Slashdot Mirror

← Back to Stories (view on slashdot.org)

Russian Agency Charges FBI Agent With Hacking

Posted by timothy on from the house-rules dept.

eNonymous Coward writes "An FBI agent who helped lure two Russian 'hackers' to the USA in 2000 so that they could be arrested is now being charged with hacking himself by the Russian FSB. You might remember that Gorshkov and Ivanov exploited an NT vulnerability to steal information from corporate networks, which was then used to extort money from the companies; they're also accused of being behind the CDUniverse and Western Union credit card database thefts. Last year a federal judge ruled that the FBI's action was legal, but the FSB disagrees."

13 of 353 comments (clear)

  1. Appropriate Punishment? by Anonymous Coward · · Score: 5, Funny

    I say extradite this fed to Russia, and hand him over to Dmitry Sklyarov. I'll leave the rest for you to imagine.

  2. Of course, this isn't entrapment in the slightest. by altgrr · · Score: 5, Insightful

    I believe the Russians have a very strong case here - the FBI invited them over to the USA and then asked them to hack a system, then bang them up for hacking. This is hardly fair - and the Russians are absolutely right: if the FBI were using keystroke-tracking software, they're the ones who were committing the offence.

    It surprises me, though, that you have two very good hackers, and neither of them thought to err on the side of caution and check the computers they were working on for such things...

    --


    Like car accidents, most hardware problems are due to driver error.
  3. Re:Of course, this isn't entrapment in the slighte by JetScootr · · Score: 5, Insightful

    What I notice is the US Govt's case is based on: 1> the fourth amendment doesn't apply cuz it didn't happen here, and 2> Russian law doesn't apply cuz it didn't happen there.

    --
    Pavlov wouldn't be so famous if he'd used a can opener instead of a bell.
  4. Interesting case by Y2K+is+bogus · · Score: 5, Informative

    This was an interesting case. The description of how the agents lured the russian "hackers" to the US was beyond belief.

    Michael was back at the office downloading data from their computers like mad while they took them to lunch.

    The russians were very chatty, too chatty for their own good. IIRC they had something like 350 pages (an entire binder) of transcribed conversations with them. As is usual, the "hackers" were tooting their own horns.

    I was called as a witness in the case to testify to data they had recovered and statements the russians had made. The russians had lied about the level of access they had. However, these people were very persistent, they spent a month or so just learning and tinkering trying to get a relatively small amount of data.

    It's clear what their motives where though. They were stealing credit cards, setting up Ebay auctions and using proxy PayPal accounts to pay themselves for Ebay auctions they had setup themselves.

    I got to learn how serious Paypal takes "hackers" and abuse. Both paypal and ebay (now the same) have dedicated professionals to tracking down "hackers" and fraud.

  5. Oh, what a tangled web... by Saint+Fnordius · · Score: 5, Insightful

    You know what might be interesting? Both the Russian and American laws may be right.

    Think about it: the "sting" was under US jurisdiction as far as the physical location of the agents and the operation, so peeking at the records might be allowed. However, the hoovered computer was in Russia, so Russian laws apply to those efforts as well.

    The what might help is to visualise what the non-computer version would be. Say the data in the US is a perfect fax of the Russian originals: did the agents "break and enter" into a data warehouse with forged keys, or did they trick the warehouse into voluntarily sending the copies? If the method in which these copies were obtained is illegal in Russia, are they still admissible in the US as evidence?

    It's way too complicated, and I have no idea how I should feel about it.

  6. did you notice? by dvoosten · · Score: 5, Insightful

    Did you notice that the US courts accept the fact that data is just as much property as your car is (for the MPAA's sake), and the fact that it is clearly not (if it has been gathered as evidence)?

    Did you also notice the fact Russian law does not apply the federal agents hacking Russian computers, but clearly US law applies to Russians hacking American computers?

    This is disgusting...

    --
    -- Please put this in your sig if you think /. should stop posting NYTimes articles.
  7. Whose law should apply? by Cyberdyne · · Score: 5, Interesting
    We've seen this question raised a few times now - from Yahoo! being censored by the French government, to criminal cases like this. My feeling is you should be subject only to the laws of the country you are physically in: for one thing, it's much simpler and more reliable to determine, as well as reducing the inter-jurisdictional mess you could get into otherwise (a host in the UK is broken into from an IP in Canada, so the UK police investigate, then contact the Canadians - who go round and raid the "cracker", only to find it was being used by someone in Mexico as a relay) - rather than extraditing to 10 different countries, you just pass evidence on to the Mexican police, who bust the guy for X counts of computer cracking.

    The alternative (the one the Russian FSB [Federal Security Bureau], formerly known as KGB [Committee for State Security]) and certain French censorship judges want is that you are somehow subject to all laws combined - which is a horrible mess. Is this post subject to UK law? (I'm in the UK ATM) Or US? (US server) Or Canadian (accessable from Canada) - in which case it should probably be translated into French as well?

    This seems simple to me: when in country X, you are subject to the laws of country X. Everybody else should STFU: I will not accept French, Russian or for that matter Taleban laws as applicable in any way except on their own soil. Hell, if the former KGB considers the FBI's investigation illegal, imagine how illegal the CIA spying on the USSR is - or those spy satellites Boeing and Lockheed make?

  8. Re:Next time gadget... by mentin · · Score: 5, Interesting
    It was not their [Russian hackers] program that obtained passwords. FBI installed network sniffer and keyboard logger and watched as they logged in to their computers in Russia from FBI computers. After obtaining passwords, FBI hacked computers in Russia to obtain evidence.

    What is interesting, is that those hacker had "no expectation of privacy" according to US judge. Does it implies that in US you have no expectation of privacy when using computer at work, public library or internet kiosk?

    --
    MSDOS: 20+ years without remote hole in the default install
  9. Re:Good news by _Sprocket_ · · Score: 5, Insightful


    A crime, is a crime, is a crime, and should be solved officially. Stealing data is just a normal crime, also if it is done by FBI.

    Crime and morility is a lot of fun, eh? Let's play some more.

    When is spying on someone legal vs. illegal?

    Or a variation on that...

    When is wiretapping someone legal vs. illegal?

    When is killing someone legal vs illegal?

    When is destroying other's property legal vs. illegal?

    When can you use a shotgun on another person and when is it illegal?

    Are glass bullets ever legal?

    When is it "taking a prisoner" and when is it "kidnapping"?

    When is it a "military operation" and when is it "terrorism"?

    Sometimes it is difficult to put a single label on the same action in all situations. And thus enters politics, propoganda, extremists, and general disagreements.
  10. Search warrant? by ukryule · · Score: 5, Insightful
    From the article, quoting the judge:
    He rejected the argument that the [search] warrant should have been obtained before the data was downloaded, noting that the agents had good reason to fear that if they did not copy the data, (the) defendant¦s co-conspirators would destroy the evidence or make it unavailable."

    Excuse me? Is there *any* legal basis for that? You only need apply for a search warrant after you've confiscated all the material you need if you think the bad guys might try to cover their tracks?

    Incidentally, if the FBI agents knew all along that they wanted to access this data, why didn't they apply for the search warrant before starting the whole sting operation?
  11. The Scope of International Law by gilroy · · Score: 5, Insightful
    Blockquoth the poster:

    Sometimes it is difficult to put a single label on the same action in all situations. And thus enters politics, propoganda, extremists, and general disagreements.

    Oh, it sounds good to set up these little questions, but actually every single one is answered by well-defined law. Of course, in each case, it's only the former ("OK") category when the action complies with the existing law within the jurisdiction of the agent committing the act. Usually, in international affairs, there is no defining jurisdiction -- and therefore, the action is not "OK".


    That's why the Bush administration's go-our-own-way, knee-jerk unilateralism is a Bad Thing. The United States has spent 50 years helping craft an international environment that handled many of the cases offered above -- and, overwhelmingly, handled them in a way favorable to both the narrow interests of the United States and, amazingly, to the cause of human dignity and freedom.


    Now that we're the world's sole military superpower, and darn near the world's sole economic superpower, Bush & Co. think we can ride roughshod over the international agreements that form that framework. (And we're not talking Kyoto or ICC -- they've played pretty fast-and-loose with the Geneva Convention, too.) With no defining jurisdiction agreed between sovereign nations, each feels justified to do whatever it wants. Ironically, with no defining jurisdiction agreed between sovereign nations, none actually are justified.


    When you undermine the idea of international law, you make everyone into vigilantes. As a die-hard American patriot, it pains me to see my country turning into a "rogue state".

    --
    The Mongrel Dogs Who Teach
  12. Which laws DO apply? by danamania · · Score: 5, Insightful

    looking at:

    He also found that the Fourth Amendment did not apply to the computers, "because they are the property of a non-resident and located outside the United States," or to the data -- at least until it was transmitted to the United States.

    and

    Finally, Coughenour rejected defense arguments that the FBI's actions "were unreasonable and illegal because they failed to comply with Russian law," saying that Russian law does not apply to the agents' actions.

    That sounds scarily close to saying "US Law doesn't apply to our actions" and "Russian Law doesn't apply to our actions" so we'll do whatever we damned like...

    a grrl & her server

  13. Re:Which is a crock of course... by crawling_chaos · · Score: 5, Insightful
    I think you are overstating your case a bit. A strong case can be made that the term "people" when used in the Constitution is synonomous with "citizen." Consider the following:
    • "We the people, in order to form a more perfect union..."
    • A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed.
    • The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

    This is the kind of situation that consititutional law professors like to assign as term papers. I don't think it's ever been totally settled, and the interpretation of when "people" is applied generically, and when the term means "citizen" only is settled.

    That said, what the FBI did still sucks on an ethical basis.

    --
    You can only drink 30 or 40 glasses of beer a day, no matter how rich you are.
    -- Colonel Adolphus Busch