judges routinely have to rule on federal and state legal issues that come up. On federal law questions, the judge looks primarily to the past decisions by the US Supreme Court and the 9th Circuit Court of Appeals.
For state law issues, Judge Coughenour has to apply and abide by past rulings of the Washington State courts, and especially its Supreme Court.
For a specific example, the Russian defendants can claim rights under both the 4th Amendment to the US Constition and similar provisions of the Washington Constition against unreasonable search and seizures. You may have more (or fewer) rights under your state constitution than you do under the Federal. Coughenor would look to federal precedents to decide the federal issue and look to state precedents to decide the Washington state issue.
If the Russians think that Coughenor gets either the state or federal issues wrong, they can appeal to a higher Federal Court of Appeals and on the state law issue, there is a process for the Court of Appeals to ask the Washington Supreme Court for their opinion.
On the issue of who wins the dispute over whether the FBI agent broke Russian law, there is no single answer. If the Russian courts ultimately decide the FBI agent broke their laws, they can convict him and sentence him to prison. Their problem is getting hold of the FBI agent to put him on trial in the first place. Don't look for a U.S. Court to order that a Russian extradition request for the FBI agent be honored. This case should make a nice final exam question for "Conflicts of Law" courses in lots of US law schools next May.
IANAL (and all other disclaimers)
:) and this is a crime only in c2, a crime has only been comitted in c2
/AC - the lurker
This is actualy coverd in international law.
Say i stand in one contry and shoot a bullet over the border to another country to kill someone.
his is a crime in both countrys but i can only be procequted (spelling?) in one.
Contry 2 has the ball if they want to go first.
however if i stand in c1 and over the phone to c2 sa that god wears leather underwear and frequents the blue oyster bar
turn the reasoning around in the last example and no crime has been comitted.
analogy would give:
I was ok in the us but not in russia. If the FBI agnt goes to russia they can (and should be)arrsted
It becomes harder when you look at a webpage because you dont aim a webpage.
you just make it accessable for all.
This is the problem legislators have to deal with. and sofar they shoose to interpet it as solissiting in every country there is.
http://www.canoe.ca/CNEWSTechNews0105/10_hackers2- ap.html
High-tech net snags hackers
By ALLISON LINN-- The Associated Press
SEATTLE (AP) -- Invita Security Corp. looked like a typical Internet company: It had offices, computers, employees and a secure computer system. The only thing missing was the customers.
Far from being a failed start-up, the aptly named Invita turned out to be a bogus company set up by the FBI to ensnare two young Russians accused of breaking into U.S. Internet companies' computers, stealing sensitive data and trying to extort money.
Authorities say Alexey Ivanov, 21, and Vasily Gorshkov, 25, both of Chelyabinsk, fell for the bait. They were arrested and jailed on charges including conspiracy and fraud and are set for trial May 29 in federal court in Seattle.
The FBI declined to comment. But in recently unsealed court documents that read like a spy novel, agents tell how they snagged the alleged thieves by creating the shell company and inviting Ivanov and Gorshkov to try to hack into it.
After Ivanov and Gorshkov succeeded from afar, FBI agents posing as Invita employees invited the two to Seattle to discuss a partnership and further display their hacking prowess.
As the Russians demonstrated their skills at the shell company, the FBI used a computer eavesdropping technique to reach across the Internet and break into the suspects' own computer system in Russia.
Internet security experts say the case illustrates well how the FBI's cybercrime-fighting abilities have evolved -- though the defense is questioning the legality of the agency's methods.
"What they did was phenomenal. It was exceptionally effective," says Kevin Mandia, who worked for the Air Force office of special investigations and taught FBI courses in hacker attacks before joining the Irvine, Calif., Internet security company Foundstone. "Five years ago they wouldn't be able to do that kind of thing."
Mandia says that the FBI, after being ridiculed as ill-equipped to fight computer crime, has made remarkable progress, including adding a program that has trained more than 1,000 agents in cybercrime.
The FBI believes the Russian suspects or their associates could have been involved in hundreds of crimes against U.S. companies, including Kirkland-based Lightrealm.com, an Internet access company, and Palo Alto, Calif.-based PayPal, an online payment business.
First, the FBI alleges, the hackers broke into computer systems. Then, authorities say, they sent e-mails to company officials demanding payment in exchange for not distributing or destroying sensitive documents including financial records.
After tracking down the suspects over the Internet, the FBI invited them to Seattle in November for the Invita gambit.
Court records show that while Gorshkov was using an Invita computer, the FBI secretly used a "sniffer" program that logs every keystroke a person types.
Using passwords recorded by the "sniffer," the FBI was then able to enter the computers in Russia where Gorshkov kept his data and download immense amounts of information.
In court documents, Gorshkov's lawyer, Kenneth E. Kanev, has challenged the FBI's right to use that material, claiming his client's privacy was invaded because he did not consent to have his computer usage recorded. Kanev contends the FBI should have obtained a search warrant before downloading the information.
The investigators say they were forced to follow this procedure because they needed to secure the incriminating information before the two suspects' Russian counterparts destroyed the data.
The Invita case could define how far U.S. law enforcement can go to catch non-citizens who break into American systems.
"This case is going to resolve a very thorny legal question," says Marc J. Zwillinger, a former Justice Department computer expert now in private practice in Washington.
The case could test the admissibility of evidence obtained through the covert recording of computer keystrokes, a technique the FBI also used in a case against an alleged mobster in New Jersey, Nicodemo S. Scarfo Jr., that is expected to go to trial later this year.
Today's most serious hacker threats come from outside the United States or go through computers abroad. Russian hackers, in particular, have been behind several of the biggest Internet theft cases.
US is now divided as the "Red" and "blue" states. Red States = communist countries. Coincidence? I think not
My current beef is the authorization for US personnel to enter a different territory - out of uniform - and kill suspected (not charged, not convicted) terrrorists and people suspected of aiding terrorism. This without the consent or even knowledge of the local government.
/Janne
From my perspective, this is no different from the acts justifiably condemned as state-supported terrorism by other countries.
You cannot stop atrocities by committing more of them yourself. All that will happen is that you'll lose the moral high ground and make people question whether your motives and actions are any purer than those of the (other) terrorists.
Trust the Computer. The Computer is your friend.
Do you really believe in a great conspiracy by the rest of the world that aims bringing the USA down and that other countries are incapable of setting up fair trials?
You don't read this site very much, do you? It is riddled with comments about hoping that American's 'get what they deserve', whatever that may be. And supposedly this site is supposed to cater to the more enlightened masses.
As a general rule the US does not allow its armed forces to be commanded by non American's. The reasoning behind this is that it's been shown that American troops are more effective this way. Part of this is also that it's troops are responsible to US military courts as well. Having US soldiers brought before a different court system would be a blow to one of the fundamentals of the US military and hurt combat effectiveness.
Besides this, we in the US believe in a 'jury by your peers'. A world courty is hardly that.
Hm. The US props up their economy -- Israel has, generally, been the number one recipient of US foreign aid (Egypt is number two), and in exchange, gets --
/need/ a foothold beyond the Turks allowing the base at Incelrik.
a) An Israeli government that still goes against US policy. If memory serves, the US has criticized --
- The building of more settlements in the occupied regions.
- Blatantly obvious life-threatening human-rights violations like the use of Palestinian civvies as human shields.
- The building of a wall along the Green Line.
- Punishing the relatives of militants through destruction of their home and moving them from the West Bank to the Gaza Strip.
- Until recently, any marginalization of Yasser Arafat, who was thought to be vital to the peace process.
I'm not sure if the US has criticized the Israeli policy of extrajudicial executions, e.g. targetting militants with helicopter gunships, or whether it's commented on the various blockades.
b) The open, violent hatred of just about everyone else in the region; plus vast amounts of criticism from Europe and just about everyone else, for being publically so pro-Israeli. This has hurt diplomatically, economically (e.g. the oil embargo), and otherwise (inviting such acts as the WTC bombing, the 9/11 attack, the Marine Barracks attacks, the Embassy bombings)... not surprising when anti-Jewish propaganda declares that the US is, after all, a puppet state run by a Zionist conspiracy.
If the US were fervently isolationist, at least with regards to the Middle East, it would probably get less grief. And if the US were isolationist and made fewer (if any?) enemies there, I doubt that the US would even
So, while there may be a warm fuzzy feeling knowing that the US is supporting a nominally friendly democratic republic, possibly averting a second Holocaust, and opposes factions whose tactics we find repulsive, I'm not sure that there's much practical gain. One might say that there's practical gain for the politicians, because Americans are generally pro-Israel, but then one has to explain why the voters would be more favorable towards Israeli... and it might be even harder to point towards any practical gain for individual voters.
Only the dead have seen the end of war.
Perhaps a useful analogy would be drugs...
DEA sets up an operation and entices two Meth lab designers to help them set up a Meth lab. During the course of the operation, one pulls out starts smoking some crack and bragging about how much more crack, dope, heroin, and acid he has back at his house and look here are the keys to my garage where I keep the stuff -- good thing my buddies are there to destroy everything if anything ever happens to me. If the DEA then took the keys and opened the garage and confiscated the goods, it wouldn't be breaking and entering and they probably wouldn't need a warrant because the evidence is "in imminent danger of destruction."
The Russian hackers in this case were stupid in that they logged on to their own server, from a network they were unfamiliar with, and proceeded to download cracking tools to that network. They were greedy and they made stupid mistakes.
No you twit, this isn't entraptment
Never confuse volume with power.
non-US citizens here on vacation DO NOT enjoy the same rights as Americans do. Nothing in the constitution says we have to extend those rights to everyone in the world.It specifically specifies US citizens.
Actually the Bill of rights contains phrases such as "Congress shall make no law... right of the people...", "The right of the people...", "any house", "No person...", "In all criminal prosecutions, the accused...", "nor shall any State deprive any person of life... nor deny to any person...", etc.
Restrictions on citizenship are only in the articles about voting and representation.
Source: CONSTITUTION OF THE UNITED STATES
As far as I understand the FBI only asked them to show their prowess. If the FBI only asked the 2 hackers to show their prowess without specifically saying anything about hacking and the persons involved chose to show their prowess by hacking it would be enticement and not entrapment. There's a lot of other ways to show you have skills in security instead of illegally trespassing on someone elses computer. These russians could have very well gotten authorization to do the penetration testing on one of Invita's computers for instance.
When it comes down to it enticement is legal, entrapment is not.
Also.. that arguement that it takes a hacker to catch a hacker shows how little the person knows about information security. Very few hackers are going to care enough to keep a proper chain of evidence, let alone have the knowledge of how to collect and document the evidence in such a way as to be admissable.
Hackers are good at penetration testing but that's only a small part of the big picture..