The Story of the tech.net.ru Crackers

tabdelgawad writes "The Washington Post is running a three-part story (Part 1, Part 2, and Part 3) detailing the events of the arrest of the two Russian crackers, Vasiliy Gorshkov and Alexey Ivanov, from a couple of years ago (See also Previous Slashdot Story 1 and 2). The writeup is light on technical details, but includes fascinating information about the crackers' socioeconomic conditions and motivations, as well as the competence and effectiveness of the FBI in combatting cybercrime."

True Patriot Act!

[sokkelih]

"crackers' socioeconomic conditions and motivations" These are the motives for terrorism.. Gues who is responsible for these things.

Re:True Patriot Act!

[gl4ss]

terrorism spawns where political goals can't be met by other means (trying to get something into the public knoweledge or trying to force the majority into something else by terror, or by fighting the oppressing force using unconventional means that cause terror).

common criminals spawn of poverty and possibilities, much like in usa too.

however theres a very thin line between criminal and legal person russia.. chances are that to do ordinary business you will have to be at least partly criminal(bribe & etc).

A friend of mine got busted by FBI

[192939495969798999]

A while ago, I knew a guy that got caught for piracy /hacking by the FBI... not pretty. I would use this article as a caution to anyone that thinks our government is incapable of action!

This was a great story.

It highlights how oafish and ineffective the FBI can be. Read this story carefully. Want to illegally hack other people's computers and not get caught? Don't incur financial damage and the FBI will never chase you. Just ask Fyodor.

Re:This was a great story.

[jandrese]

"Financial Damage" is a tough thing to define though. Some companies will claim millions of dollars lost to recover systems that have been hacked. How much actual financial damage did Kevin Mitnick cause?

Re:This was a great story.

[GMontag]

Actually, in the Mitnick case, there was a good helping of the FBI 'coaching' the firms on how to claim damage. IIRC, none of them came back to the FBI with what the FBI wanted to hear, so they were told to use full development costs as the damage estimate. Some of the accounts that I read, quite some time ago now, the folks having to deal with the FBI seemed to be getting fed up (hey! nuce pun! just noticed in preview) with the nonsense.

This shady appraisal work was most glairing with the SUN damage estimate of >$20Million(?) for source code that could be purchased for much less and was given away free to educational institutions.

Even though I have always advocated that Kevin should have done some time for his harassing phone calls to Shimomura, around 90 days, I have yet to see any true financial damages that he caused anybody.

Re:This was a great story.

[pacman+on+prozac]

This comes up every time this kinda story gets posted.

Even if you break into a machine and touch nothing, even logfiles, you are costing that company money.

how? well that company has to do something about the hacked server (lots don't, they should) such as re-install, spend time fixing it, check logs, run extra checks on any other servers on the network. This all takes someones time and costs someone money.

Think about it from a personal point of view, you start a webhosting company and your server gets owned...you have to fix it, and since you don't know to what extent it has been owned that either means at least a few hours of investigating or more likely a complete re-install from backups. This all costs time/money. Whether that server should have been more secure in the first place is a whole other argument.

This company should then be able to prosecute you for the money you have cost it. There is nothing unfair about that. Their business is selling a service which you have interfered with.

If that company then goes and charges $20million for 3 hours of admin time re-installing I certainly wouldn't think that fair.

But at the end of the day if you don't wanna get burnt don't play with matches..... If you don't wanna risk getting sued for millions of dollars then don't break into corporate networks.

start-up

[stonebeat.org]

didn't all dot-coms targetted the large US companies to con them out of money?

interesting paper

[AbdullahHaydar]

This is an interesting paper from Feb 2002 on which countries originate the most malicious attacks. (Russia doesn't even make the list)

Google cached HTML version of the paper.

Re:interesting paper

Note that the US didn't make the list either, "because [US-based attacks] constituted such a large portion of the dataset"...

Re:interesting paper

[vinlud]

Yeah, that's crazy!
Hey, lets look to the backgrounds of people who walked on the moon, except Americans, they have such a large portion of the dataset.... :-?

What about not stealing?

[POds]

Say, instead of stealing credit card number or anything at all, they just left evidence on the computer that they were there (like they did).

Could they still have been prosequted, or would anyone ever have bothered to bring it this far?

Sounds like these guys could have made a business out of it, if only it was done right (not that im suggesting my suggestion was right :)).

Re:What about not stealing?

[ahooton]

You have always stolen something from a financial standpoint, in the eyes of the law (and probably as viewed by the owners of the machines you've hacked). This is because you have utilized machine time/cycles on the machines you broke in to. You did not pay for this time/cycles, the owners of the machine(s) have, so you are stealing something of value.

This is how the argument goes. Just don't do it, it's dumb -- no smarter than jacking a car for a joyride. Nobody I know that wants to stay out of jail does either of these things.

Economic conditions and crackers...

[jkrise]

I think there is more to this than meets the eye. A recent notable case is that of the Pakistani who is said to have hacked the PassPort Password Reset bug aka feature. Poor chap hacks hotmail for a living? Or is it just the obvious (?) ter.... connection?

Even granting that economic conditions lead to cracking, it should be interesting to see the effect in the US over the next decade. Already, the DMCA, oppressive MS licensing, litigious thugs (SCO - brought to you by MS) etc. are eroding the economic wealth of the US and putting more and more money into the hands of a few rich corporations.

Countries outside the US are little affected by legislation as well as law-enforcement in the US. Piracy before, piracy in the future. The SCO case, even if settled in favor of SCO will have little impact in Europe, and nil or negative impact elsewhere across the globe. If any, it is likely to fuel further Linux adoption, courtesy the attention brought by the case.

The net result of these trends could be the rapid impoverishment of the US, and the beneficiaries could be the rest of the world. The incentives for crackers to emerge in the US could be huge, in say, another 3 to 5 years - IF the hypothesis were true.

Re:Economic conditions and crackers...

[KingRamsis]

i will just assume that you are not a troll and try to discuss the matter in a civil way

(?) ter.... connection

you mean terrorism ? nah don't think so but maybe if you have some balls to talk a bit more clearly please?.
now I live in a third world country and we are steadily migrating away from anything Microsoft anything you can pay for to an equivalent free solution, take out MS Office put Open Office, uninstall Adobe and pass that Gimp CD.
So no need to piracy at all, we are all ethical here.

We still fighting the "Hacker" vs "Cracker" war?

[ScottGant]

Just wondering. Thought we gave up on this a while ago, but it appears some are still hanging onto this notion.

I know I get blank, "deer in the headlights" look from co-workers and friends when I try to explain the difference of a hacker and a cracker. Finally I just gave up.

I think they're moving toward "white hat" and "black hat" hacker terms now. But it's hard to keep up on this stuff. I mean, I still use the term "groovy"...so what do I know.

Are Slashdot trolls odd or what ?

[Rosco+P.+Coltrane]

This story is about russian hackers, and that's the only one where there's no "in soviet russia" post ...

Moral of the story:

[Johnny+Mnemonic]

Don't use Windows for mission critical applications where money changes hanges. Although these articles only mention it in passing, either in an attempt to remove technical "jargon" or due to a wish to defer to MSFT, it does mention that these guys exploited vulns in NT, and fails to mention that they exploited any other OS. Maybe it's blaming the victim, but why were these CIOs astonished when they were hacked? Best case is that it was lack of research on their part. Worst case it was plain stupidity. Nevertheless, MSFT isn't held accountable.

On a related note, I was an indirect victim when they targeted an online shop that I purchased some stuff from (www.thenerds.net). Although I didn't lose cc info, the shop told me that my account was being held hostage unless they paid up. My response: I won't do business with them again, for depending on MSFT to secure their e-biz. I've also gone to a disposable Credit Card, which I recommend: www.mbnashopsafe.com.

Bottom line: any "CIO" that depends on MSFT for e-biz security gets what's coming to him.

Re:Moral of the story:

[onion2k]

If you trust an online shop based entirely on the OS the server is running then.. err.. can I sell you stuff please?

Re:Moral of the story:

[RTMFD]

Computer security is really a joke. Instead of venting your rage on MSFT, even though that might have been the platform of choice, the time to root on a lot of linux distros and Solaris boxes is pretty appalling too. I think the CC companies will hit the breaking point of paying up on all of these fraud claims and begin to demand better of the software industry.

Re:Moral of the story:

[Glass+of+Water]

As a sort of funny illustration, look at the picture on this page, which shows the crackers' old dean, Lev Kazarinov, in his office. He has a Microsoft baner on the wall, and his monitor shows the blue disk checker screen you get when your Windows system crashes.

"commercial competition"

[deliasee]

As one of the Russian authorities pointed out, it basically boils down to "commercial competition" between the two countries. The disparity in our economies is manifested in the lack of law enforcement in Russia. People who have no other options use what they've got, and countries with bigger problems than a couple of their citizens trying to make some money (albeit illegally) have their hands tied. I think the more interesting question is how to resolve the problem in a manner that would help both sides; is the answer simply stamping out these people's skills and livelihoods?

Re:"commercial competition"

[benzapp]

In many ways, it reminds of the American government basically refusing to enforce English copyrights in the 19th century. That was certainly commercial rivalry, but that whole revolution thing may play a part.

Re:socioeconomic conditions and motivations

[Gothmolly]

The sad thing is that you think that this is a troll, and that everything magically changed post-1989.

Re:We still fighting the "Hacker" vs "Cracker" war

[CurbyKirby]

Some of us are. Realistically speaking, usage dictates meaning. If everyone else in the world is going to think of hackers as malicious intruders, then so be it. Languages change over time, and computer jargon should be no different.

I'm sure some people will fight for using the "correct terms." They are probably also zealots for their favorite text editor or Linux distro. I don't mind that they do it, but I won't do it myself.

Fight the battles worth fighting for. Leave the H/Cr battle for someone else.

FBI investigative methods

[asmithmd1]

It wasn't too hard to figure out who was responsible

Ivanov was so bold he sometimes sent his résumé -- and even photos -- to prove that he was a serious security consultant. The documents listed his home phone number and detailed his previous experience

I wonder if they could have tracked him down if he didn't send them his contact info

Short Version

[bryanp]

He starts a business with the Best of Intentions.

Local crime bosses go after him for protection money. "Hey, nice server you got dere. Be a shame if sumtin' happened to it."

His employee suggests they raise the protection money by breaking in to American sites, steal CC #'s etc.. and offer to return the stolen data (?) and tell them how they did it. Raise protection money with protection money.

"Hey, the FBI can't get us here. We're in Russia, not Wisconsin."

FBI proves them wrong.

No, I don't feel sorry for them. They're criminals. Send them to Federal pound-me-in-the-ass Prison.

Re:Short Version

No one deserves to be raped. Shame on you for suggesting it.

keyloggers

[markov_chain]

I like this snippet:

Unbeknownst to Gorshkov and Ivanov, the agents had installed onto the "company's" computers a program that logged the young men's keystrokes as they were accessing the tech.net.ru systems in Russia. That allowed U.S. law enforcement to obtain the hackers' passwords.

0wned by FBI's keylogger, har har!

Blame Lenin, Stalin, and Co.

[SuperMario666]

If by "True Patriot" you are satirically indicting the "great patriots" of recent Russian history (ie communists) as most responsible for my nation's current economic difficulties then I salute you for astuteness. Otherwise, I shall just assume that like most of your Western ilk, you are simply naive, spoilt, and underinformed.

Re:socioeconomic conditions and motivations

[theLOUDroom]

2. The Soviet Union dissolved in 1989. After 1989 there was no USSR, no repressive govt, no torture chambers for subversives or whatever else you might be implying.
...
The repressive state they were 'a product of' ceased to exist when these boys were 13 and 8.


While the USSR no longer exists, it would be silly to think that everything that it had done was magically undone the day it ceased to be.

I suggest you take a trip to Berlin, stand at Checkpoint Charlie (or anywhere else along the wall), look left and look right.

I did this last Spring, on Spring Break. It's a very powerful experience. I was too young to understand the full implications of what was happening when the wall fell, but today I realize that the effects of the USSR live on and will for quite some time.

Whether or not the grandparent post was trolling, it's resonable to consider the USSR's effects on the people it controlled. It made a lasting impression on many societies.


Think about this one: How long did it take after abolition for the status of blacks in America to change? Where those born 20 years after abolition, able to live their lives blissfully unware that it had ever happened?

Maybe societies don't change instantly, even if you'd like to think so. If you want an example of this in relation to the topic at hand, I suggest you do a search on the word "propiska."

Here's a link from about a month ago.

Re:socioeconomic conditions and motivations

[axxackall]

After 1989 there was no USSR, no repressive govt

Really? How do you know that?

You heard many stories as russian mafia groups kill some of each other when they devide something. But also there are many cases when russian politicians are killed for no economical reason. Often after demanding of investigation of activity of official russian security services.

There was a repression of soviet communists before 1989, not it's a repression of russian mafia, which is a huge iceberg, and a top of it is a Russian Goverment.

By the way, do you know where most of communists gone? Nowhere! They sit in same chairs in the same rooms. They just changed the sign on the door of their office.

And speaking of a repressive state, most of russians think that the current goverment is doing a genocide of the own people. It's the same as it was in Camboja, just it's better organized in order to prevent any international sanctions.

Slashvertisement for the FBI?

[j-turkey]

as well as the competence and effectiveness of the FBI in combatting cybercrime.

This is the first time I've ever heard a /. editor offer such praise for the FBI...ever.

Could this possibly be a Slashvertisement for the FBI?

--Turkey

Re:socioeconomic conditions and motivations

[skarmor]

It's true that the repressive, corrupt Communist institutions "disappeared" after 1989. However, Russia has continued to have problems throughout the nineties and into the present. Many Party members were quick to take advantage of the new political reality in Russia, aligning themselves with the new democratic parties for personal gain. Corruption runs rampant in Russia, might still makes right, need continues to justify excess and brutality (see the Russian mafia)and the "looters by law" continue to operate under a different guise. I think this is what he's trying to say.

Am I the only one who noticed that...

[LeoDV]

The Washington Post calls them hackers and their activities hacking, while /. rightfully used the word cracker? I emailed them a slightly different version of RMS' letter you can find in the Jargon file (Appendix C). I've got no illusions about how effective it'll be, but I still feel it's something we should do more.

My favorite quote for the lazy :

[aepervius]

U.S.-based attacks triggered nearly half (49%) of all the events in the 4th quarter. The U.S.-based events were not included in this study because they constituted such a large portion of the dataset and because the main focus of the study was on socioeconomic, political, and geographic patterns in the data. In order to better understand and predict the sources and nature of future attacks, data was col- lected and parsed for non-U.S. originating events.

In other word, if you want to stop piracy and hacking, shut down the most [cyber]terrorist country : ther U.S.

Not so black and white....

[pragueexpat]

I've been reading this story with interest, since I'm American, currently living in Prague, and recently visited Ukraine (OK, not Russia, but economically similar). The mafia is all over that place, and I have no doubt that these kids were being hassled for "protection money". Many homes in Russia do not even have hot water, so you can't think of this place as you would a western democracy - the people do anything to survive. Now, of course, this is no excuse for criminal behavior. However, I keep thinking - isn't it better that these guys are finding the cracks in your system and telling you about them, instead of just stealing all the credit card info and causing much more damage to your business in bad publicity and pissing off customers? This is really a catch-22. As a business owner, of course I don't want to encourage blackmail. But having vulnerabilities on your business site is YOUR problem and its better that you're told about them before someone else takes advantage. I would rather pay someone and find out about vulnerabilities than have someone else steal all my info and ruin my business reputation. Of course, these guys could just keep coming back for more money every month if they already have my CC#s and info. In that case, your server's vulnerability has cost you big time. Sorry, I don't have a good answer to this, but let's not let the business owners off the hook because they are being blackmailed from people who found mistakes in THEIR OWN servers. To sum up: Blackmail=BAD, businesses that don't secure their systems=ALSO BAD.

Re:Not so black and white....

[3Bees]

pragueexpat stated:

and recently visited Ukraine (OK, not Russia, but economically similar). The mafia is all over that place, and I have no doubt that these kids were being hassled for "protection money"

I beg to differ. Russia and Ukraine are very different in terms of economic and political situations. Ukraine has been totally looted by their political elite. There is no infrastructure left to mention at all. Ukraine is also a primarily agricultural country that has little industial presence at all (what there is is mostly located along the Polish border). Russia has been looted as well, but has (to a large degree) begun to return to a steady footing. They still have their infrastructure, and have an enormous industrial base. They also have an extremely educated populace.

None of this addresses your main points, but it is also important to note that Ukraine has varying amounts of criminal presence depending upon which cities you examine. The western cities have a large criminal populace as they have made their livelihood for decades off of smuggling goods from Europe through Poland (well, for centuries depending on how loosely you interpret history). This has, of course, engendered an enormous black market. Same goes for the black sea areas (especially Odessa) that smuggle goods to and from Turkey (notable quantities of drugs and prostitutes). Odessa also has been a traditional center of organized crime, even before the break up of the Soviet Union.

Hmmm... Economics.

[paja]

This is just plain stupid. Connecting hacking with economical situation in any country is going nowhere. There are some countries, where You have to know what's going on before You start a company. And a bunch of guys living in such conditions should know about it.

Just a rule of thumb: running a small family bussines in Eastern Europe means keeping it low. If You don't want to, just be sure You are big enough to face consequences.

Re:Figures

Dear Lord, shut up already! We know you'd like to be called "crackers" instead of hackers, just like you'd rather be called Trekkers instead of Trekkies. But wake up! IT AIN'T GONNA HAPPEN! This nickname was bestowed upon a group by the general public, you can't decide to change it "just because", it is a part of culture, and contrary to your own personal belief, YOU ARE NOT A JEDI KNIGHT! This isn't a light side vs. dark side thing, it's just a case of people who hack for fun wanting to pretend they are samuri or some shit.

The name of cracker has already been taken anyway, it refers to a white man.

Recently experienced the joy of credit thef...

[reynolds_john]

I hope these guys get the chair. Seriously. My wife and I are *very* careful online, and in all purchases - even so far as shredding all information before it goes into the trash.

The last two weeks we've had identity/credit theft again.. the second time within a year. Let me tell you first hand, this is NO fun. I spoke with our Credit Union representative about this - she stated that members are being hit with this almost nonstop, and it only shows signs of getting worse. Even better, now (she stated) they have perfected forging other things like money orders and the like, which is on the rise as well.

This hacking sounds "interesting" up to the point you've lived through it first hand. Now, I just want these guys caught and put away. However, the responsibility doesn't simply rest on their shoulders. Visa and other Banks should have the pants sued off them for giving the public such a laugh of security in the form of credit cards. Why lawsuits? Because once you hit their precious pocketbooks, they will finally take this stuff seriously. If the public truly understood the depth of how laughable the security is, I think they would experience mass account closures almost overnight.

The ease of use of these things is apalling. Heck, once they have a number, how hard is it to get the rest of the data like address and phone? What a laugh.

People - protect yourselves. I'm looking more into this: [Private Payments]
as a method of protecting my primary cards. If anyone else has suggestions, please let me know.

Re:Recently experienced the joy of credit thef...

[mrogers]

Visa and other Banks should have the pants sued off them for giving the public such a laugh of security in the form of credit cards.

If credit cards are so bad that someone should be sued for creating them, why do you use them? Let me guess: because it's convenient? While it's certainly inconvenient to live without a credit card in the US, since they're often used as a form of ID, it really isn't difficult to avoid USING your credit card.

You're trying to shift the blame for your own laziness onto a company that offered to make your life easier, but actually made it more complicated. SURPRISE: Most of the things that companies claim will make your life simpler, actually make it more complicated. If you desire a simple life, it is occasionally necessary NOT TO USE ALL THE SERVICES OFFERED TO YOU BY CORPORATIONS. If you decide to use a service anyway, when you know from personal experience that it will complicate your life, you should not blame anyone but yourself.

Re:socioeconomic conditions and motivations

[BigBadBri]

Personally, I don't think he is trolling.

The reason?

After the fall of the communist state, the land-grab for political and economic power in the former Soviet Union was won for the most part by criminals and criminal organisations. The systems were never put in place to foster a proper civic society, so the outcome was that a sort of libertarian anarchy prevailed, where criminal activity (including murder, protection rackets, etc.) was par for the course.

The post doesn't state that it is communism that was responsible for the actions of these lads - it can easily be read to mean that the socioeconomic conditions were so bad because of the abrupt collapse of communism and the lack of an adequate civic society to succeed it.

Take a look at the articles, and look where a lot of the stolen money went. Cyprus and Israel are two of the Russian Mafia's favourite places for laundering / stashing ill gotten gains.

Guess what! It's all Ronnie Reagan's fault!

Favourite Quote

[CmdrGravy]

"Morgenstern, meanwhile, was conflicted. He didn't want to pay any extortion fee but he was determined not to let the hackers ruin his company's reputation either. He was worried that news of even a minor break-in might spook customers. After all, E-Money was built on trust."

Obviously criminals are bad etc, etc but if Morgenstern is running as he says a business that is built on trust and hasn't bothered to safeguard the security of his customers then he really is getting what he deserves. In many ways he should count himself lucky these people have actually told him about his problems and not just spent their time ripping him off on a daily basis without his knowledge. The fact he is then willing to spend $1 million on, by the sounds of it, rebuilding his entire infrastructure shows just how dodgy it must have been in the first place.

Parent should be modded up

[Hobbex]

What kind of a barberous place has America turned into, when people getting raped as part of their imprisonment is considered not only acceptable (a ha-ha-ha standing joke for Letterman and Leno) but desireable?

What other humiliating physical violence do we think criminals should be subjected to? Should the women get raped as well? Maybe this should be institutionalized, so we can be sure that all inmates get raped and violated in equal measure?

No sympathy for them

[Brother52]

There's absolutely NO PROBLEM getting a decent computer job in Russia, if you're any good. Decent programming skills will earn you enough to live on in virtually any city that's not small (Chelyabinsk is big). I'm a Russian, so I guess I know what I'm talking about.

There's just that kind of people who are reasonably smart, but with ambitions far outweighting their creative abilities. These often become crackers. Living conditions just don't matter here.

As to mafia demanding "protection money" - I really don't see it happening to a company that is barely afloat and works fully within the law. There're just lots of better targes. So I guess this was a consequence, not the cause.

Mod troll accusers down.

[theLOUDroom]

Funny, I haven't seen any evidence that Fyodor did anything more than connect to an open X server on the public internet, that some poor troll left open. Where's the proof that he ever did anything that was actually illegal? (Actually, I haven't seen proof of him even doing anything at all.)

When you're accusing someone of a crime you typically want to have proof.

You also don't want to be someone that goes around posting fraudulent information.

Since this whole thing starts off with the troll admitting the he lied about who he was, he's destroyed his own credibility. I mean what's to say all these accusations aren't a troll as well?

You have provided no (functional) links to anything but a couple of troll's journals. Where the hell are the links to where Fyodor brags about all this?

Sounds like bullshit to me.

Identity Theft

[veg_all]

Take mine,...please.

(don't mind the outstanding student loans)

Re:Eurotrash

[caluml]

And what would be so wrong with that?

All the Russians I've ever met have been educated, cultured, friendly people. *

They're not the bumbling, devious, drunken idiots that Hollywood films frequently make them out to be.

* Disclaimer. I haven't met every Russian in the world.

(Na rodina, tovarishi.)