Slashdot Mirror
Russian Agency Charges FBI Agent With Hacking
eNonymous Coward writes "An FBI agent who helped lure two Russian 'hackers' to the USA in 2000 so that they could be arrested is now being charged with hacking himself by the Russian FSB. You might remember that Gorshkov and Ivanov exploited an NT vulnerability to steal information from corporate networks, which was then used to extort money from the companies; they're also accused of being behind the CDUniverse and Western Union credit card database thefts. Last year a federal judge ruled that the FBI's action was legal, but the FSB disagrees."
Turnabout's fair play, eh?
"Einstein argued that [...] God is not capricious or arbitrary. No such faith comforts the software engineer." ~ Brooks
I say extradite this fed to Russia, and hand him over to Dmitry Sklyarov. I'll leave the rest for you to imagine.
Will we be exchanging programmers in the future?
I'm not an expert on Internation law, but I can't understand how a federal judge can have the sort of authority to declare the action legal when it doesn't appear to be a federal matter. By the same token, a russian judge could just as easily say the two hackers were not breaking the law, though I can't see that holding any bearing on the actions of the US/FBI. If that pans out unfavourably for the russian pov, then it's likely that future 'conflicts of interest' like this will be more difficult.
No, it means that the FBI hacked the webpage. Sorry, you'll get to see what was really on it, in about 30 years, after Ashcroft dies.
Interesting, Thats the price to pay i guess. And actually it makes the FBI look quite... Stupid!
After arresting the men, the agents used account numbers and passwords obtained by the program to gain access to data stored on the pair's computers in Russia.
So their program contributed to their own demise. It's a sad story.
Next time I write a sniffer program, I'll have to remember to ignore my own IP address (:
Ladies, form queue here -->
It seems like the Russians blew their chance at arresting him by announcing it to the press.
A crime, is a crime, is a crime, and should be solved officially. Stealing data is just a normal crime, also if it is done by FBI.
The judge noted that investigators obtained a search warrant before viewing the vast store of data -- nearly 250 gigabytes , according to court records. Wouldn't that take a 5H!T L04D 0F T1M3?
What we see depends on mainly what we look for. -- John Lubbock Now search for that bug slave!
I believe the Russians have a very strong case here - the FBI invited them over to the USA and then asked them to hack a system, then bang them up for hacking. This is hardly fair - and the Russians are absolutely right: if the FBI were using keystroke-tracking software, they're the ones who were committing the offence.
It surprises me, though, that you have two very good hackers, and neither of them thought to err on the side of caution and check the computers they were working on for such things...
Like car accidents, most hardware problems are due to driver error.
Slow. The FSB is the domestic arm of the former KGB. Some of them have problems remembering that the KGB is now dead. I attended a seminar given by the FSB and introduced by a general for high-tech companies in Russia. I was impressed, if that is the state of internal presentations, I don't know how anyone got through training.
Hot the same answer I think it do not like that I don't allow cookies or it's because I use Mozilla.
Just saying it like it are.
Same here...wtf?
;)
Can ANYONE view this article and if so can they post the contents? I even went through the main msnbc page and eventually just got a blank page.
Guess they don't like Mozilla.
It surprises me, though, that you have two very good hackers, and neither of them thought to err on the side of caution and check the computers they were working on for such things...
Yeah I bet RMS could get them jobs at the FSF... no $pay$ albeit free doughnuts.
Aw, fuck it. Let's go bowling. - The Big Lebowski
"Finally, Coughenour rejected defense arguments that the FBI's actions "were unreasonable and illegal because they failed to comply with Russian law," saying that Russian law does not apply to the agents' actions."
This is what it all really comes to. Does US have the right to make it's agents untouchable to other countries laws? What if this had happened the other way around? (US criminals, Russia agents arrest them and hack to their computers.)
What I notice is the US Govt's case is based on: 1> the fourth amendment doesn't apply cuz it didn't happen here, and 2> Russian law doesn't apply cuz it didn't happen there.
Pavlov wouldn't be so famous if he'd used a can opener instead of a bell.
The matters of legality here seem almost nodifferent from what the government normally does to catch other 'common' criminals like drug dealers...they create a sting and snag their men. Just becuase it involves computers and not drug traffiking/dealing does not make it much different.
This was an interesting case. The description of how the agents lured the russian "hackers" to the US was beyond belief.
Michael was back at the office downloading data from their computers like mad while they took them to lunch.
The russians were very chatty, too chatty for their own good. IIRC they had something like 350 pages (an entire binder) of transcribed conversations with them. As is usual, the "hackers" were tooting their own horns.
I was called as a witness in the case to testify to data they had recovered and statements the russians had made. The russians had lied about the level of access they had. However, these people were very persistent, they spent a month or so just learning and tinkering trying to get a relatively small amount of data.
It's clear what their motives where though. They were stealing credit cards, setting up Ebay auctions and using proxy PayPal accounts to pay themselves for Ebay auctions they had setup themselves.
I got to learn how serious Paypal takes "hackers" and abuse. Both paypal and ebay (now the same) have dedicated professionals to tracking down "hackers" and fraud.
I once unplugged my computer from internet, and removed all hard drives to be placed in safelocker, just so that my computer couldn't be hacked or my internet actions traced. Couldn't visit any webpages after that :( I quess this is some conspiracy with hardware manufacturers and advertisers to harrass me.
You know what might be interesting? Both the Russian and American laws may be right.
Think about it: the "sting" was under US jurisdiction as far as the physical location of the agents and the operation, so peeking at the records might be allowed. However, the hoovered computer was in Russia, so Russian laws apply to those efforts as well.
The what might help is to visualise what the non-computer version would be. Say the data in the US is a perfect fax of the Russian originals: did the agents "break and enter" into a data warehouse with forged keys, or did they trick the warehouse into voluntarily sending the copies? If the method in which these copies were obtained is illegal in Russia, are they still admissible in the US as evidence?
It's way too complicated, and I have no idea how I should feel about it.
Playing an amateur psycologist here but.
Perhaps the people in Russia don't have the same image of the US govt the US citizens do. I am sure the russians have a healthy distrust of the russian govt but their image of the US may be skewed by watching too many episodes of I love genie or dallas. It's kind of ironic that the average american geek distrusts the US govt more then the average russian geek.
War is necrophilia.
What I don't understand is why they even came to the US if they were wanted? They must have been very very desperate to need a job that badly to risk so much. They should have guessed that it was too good to be true.
Buying a Dell computer is equivalent to dropping the soap in a prison shower.
Did you notice that the US courts accept the fact that data is just as much property as your car is (for the MPAA's sake), and the fact that it is clearly not (if it has been gathered as evidence)?
Did you also notice the fact Russian law does not apply the federal agents hacking Russian computers, but clearly US law applies to Russians hacking American computers?
This is disgusting...
-- Please put this in your sig if you think
pots calling the kettles black....
---
I think it would have been entrapment when they would have been prosecuted only for the demonstration.
-- Please put this in your sig if you think
The alternative (the one the Russian FSB [Federal Security Bureau], formerly known as KGB [Committee for State Security]) and certain French censorship judges want is that you are somehow subject to all laws combined - which is a horrible mess. Is this post subject to UK law? (I'm in the UK ATM) Or US? (US server) Or Canadian (accessable from Canada) - in which case it should probably be translated into French as well?
This seems simple to me: when in country X, you are subject to the laws of country X. Everybody else should STFU: I will not accept French, Russian or for that matter Taleban laws as applicable in any way except on their own soil. Hell, if the former KGB considers the FBI's investigation illegal, imagine how illegal the CIA spying on the USSR is - or those spy satellites Boeing and Lockheed make?
It's up to Russian courts to enforce Russian law. It's up to US Courts to enforce US Law.
It's better this way, really. Would you want Russian courts enforcing the US DMCA against Skylarov?
It was all legal. The FBI had reasons to believe that these Russian corporations were running Kazaa and sharing both The Decleration of Independence and the US Constitution. Also MP3s of the Star Spangled Banner.
Guess you ahve to be 0wned by MS in order to view the article.
How come that the FBI can have a US search warrant to look at russian data.
And then the judge tells us russian law does not apply? And the American Constitution does not apply?
What's going on. If I live in a foreign (non US) country, I wont have any rights. Not the rights of my country and not the rights of the US.
Do I still have my basic human rights?
Disclaimer: This opinion was created without the use of any facts
http://www.canoe.ca/CNEWSTechNews0105/10_hackers2- ap.html
High-tech net snags hackers
By ALLISON LINN-- The Associated Press
SEATTLE (AP) -- Invita Security Corp. looked like a typical Internet company: It had offices, computers, employees and a secure computer system. The only thing missing was the customers.
Far from being a failed start-up, the aptly named Invita turned out to be a bogus company set up by the FBI to ensnare two young Russians accused of breaking into U.S. Internet companies' computers, stealing sensitive data and trying to extort money.
Authorities say Alexey Ivanov, 21, and Vasily Gorshkov, 25, both of Chelyabinsk, fell for the bait. They were arrested and jailed on charges including conspiracy and fraud and are set for trial May 29 in federal court in Seattle.
The FBI declined to comment. But in recently unsealed court documents that read like a spy novel, agents tell how they snagged the alleged thieves by creating the shell company and inviting Ivanov and Gorshkov to try to hack into it.
After Ivanov and Gorshkov succeeded from afar, FBI agents posing as Invita employees invited the two to Seattle to discuss a partnership and further display their hacking prowess.
As the Russians demonstrated their skills at the shell company, the FBI used a computer eavesdropping technique to reach across the Internet and break into the suspects' own computer system in Russia.
Internet security experts say the case illustrates well how the FBI's cybercrime-fighting abilities have evolved -- though the defense is questioning the legality of the agency's methods.
"What they did was phenomenal. It was exceptionally effective," says Kevin Mandia, who worked for the Air Force office of special investigations and taught FBI courses in hacker attacks before joining the Irvine, Calif., Internet security company Foundstone. "Five years ago they wouldn't be able to do that kind of thing."
Mandia says that the FBI, after being ridiculed as ill-equipped to fight computer crime, has made remarkable progress, including adding a program that has trained more than 1,000 agents in cybercrime.
The FBI believes the Russian suspects or their associates could have been involved in hundreds of crimes against U.S. companies, including Kirkland-based Lightrealm.com, an Internet access company, and Palo Alto, Calif.-based PayPal, an online payment business.
First, the FBI alleges, the hackers broke into computer systems. Then, authorities say, they sent e-mails to company officials demanding payment in exchange for not distributing or destroying sensitive documents including financial records.
After tracking down the suspects over the Internet, the FBI invited them to Seattle in November for the Invita gambit.
Court records show that while Gorshkov was using an Invita computer, the FBI secretly used a "sniffer" program that logs every keystroke a person types.
Using passwords recorded by the "sniffer," the FBI was then able to enter the computers in Russia where Gorshkov kept his data and download immense amounts of information.
In court documents, Gorshkov's lawyer, Kenneth E. Kanev, has challenged the FBI's right to use that material, claiming his client's privacy was invaded because he did not consent to have his computer usage recorded. Kanev contends the FBI should have obtained a search warrant before downloading the information.
The investigators say they were forced to follow this procedure because they needed to secure the incriminating information before the two suspects' Russian counterparts destroyed the data.
The Invita case could define how far U.S. law enforcement can go to catch non-citizens who break into American systems.
"This case is going to resolve a very thorny legal question," says Marc J. Zwillinger, a former Justice Department computer expert now in private practice in Washington.
The case could test the admissibility of evidence obtained through the covert recording of computer keystrokes, a technique the FBI also used in a case against an alleged mobster in New Jersey, Nicodemo S. Scarfo Jr., that is expected to go to trial later this year.
Today's most serious hacker threats come from outside the United States or go through computers abroad. Russian hackers, in particular, have been behind several of the biggest Internet theft cases.
US is now divided as the "Red" and "blue" states. Red States = communist countries. Coincidence? I think not
http://msnbc.com/news/563379.asp?cp1=1
... he knew that the systems administrator could and likely would monitor his activities," Coughenour wrote. "Indeed, the undercover agents told (Gorshkov) that they wanted to watch in order to see what he was capable of doing."
FBI agent charged with hacking
Russia alleges agent broke law by downloading evidence
By Mike Brunker
MSNBC
Aug. 15 -- In a first in the rapidly evolving field of cyberspace law, Russia's counterintelligence service on Thursday filed criminal charges against an FBI agent it says lured two Russian hackers to the United States, then illegally seized evidence against them by
downloading data from their computers in Chelyabinsk, Russia.
The case was the first in the FBI's history to 'utilize the technique of extra-territorial seizure.'
-- FBI PRESS RELEASE
IGOR TKACH, an investigator with Russia's Federal Security Service, or FSB, started criminal proceedings against FBI Agent Michael Schuler for unauthorized access to computer information, according to the Interfax news agency.
The agency reported the complaint had been forwarded to the U.S. Justice Department and that the FSB was awaiting a response.
The FBI said Thursday it had no comment on the case, and the Justice Department did not immediately respond to a request seeking comment.
Interfax quoted sources with the FSB as describing the criminal complaint as an effort to restore traditional law enforcement borders.
"If the Russian hackers are sentenced on the basis of information obtained by the Americans through hacking, that will imply the future ability of U.S. secret services to use illegal methods in the collection of information in Russia and other countries," the news agency quoted one source as saying.
RUSE WAS WIDELY PRAISED
Schuler and other agents were widely praised for an elaborate ruse that led to the arrests of Vasily Gorshkov, 25, and Alexey Ivanov, 20, in November 2000. Court papers described the men as kingpins of Russian computer crime who hacked into the networks of at least 40 U.S. companies and then attempted to extort money.
The pair was lured to the United States after Ivanov identified himself in an e-mail threatening to destroy data at a victimized company, Stephen Schroeder, a now-retired assistant U.S. attorney in Seattle who prosecuted Gorshkov, told MSNBC.com last year.
FBI agents then found Ivanov's resumé online and, posing as representatives of a fictitious network security company called Invita, contacted him to offer him a job.
Once Ivanov and Gorshkov arrived in Seattle, agents posing as Invita officials asked the men to demonstrate their prowess on a computer outfitted with "sniffer" software to record every keystroke. After arresting the men, the agents used account numbers and passwords obtained by the program to gain access to data stored on the pair's computers in Russia.
Fearing that an associate would "pull the plug" on the computer in Russia, the agents downloaded evidence before obtaining a search warrant, according to court papers.
AGENTS HONORED
In a news release issued last week honoring Agents Schuler and Marty Prewett with the director's award for excellence, the FBI's field office in Seattle said the case was the first in the the bureau's history to "utilize the technique of extra-territorial seizure." The procedures employed by the agents had been incorporated into the attorney general's guidelines for law enforcement personnel, it said.
Court papers allege that Ivanov and Gorshkov broke into and obtained financial information from a number of large U.S. companies and penetrated the computer networks of two banks -- the Nara Bank of Los Angeles and Central National Bank-Waco, based in Texas.
They also were accused of orchestrating "a massive scheme" to defraud the Internet-based payment company PayPal, based in Palo Alto, Calif., by using "proxy" e-mail addresses from such institutions as public schools and stolen credit-card numbers to buy goods.
Prosecutors have indicated they also believe the Russians are linked to two other high-profile cases: the theft of data on 300,000 credit cards from the CD Universe Web site and another
15,700 credit cards from a Western Union Web site.
Gorshkov was convicted in Seattle in September 2001 of 20 counts of wire fraud, charges that carry a maximum sentence of 100 years in prison. Sentencing was scheduled for January, but court records do not reflect that a punishment had been imposed.
Ivanov also has been indicted in New Jersey and Connecticut, where he currently is in custody and awaiting trial.
In pretrial motions, Gorshkov's lawyer, Kenneth Kanev, argued that the FBI agents had violated Gorshkov's Fourth Amendment right against unreasonable search and seizure by secretly obtaining passwords and account numbers.
But U.S. District Judge John C. Coughenour of Seattle ruled that Gorshkov and Ivanov gave up any expectation of privacy by using computers in what they believed were the offices of a public company.
NO EXPECTATION OF PRIVACY
"When (the) defendant sat down at the networked computer
He also found that the Fourth Amendment did not apply to the computers, "because they are the property of a non-resident and located outside the United States," or to the data -- at least until it was transmitted to the United States.
The judge noted that investigators obtained a search warrant before viewing the vast store of data -- nearly 250 gigabytes, according to court records. He rejected the argument that the warrant should have been obtained before the data was downloaded, noting that "the agents had good reason to fear that if they did not copy the data, (the) defendant's co-conspirators would destroy the evidence or make it unavailable."
Finally, Coughenour rejected defense arguments that the FBI's actions "were unreasonable and illegal because they failed to comply with Russian law," saying that Russian law does not apply to the agents' actions.
NT VULNERABILITY EXPLOITED
Ivanov, Gorshkov and other unidentified associates used the Internet to gain illegal access to the U.S. companies' computers, often by exploiting a known security vulnerability in Windows NT, according to court papers. A "patch" for the vulnerability had been posted on the Microsoft Web site for almost two years, but the companies hit by the cyberbandits hadn't updated their software.
(MSNBC is a Microsoft-NBC joint venture.)
At least one company, Lightrealm Communications of Kirkland, Wash., acceded to a demand that it hire Ivanov as a security consultant after he broke into the Internet service provider's computers, according to court documents. Ivanov then used a Lightrealm account to break into other companies' computers, they indicated.
Eastern Europe and nations of the former Soviet Union have become a hotbed for computer crime aimed at businesses in the United States and other Western nations.
When MSNBC.com first reported on the problem of overseas computer crime in 1999, Mark Batts, the special agent in charge of the FBI's Financial Institution Fraud Unit, said he was not aware of any prosecutions of credit card thieves operating from Eastern Europe and the nations of the former Soviet Union.
US is now divided as the "Red" and "blue" states. Red States = communist countries. Coincidence? I think not
Easier said than done. You're also assuming keyloggers are software. Not many people pop their keyboards open before use to check for the presence of a surreptitiously-installed microcontroller and a serial EEPROM. [I can put a device no bigger than a nickel into a keyboard that watches for "su" and records the next 20 chars (or up to the next cr) and can do that hundreds of times with memory to spare for less than $20 - and I'm a rank amateur. You can bet the FBI's versions of hardware keyloggers are a lot spiffier - and probably smaller - than that.]
If they think you could be one o' them terrorist hackers, they won't even need a warrant to stick one in your machine when you're not looking.
Excuse me? Is there *any* legal basis for that? You only need apply for a search warrant after you've confiscated all the material you need if you think the bad guys might try to cover their tracks?
Incidentally, if the FBI agents knew all along that they wanted to access this data, why didn't they apply for the search warrant before starting the whole sting operation?
Let's hope that other nations will help reign in the US law enforcement and legal system, for the benefit of everybody in the world.
Okay, this has nothing to do with the Cold War but countries must find it amusing using ppl as political pawns and putting ppl away to make examples for the rest of us. The one thing to never become in your life is an example used by any govt. Who know, perhaps the U.S will put something on the bargaining table for the Russians and both could benefit somehow?
Analytic & algebraic topology of locally Euclidean meterization of infinitely differentiable Riemmanian manifold
Oh, it sounds good to set up these little questions, but actually every single one is answered by well-defined law. Of course, in each case, it's only the former ("OK") category when the action complies with the existing law within the jurisdiction of the agent committing the act. Usually, in international affairs, there is no defining jurisdiction -- and therefore, the action is not "OK".
That's why the Bush administration's go-our-own-way, knee-jerk unilateralism is a Bad Thing. The United States has spent 50 years helping craft an international environment that handled many of the cases offered above -- and, overwhelmingly, handled them in a way favorable to both the narrow interests of the United States and, amazingly, to the cause of human dignity and freedom.
Now that we're the world's sole military superpower, and darn near the world's sole economic superpower, Bush & Co. think we can ride roughshod over the international agreements that form that framework. (And we're not talking Kyoto or ICC -- they've played pretty fast-and-loose with the Geneva Convention, too.) With no defining jurisdiction agreed between sovereign nations, each feels justified to do whatever it wants. Ironically, with no defining jurisdiction agreed between sovereign nations, none actually are justified.
When you undermine the idea of international law, you make everyone into vigilantes. As a die-hard American patriot, it pains me to see my country turning into a "rogue state".
The Mongrel Dogs Who Teach
looking at:
He also found that the Fourth Amendment did not apply to the computers, "because they are the property of a non-resident and located outside the United States," or to the data -- at least until it was transmitted to the United States.
and
Finally, Coughenour rejected defense arguments that the FBI's actions "were unreasonable and illegal because they failed to comply with Russian law," saying that Russian law does not apply to the agents' actions.
That sounds scarily close to saying "US Law doesn't apply to our actions" and "Russian Law doesn't apply to our actions" so we'll do whatever we damned like...
a grrl & her server
There are sometimes things on CSPAN which could be "put" on Gnutella (et. al.) like the Traficant speeches and etc...
I wish there was some sort of effort out there to actually "pirate" things which are in the public domain.
PBS could start sending out Divx files; considering we already paid for the programming, let us host it.
Get your Unix fortune now!
Go look up the fourth amendment. It doesn't say 'residents'. In fact, neither 'resident' nor 'citizen' occurs in the bill of rights - referred to instead are 'people'. This entire notion that the bill of rights doesn't apply to foreigners is sheer fabrication - but one we've seen a lot of recently and one I sadly predict we'll be seeing a lot more of before things get better...
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
the problem for the fsb now, is to lure people to Russia to arrest them. I mean, a lot of people wants to go to the usa, but russia? maybe all this spam about those St Petersburg brides is just a plot from the FSB?
It'll be interesting to see if this gets used politically to increase US resistance to the International Criminal Court. It's not as if the administration really needs to make their position more popular in the states, but haveing a this come up at this time.... Well, the Bush administration probably sent Putin a nice muffin basket and with a lovely card.
And on lighter news did anyone else see this? 116 trillion dollars? Appearently, Scott Evil will be taking the LSAT! I mean, I feel for those people, and maybe agree with some of their reasoning in assigning blame, but combining comic book supervillain plots with actual lawsuits seems less than productive.
--Jimmy has fancy plans; and pants to match.
"Jurisdicton, my ass" to quote some film which I can't remember...
We'll stop subverting your computers, as soon as you stop poisoning and flouridating our natural bodily fluids!
I'm sorry, it must be all that pure grain alcohol and rain water getting to me.
Whoever stated that signature sizes should be limited to one hundred and twenty characters can just go ahead and kiss my
In a while sting operations will not even be necesary. The Feds just claim you're a terrorist and they will come lift you from you bed in your own country. And if local cops try to stop it and arrest your arresters, the army will come rescue them.
After that, if you happen to have a beard they will dress you up in red prison clothes, stick you out in the sun in Guantanamo Bay and wait for you to die.
-- Please put this in your sig if you think
like, i suppose, here(finland) that would be provoking to commit crime, like the cops can't really go walking the streets with a brick, and give it to people and give them 100$ for throwing it in the window, and then arrest them for causing havoc.. but i suppose fbi's got some special rights, after all, we need 00 agents with special rights to battle terrorists who got satellites with 'lasers' and are going to blow the earth up!
world was created 5 seconds before this post as it is.
If hacking is a crime then submitting patches to Linux is crime.
As opposed to, say, holding numerous foreign citizens from diverse states hostage in a military installation, denying them any legal rights or access to representation, and refusing to acknowledge them as either prisoners of war or criminal suspects who should be legally tried?
Y'know, I only mention it because, well, that lot sounds entirely like the sort of behaviour that would get those responsible up before the ICC in short order, to be tried on whether or not their actions were reasonable. And it's not as though the entire rest of the world, from Arab states to the US' closest allies, is criticising the policy or anything.
What you want is one law for you, and one law for everyone else. That is hypocritical, pure and simple. Every argument that could be made to defend that position would apply equally to all the other states involved, yet they are agreed, at least on the major points, that the ICC is a good thing and they are prepared to stand before it if necessary. The US wants exemption so it can continue to perform with impunity acts that would otherwise be regarded as illegal by the international community (kidnapping, assassination, military acts without due declaration of war, etc). Hell, the US now votes with certain "terrorist-harbouring" nations in opposing anti-terrorism legislation supported universally by the rest of the western world.
You want one law for yourselves and one for everyone else, and you want your own courts to oversee it all. The rest of the world things that's unreasonable, for some reason. It really is that simple.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
pot... kettle... black...
...but they do anyway.
... does this mean that if i put up a public computer somwhere. i could legaly sniff passwords and data because people using it could not expect privacy using my public computer?
ie. have we no expectation of privacy when using a computer on a network/ sending information over a computer network? knowing that a sysadmin could sniff the information? weak argument at best.
something is rotten in the state of denma.. no.. usa
Doesn't it strike anyone else as worrying that whenever the USA acts in a questionable way, it justifies itself by stating that its Constitution doesn't apply to non-US citizens or outside of the United States? If the USA truly believed in its Constitution, it would apply the relevant rights that it gives to all people, regardless whether they are US citizens or not.
It shows that the people in power in the USA do not believe in their own constitution, as they are always trying to sidestep its clauses.
~c
OK well the article I just read about the Judge OKing things seems to scream a few things at me. First and most important I have to question if the FBI's actions fell into the realm of entrapment. I dont know how those laws read but it sounds like the way these guys were lured over wasn't exactly legal. Although I have to admit that if what is reported is true, then these two Russians arent exactly high on the common sense ladder. I don't see any reason for the story to be fabricated but it just seems too easy.
Also the second thing that I saw that concerns me highly is the fact that these guys were using an exploit that M$ had patched. Now the companies that didn't update with this patch, knowingly left themselves open to the attacks. This to me is just foolish and I find these companies at fault as well since they knew they were open to attack.
There are several things about this I just didnt like. Of course this is all old news.
However with this FBI agent being accused of hacking by Russian officals has sparked issues. I find it funny that the posted MSNBC article talks briefly about the fact that Russia has charged an FBI agent and focus's more on the arrest of the two Russians. Of course the two are interlinked but from the reactions of the FBI and other departments of the US government, I am guessing not a damn thing is going to happen.
From what the articles say happened it just doesnt sound like procedure was followed and the FBI is in fault for removing or downloading data without proper authority.
ALthough I guess this is a pointless rants. I mean the US is going to do whatever it pleases, legally or not. Makes ya proud to me an American huh? *sighs*
Does it implies that in US you have no expectation of privacy when using computer at work, public library or internet kiosk?
Didn't you read the EULA taped to the monitor before you logged in?
-- If god wanted me to have a sig, he'd have given me a sense of humor.
mod parent up!
FAPSI are the former communications and cryptography directorates of the KGB. They have a similar scale of imagination. However to use cryptography, you need a) a licence and b) to use FAPSI approved and provided software which essentially a symetrical only system. The software itself was quite cheap, but you had to send all your staff to a FAPSI licensed organisation to receive training (yes, KGB old-boys).
As the organisation that I was working with was related to the central bank, they could use other software (PGP) for authenticating information.
In general, I would say that both FAPSI and the FSB are over-legalistic, unimaginative and avaricious. They will create false dangers to promote their agendas and ignore real ones.
Not at all like the FBI and the NSA......
That's not surprising, considering that Russian governments have historically never been either democratic, or moralist, usually instead veering towards kleptocrat dictatorships.
/any/ government...
Judging from Putin's attitude towards independent Russian media and his willingness to pardon his predecessor, those tendencies haven't been entirely banished. So I'd be surprised if they trusted
Only the dead have seen the end of war.
"The only reason we haven't had to ditch the Constitution is that the language is sufficiently ambiguous that a court in any particular era can interpret it to mean whatever happens to be acceptable and practical to the country at that time."
You know there is a mechanism to extend and change the consitution.
How long until our constitution is ignored alltoegther in the name of "cyber terrorism". And what they did is legally entrapment. The more I read in the news the more it scares me that the greates nation on earth is turning into a corporate nation. Rampant abuses of rights should scare us not make us feel safe.
-For it is the very essence of imperialism to turn information systems into wild, bloodthirsty animals-
I thought our (USA) police tried to work with other law enforcement agencies worldwide (interpol, etc). I wonder why such a path was not used this time? Are we still such enemies with Russia?
*shrugs*
-- www.globaltics.net
Political discussion for a new world
Perhaps a useful analogy would be drugs...
DEA sets up an operation and entices two Meth lab designers to help them set up a Meth lab. During the course of the operation, one pulls out starts smoking some crack and bragging about how much more crack, dope, heroin, and acid he has back at his house and look here are the keys to my garage where I keep the stuff -- good thing my buddies are there to destroy everything if anything ever happens to me. If the DEA then took the keys and opened the garage and confiscated the goods, it wouldn't be breaking and entering and they probably wouldn't need a warrant because the evidence is "in imminent danger of destruction."
The Russian hackers in this case were stupid in that they logged on to their own server, from a network they were unfamiliar with, and proceeded to download cracking tools to that network. They were greedy and they made stupid mistakes.
As unpopular as this idea might be with some people, there are some areas that would benefit from a goverment with worldwide, legitimate jurisdiction.
science is a religion
They were arrested in Washington state, last time I checked, that's in the US, not Russia, though we did take 155 years ago from Canada.
For the truly adventurous, here's the FSB's home page
I put the 'fun' in fundamentalism
The whole point behind the Carnivore system is that the data is captured but not examined until you have a search warrant.
Schroeder's cat: If I have a copy of data I can't access, at what point is the data actually "seized"? When it is a copy of bits, or when it is examined and found to be data?
Never confuse volume with power.
in civics class.
Many Americans gave their lives so that we can enjoy the hard won freedoms that we do today, AND hand them out like fucking party favors to whoever else comes along and values those freedoms.
That was the whole fucking point of the Monroe Doctrine, the Marshall Plan, Korea, Vietnam, Desert Storm, The South African, Cuban and Iraqi embargos, etc.
Fucking sincerly,
KFG
And while we're on the subject, wouldn't you think the fact that no one has died at `Club Fed' (Camp X-Ray) a pretty good sign that your line about `sticking people out in the sun and waiting for them to die' is hogwash? How 'bout the fact that Camp X-Ray currently has one physician for every two inmates, carefully prepared afghan-style food to make people feel at home, and free prayer-books and signs in each cell pointing the exact direction to Mecca for those who want to pray?
Before you make ignorant statements such as the above. While liberal revisionist judges have impuned the Constitution in the last 30 years, The federalist papers were written to give historical context to the provisions of the Document itself, why they did what they did.
People explicity refers to the US citizenry which was in existance - 1792 as opposed to 1777, we had won our independance and had been functioning as a confederation, like the current E.U., which was not working. So the idea of "people" referring to some vast loosely nit group of world citizens is pure bunk - the world, and these men in particular, were very Nationalistic, otherwise, the peace treay with englan would have merely demanded representation in Parliment.
You people should sue your parents for allowing you to be educated in public schools.
It's why we are americans and not Russians, doh!
Can you say "Soveriegn State" ? THought not, your a member of the EU.
Bush seems to operate on the theory that if he acts like a damn cowboy yahoo from Texas every time he opens his mouth, the other nations of the world will be too confused to figure what he's really after until he's mostly there. Thus the U.S.' even-more-schizophrenic-than-normal foreign policy recently.
Plus, he's keeping Paul O'Neill because he's the only other person in the administration who's more likely to make embarrassing public statements than the President is. O'Neill single-handedly crippled the economy of Brazil a couple weeks ago - he makes regular super-villains look pretty tame by comparison.
No, I don't hate America, but I'm pretty fed up with the people that are giving Americans a bad name at the moment.
Your right to not believe: Americans United for Separation of Church and
The general theory on entrapment is that you can provide the opportunity for someone to commit a crime (leaving your car unlocked, etc.) but you can't try to talk them into it or get them to do something that they wouldn't have done without your coercion. Someone must really commit the crime of their own free will in order to be culpable.
Your right to not believe: Americans United for Separation of Church and
This isn't entrapment because they are being charged with hacking *other* systems (at least that's what the article implied). They aren't being charged for the demonstration they did for the FBI. The FBI just used the demonstration to gather information they needed to prosecute them for the other offense. As to whether the FBI violated other laws (US or Russian) I'm in over my head but I suspect that they didn't violate US law. I believe there are circumstances where you don't need a search warant (reasonably suspicion? Any lawyers around to comment?) to conduct a search. If that's true, that probably would apply here - the people were wanted for hacking, it is reasonable to assume that they had evidence of this on their personal computers.
Go Badgers! -- #include "std/disclaimer.h"
Wrong number of arguments or invalid property assignment: 'instr'
No article.. ;(
<^>_<(ô ô)>_<^>
Also, I don't think they were charged with hacking while in the U.S. That was merely to get the passwords.
Also, I don't think the FSB is complaining about the keystroke-trackers (just a guess, the article isn't clear) ... the russians had no reasonable expectation of privacy. I think they are complaining about using that info to open the hacker's accounts.
Jack Valenti and the MPAA are to technology as the Boston strangler is to the woman home alone
and I did not speak out -- because I was not a cracker.
Then they came for the white hats
and I did not speak out -- because I was not a white hat.
Then they came for the file swappers
and I did not speak out -- because I was not a file swapper.
Then they came for me -- and by then there was no one left to speak out for me.
With apologies to Pastor Martin Niemöller
Guys, you don't even know what FSB is. It is, in fact, re-branded KGB. To give you some perspective, considerable percent of Russians thinks that those explosions in Moscow and other Russian cities were performed by FSB. And yes, there are some facts that say it might be true. For example this "training" in Ryazan, when police has found a bomb, and experts were shown on TV saying there were explosives, next day FSB comes into play and says it was sugar and these bombs were a "training" for police. Show me the expert in explosives who can't tell sugar from heavy explosives! Show me the the training when even the minister of internal affairs (in charge of police) doesn't know what's going on and says _on TV_ that a bomb was found!
Now to the FSB practices related to information. According to Russian laws, all ISPs have to implement a System for Operative Search Actions. Which basically means they have to provide network traffic and uncontrolled means of intercepting and invading any network activity that goes through them. In other words, FSB doesn't even have to get a warrant to read your mail, and the cost associated with these activities (ILLEGAL in USA) gets passed on you. You pay for your email being read by "men in gray".
Their charges against FBI agents (who did absolutely the right thing, IMO) are the worst case of hypocrisy I've seen in years.
*
The rulings make legal sense to me. However, it does raise computer security issues for any sort of remote access.
:)
Teaches me to be even more paranoid (not that I have anything to hide, but if the FBI can do it, the same technique could be used for fraud, etc.) Imagine if someone in a corporation were to do something like this to steal employee's credit card numbers.
The solution it this is to set up a way whereby you use a passphraseless public key for ssh authentication and then delete it from the allowed keys list when you are ready to logout. That way, no password
LedgerSMB: Open source Accounting/ERP
The software used in this case was WinWhatWhere Investigator
Did anyone else think "Front-Side Bus" when they saw the acronym "FSB"???
/. lament, if most /.-ers actually realized it... :-P )
Yes, yes, I know: I really need to get out more...
(Which would be a common
And the US has also passed a number of privacy-invading laws recently. So what good did the constitution do there?
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
In short, despite the fact that these folks are illegal combatants who could be summarily executed according to the Geneva Convention, we're treating them quite well, and being careful to offer them food and amenities which match their customs. So what, exactly, is your complaint?
Anyhow, I'm going to have to side with Jimmy Fallon of Saturday Night Live who pointed out: ``what's all this talk about their `living conditions' anyway? These guys are suicide bombers. They hate living conditions.''
At least, that's what we tell EVERYONE when they are hired.
SysAdmin, telecommunications company
Is there a way to learn whether you are wanted by FBI or another govt agency before geting to US and facing the music? Some sort of public APB database? Can you ask that in the US embassy? And will you get the right answer?
Seriously, if they can give this sort of information to the most wanted guys, they surely can give it to not-so-much wanted, and least wanted, and unwanted.
The software used in this case was the beloved WinWhatWhere Investigator It has previously been the subject of much wrath here at SlashDot.
Not long ago, in Moscow a 7 year old girl was physically abducted from his mother's house and a few weeks later was found in US territory with her father. Interesting to note that US judges seem concerned not about the abduction but who should be the tutor of the child...
Considering how the Cuban boy was treated can you really expect the US to do much about abducted children?
Even *I* could use the BackOrifice keysniffer five years ago
.sig: No such file or directory
In short, despite the fact that these folks are illegal combatants who could be summarily executed according to the Geneva Convention,
These people's only "crime" is that they lost an uneven war. Hopefully Iraq will remember to pull the same stunt with any US prisoners.
What's more troubling to me is that the selectively apply The Consitution to these people.
All U.S. laws stem from The Constitution, hence charging someone under U.S. law means they are charged under that document. To then turn around and state that those people can't use the same body of laws they are charged under to defend themselves is utterly and completely rediculous.
Article X: The powers not delegated... by the Constitution...are reserved...to the people
These folks are not suspects arrested to face trial, they are prisoners of war (although they are not even that in the sense of that term provided by the Geneva Convention, see below). When brave US troops charged up the cliffs on D-Day, they did not arrest the Germans they found at the top and read them their Miranda rights, they took them prisoner. The same holds here.
However, even those Germans were fighting in accord with the Geneva Convention, wearing clearly marked uniforms and being part of an organized force with a clear command structure. By fighting disguised as civilians, and not being part of such a force, these folks are in violation of the law of war and are not entitled to the protections of the Geneva Convention. That we choose to treat them humanely, instead of summarily executing them as that Convention permits is a good sign of how different we are from those we are fighting against.
By the way, I find your comment about an `uneven war' particularly amusing. Where do you get the idea that we have some responsiblity to fight an `even' war? Exactly by using the vast array of technology at our disposal, we were able to not only minimize civilian deaths, but even minimize the number of our enemy which we had to kill to accomplish our aims. What problem do you have with this?
Right. So are you at war, or aren't you? Your president and government are claiming all sorts of powers that they're only allowed to use at war time, yet there has been no declaration of war, with all the disadvantages that would have.
If you're not at war, you have committed an act of war against the nation of every prisoner you're holding by keeping them against their will and without due process. Your government is also committing various minor transgressions such as totally disregarding various parts of your Constitution "in the interests of national security", blah blah.
OTOH, maybe you really are at war. In that case, against whom are you fighting? Under what circumstances will the war be over, and will the powers be relinquished? When will you acknowledge the basic rights due to various parties involved -- not just those in custody at Gitmo -- and behave in an acceptable manner for a nation state at war? When will you declare war, and thus force all the normal international agreements about war to come into force (starting with all countries stating their allegiance, or declaring neutrality and ceasing trade with either side, for example)?
Oh, please. You guys trained Osama bin Laden FFS. And right about now, you'd do well to remember that we're about the closest ally you've got (not that that's saying much these days).
Yep, I realise that. Did you ever stop to think that maybe the fact that half the Arab world is prepared to commit suicide in order to kill thousands of your people, or the fact that not one single nation has shown support for your plans about Iraq, might in some way be due to the fact that you have this isolationist, superior attitude?
Riiiight. But it's OK for you to go toppling the odd government here and there (Iraq, say) because you don't happen to like their leader, and you claim he is developing WMDs to use on you? What about their national sovereignty? Just reverse that argument for a second. While they are claimed (by some, not all) to be in that position, you are definitely a nation state with WMDs that is planning to attack Iraq. With the overt preparations you are making for that attack, Iraq would now be quite justified in throwing every single WMD they have at you in a preemptive strike, and it would be self defence.
Before you flame that, just stop and think about it, OK?
You might recall that WW2 effectively started with a declaration of war on Germany by our Prime Minister. Some of us were prepared to stand up for the rights of our neighbours. You guys needed a surprise attack on Pearl Harbour before you even lifted a finger. I'm sorry, but you guys have absolutely no right to go taking the moral high ground in any discussion on the ethics of nation states, their behaviour toward other states and their conduct during war time.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Two individuals were invited to a foreign country and were given the opportunity to input whatever information they wanted into a computer. Said individuals accepted the invitation, and proceeded to type root passwords into that computer.
MEANWHILE...
Using information that had been typed directly into a computer it owned (in the old-fashioned sense), a government agency sent information to another computer in another country, and then recorded the information that was sent back to the first country by that computer. It used that information to try suspected criminals, which is a task with which Congress has charged it.
This a great thing that has happened. If the internet is in any danger, it is in danger from hegemonic governments' passing laws based on basic misunderstandings of what the internet is. The most basic misunderstanding is that the internet is anything other than a group of computers sending electronic signals to each other. I.e., that it is a "place", that it "belongs" to copyright holders, that it is responsible to do anything for anyone, etc. When an agency of the most hegemonic government acts in a refreshingly realistic way concerning the internet, that is a great thing.
There has never been any need for new laws to "address the internet". Fraud is fraud, and a webpage set up to mine unsuspecting lusers for credit card numbers would have been illegal 50 years ago. Logging in using a password you've obtained legally, abusing a poorly-designed protocol, using a program in ways that its writer did not intend, etc. should all be legal actions. Anything done to restrict these actions legislatively as opposed to technically will only hurt us in the long run. I see a glimmer of hope in the fact that the FBI has used the internet in a realistic manner. If we can use hypocrisy as another argument against all sorts of laws that we don't want or need, so much the better.
As an aside, it seems that there could be a question about whether the passwords were legally obtained. I assume this was addressed in the hearing, and the judge found it acceptable. My point is that once the passwords were legally obtained, it is ludicrous to claim that sending them to a computer in another country should be illegal.
later,
Jess
I am programmed for etiquette, not destruction!
I think perhaps I'm not being clear here. I have nothing whatsoever against the average US citizen; indeed, several of the nicest people I've ever met come from the US, and I'm proud to call them friends. Nor do I have anything against legitimate military action, such as going after al Qaeda, and I certainly do not support terrorism. Nor do I have anything against ripping the testicles off anyone who supports the September 11 acts slowly and letting them bleed to death over as long and painful a period as possible. Let me be quite clear on these things, because I don't want you to think that I'm against any of them. Nor do I believe that everyone supports their government 100% on everything, though we have to recognise that the rest of the world mostly sees the actions of those governments (and in this case, the vast majority of US citizens in every poll since September 11 have supported just about everything the US government is proposing).
There is a point where actions cease to be reasonable. To me, that point comes when you start ignoring the very values you claim to be defending. The US is holding prisoners, using political rhetoric to justify their actions. You never answered my questions about whether you're really at war, and if so, with whom and until when, so it's hard to argue that holding those people without due process is unreasonable in a logical way. However, either way you answer, I think that argument can be made.
You yourselves are currently in the very same position you claim Saddam is in. You are a belligerent nation, equipped with WMDs, planning to wage war against another state who has done nothing recent to attack you. The symmetry of the situation is staggering; the only certain difference is that you claim they are getting ready to attack you, but everyone knows for a fact that you are getting ready to attack them. There is simply no ethical stance that justifies your position. Any argument that supports your action against Iraq applies even more so to them attacking you first.
And by the way, I don't know what you're seeing on the news in the US, but over here, we are seeing UN weapons inspectors and senior military staff coming out against attacking Iraq with the information currently available. If they are a genuine threat, you certainly have a right to defend themselves, but as of right now, I have seen absolutely no evidence beyond the say-so of Bush and his cronies that there is a problem. Not a single thing has been produced that objectively supports their position. The more cynical amongst us might start to think that, y'know, he was just using the "war on terrorism" to cover up trying to finish daddy's job, in a politically motivated effort to distract US citizens from the state of affairs at home, particularly your economy. But that would be cynical, I'm sure.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
At best the accused's status as law enforcement will count for nothing, at worst it will encourage them to prosecute more strongly, so as to send the message that law enforcement is expected to obey the law.
I say at best they will be encouraged to prosecute more strongly.
It's kind of odd huh? Russia at one time held it's "authorities" above everyone and the law. What they said was law - and we are taught about how many Stalin killed for those who opposed his rule and laws. Now they are ones who (seem to) realize that if the people in charge aren't kept in check the people will suffer more than if crime ran rampant.
Get your Unix fortune now!