Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Story of the tech.net.ru Crackers

Posted by CmdrTaco on from the caught-iwth-your-pants-down dept.

tabdelgawad writes "The Washington Post is running a three-part story (Part 1, Part 2, and Part 3) detailing the events of the arrest of the two Russian crackers, Vasiliy Gorshkov and Alexey Ivanov, from a couple of years ago (See also Previous Slashdot Story 1 and 2). The writeup is light on technical details, but includes fascinating information about the crackers' socioeconomic conditions and motivations, as well as the competence and effectiveness of the FBI in combatting cybercrime."

28 of 231 comments (clear)

  1. This was a great story. by Anonymous Coward · · Score: 4, Interesting

    It highlights how oafish and ineffective the FBI can be. Read this story carefully. Want to illegally hack other people's computers and not get caught? Don't incur financial damage and the FBI will never chase you. Just ask Fyodor.

    1. Re:This was a great story. by jandrese · · Score: 4, Insightful

      "Financial Damage" is a tough thing to define though. Some companies will claim millions of dollars lost to recover systems that have been hacked. How much actual financial damage did Kevin Mitnick cause?

      --

      I read the internet for the articles.
    2. Re:This was a great story. by GMontag · · Score: 4, Interesting

      Actually, in the Mitnick case, there was a good helping of the FBI 'coaching' the firms on how to claim damage. IIRC, none of them came back to the FBI with what the FBI wanted to hear, so they were told to use full development costs as the damage estimate. Some of the accounts that I read, quite some time ago now, the folks having to deal with the FBI seemed to be getting fed up (hey! nuce pun! just noticed in preview) with the nonsense.

      This shady appraisal work was most glairing with the SUN damage estimate of >$20Million(?) for source code that could be purchased for much less and was given away free to educational institutions.

      Even though I have always advocated that Kevin should have done some time for his harassing phone calls to Shimomura, around 90 days, I have yet to see any true financial damages that he caused anybody.

      --
      Eve Fairbanks says I drive a hybrid!LOL
  2. start-up by stonebeat.org · · Score: 4, Funny

    didn't all dot-coms targetted the large US companies to con them out of money?

    --


    Consensus is good, but informed dictatorship is better
  3. interesting paper by AbdullahHaydar · · Score: 5, Informative

    This is an interesting paper from Feb 2002 on which countries originate the most malicious attacks. (Russia doesn't even make the list)

    Google cached HTML version of the paper.

    --


    Suicide Booth: You are now dead! Thank you for using Stop and Drop, America's favorite since 2008.
    1. Re:interesting paper by Anonymous Coward · · Score: 5, Interesting

      Note that the US didn't make the list either, "because [US-based attacks] constituted such a large portion of the dataset"...

  4. What about not stealing? by POds · · Score: 5, Interesting

    Say, instead of stealing credit card number or anything at all, they just left evidence on the computer that they were there (like they did).

    Could they still have been prosequted, or would anyone ever have bothered to bring it this far?

    Sounds like these guys could have made a business out of it, if only it was done right (not that im suggesting my suggestion was right :)).

    --


    Giving IE users a taste of their own medicine since 2005 - http://pods.-is-a-geek.net/
  5. Economic conditions and crackers... by jkrise · · Score: 4, Interesting

    I think there is more to this than meets the eye. A recent notable case is that of the Pakistani who is said to have hacked the PassPort Password Reset bug aka feature. Poor chap hacks hotmail for a living? Or is it just the obvious (?) ter.... connection?

    Even granting that economic conditions lead to cracking, it should be interesting to see the effect in the US over the next decade. Already, the DMCA, oppressive MS licensing, litigious thugs (SCO - brought to you by MS) etc. are eroding the economic wealth of the US and putting more and more money into the hands of a few rich corporations.

    Countries outside the US are little affected by legislation as well as law-enforcement in the US. Piracy before, piracy in the future. The SCO case, even if settled in favor of SCO will have little impact in Europe, and nil or negative impact elsewhere across the globe. If any, it is likely to fuel further Linux adoption, courtesy the attention brought by the case.

    The net result of these trends could be the rapid impoverishment of the US, and the beneficiaries could be the rest of the world. The incentives for crackers to emerge in the US could be huge, in say, another 3 to 5 years - IF the hypothesis were true.

    --
    If you keep throwing chairs, one day you'll break windows....
  6. Are Slashdot trolls odd or what ? by Rosco+P.+Coltrane · · Score: 4, Funny

    This story is about russian hackers, and that's the only one where there's no "in soviet russia" post ...

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  7. Moral of the story: by Johnny+Mnemonic · · Score: 4, Informative


    Don't use Windows for mission critical applications where money changes hanges. Although these articles only mention it in passing, either in an attempt to remove technical "jargon" or due to a wish to defer to MSFT, it does mention that these guys exploited vulns in NT, and fails to mention that they exploited any other OS. Maybe it's blaming the victim, but why were these CIOs astonished when they were hacked? Best case is that it was lack of research on their part. Worst case it was plain stupidity. Nevertheless, MSFT isn't held accountable.

    On a related note, I was an indirect victim when they targeted an online shop that I purchased some stuff from (www.thenerds.net). Although I didn't lose cc info, the shop told me that my account was being held hostage unless they paid up. My response: I won't do business with them again, for depending on MSFT to secure their e-biz. I've also gone to a disposable Credit Card, which I recommend: www.mbnashopsafe.com.

    Bottom line: any "CIO" that depends on MSFT for e-biz security gets what's coming to him.

    --

    --
    $tar -xvf .sig.tar
    1. Re:Moral of the story: by Glass+of+Water · · Score: 4, Funny

      As a sort of funny illustration, look at the picture on this page, which shows the crackers' old dean, Lev Kazarinov, in his office. He has a Microsoft baner on the wall, and his monitor shows the blue disk checker screen you get when your Windows system crashes.

      --
      There are no trolls. There are no trees out here.
  8. "commercial competition" by deliasee · · Score: 4, Insightful

    As one of the Russian authorities pointed out, it basically boils down to "commercial competition" between the two countries. The disparity in our economies is manifested in the lack of law enforcement in Russia. People who have no other options use what they've got, and countries with bigger problems than a couple of their citizens trying to make some money (albeit illegally) have their hands tied. I think the more interesting question is how to resolve the problem in a manner that would help both sides; is the answer simply stamping out these people's skills and livelihoods?

  9. Re:socioeconomic conditions and motivations by Gothmolly · · Score: 4, Insightful

    The sad thing is that you think that this is a troll, and that everything magically changed post-1989.

    --
    I want to delete my account but Slashdot doesn't allow it.
  10. Re:We still fighting the "Hacker" vs "Cracker" war by CurbyKirby · · Score: 5, Insightful

    Some of us are. Realistically speaking, usage dictates meaning. If everyone else in the world is going to think of hackers as malicious intruders, then so be it. Languages change over time, and computer jargon should be no different.

    I'm sure some people will fight for using the "correct terms." They are probably also zealots for their favorite text editor or Linux distro. I don't mind that they do it, but I won't do it myself.

    Fight the battles worth fighting for. Leave the H/Cr battle for someone else.

    --

    --
    "Extra Anus Kills Four-Legged Chick" -- Headline
  11. FBI investigative methods by asmithmd1 · · Score: 4, Interesting
    It wasn't too hard to figure out who was responsible

    Ivanov was so bold he sometimes sent his résumé -- and even photos -- to prove that he was a serious security consultant. The documents listed his home phone number and detailed his previous experience

    I wonder if they could have tracked him down if he didn't send them his contact info
    --
    Free cell phone tracking
  12. Short Version by bryanp · · Score: 4, Funny

    He starts a business with the Best of Intentions.

    Local crime bosses go after him for protection money. "Hey, nice server you got dere. Be a shame if sumtin' happened to it."

    His employee suggests they raise the protection money by breaking in to American sites, steal CC #'s etc.. and offer to return the stolen data (?) and tell them how they did it. Raise protection money with protection money.

    "Hey, the FBI can't get us here. We're in Russia, not Wisconsin."

    FBI proves them wrong.

    No, I don't feel sorry for them. They're criminals. Send them to Federal pound-me-in-the-ass Prison.

    --
    "An unarmed man can only flee from evil, and evil is not overcome by fleeing from it." Col. Jeff Cooper
    1. Re:Short Version by Anonymous Coward · · Score: 5, Insightful

      No one deserves to be raped. Shame on you for suggesting it.

  13. keyloggers by markov_chain · · Score: 5, Funny

    I like this snippet:

    Unbeknownst to Gorshkov and Ivanov, the agents had installed onto the "company's" computers a program that logged the young men's keystrokes as they were accessing the tech.net.ru systems in Russia. That allowed U.S. law enforcement to obtain the hackers' passwords.

    0wned by FBI's keylogger, har har!

    --
    Tsunami -- You can't bring a good wave down!
  14. Re:socioeconomic conditions and motivations by theLOUDroom · · Score: 5, Insightful

    2. The Soviet Union dissolved in 1989. After 1989 there was no USSR, no repressive govt, no torture chambers for subversives or whatever else you might be implying.
    ...
    The repressive state they were 'a product of' ceased to exist when these boys were 13 and 8.


    While the USSR no longer exists, it would be silly to think that everything that it had done was magically undone the day it ceased to be.

    I suggest you take a trip to Berlin, stand at Checkpoint Charlie (or anywhere else along the wall), look left and look right.

    I did this last Spring, on Spring Break. It's a very powerful experience. I was too young to understand the full implications of what was happening when the wall fell, but today I realize that the effects of the USSR live on and will for quite some time.

    Whether or not the grandparent post was trolling, it's resonable to consider the USSR's effects on the people it controlled. It made a lasting impression on many societies.


    Think about this one: How long did it take after abolition for the status of blacks in America to change? Where those born 20 years after abolition, able to live their lives blissfully unware that it had ever happened?

    Maybe societies don't change instantly, even if you'd like to think so. If you want an example of this in relation to the topic at hand, I suggest you do a search on the word "propiska."

    Here's a link from about a month ago.

    --
    Life is too short to proofread.
  15. Am I the only one who noticed that... by LeoDV · · Score: 4, Insightful

    The Washington Post calls them hackers and their activities hacking, while /. rightfully used the word cracker? I emailed them a slightly different version of RMS' letter you can find in the Jargon file (Appendix C). I've got no illusions about how effective it'll be, but I still feel it's something we should do more.

  16. My favorite quote for the lazy : by aepervius · · Score: 5, Interesting

    U.S.-based attacks triggered nearly half (49%) of all the events in the 4th quarter. The U.S.-based events were not included in this study because they constituted such a large portion of the dataset and because the main focus of the study was on socioeconomic, political, and geographic patterns in the data. In order to better understand and predict the sources and nature of future attacks, data was col- lected and parsed for non-U.S. originating events.

    In other word, if you want to stop piracy and hacking, shut down the most [cyber]terrorist country : ther U.S.

    --
    C. Sagan : A demon haunted world:
    http://www.amazon.com/gp/product/0345409469/
    visit randi.org
  17. Not so black and white.... by pragueexpat · · Score: 5, Interesting

    I've been reading this story with interest, since I'm American, currently living in Prague, and recently visited Ukraine (OK, not Russia, but economically similar). The mafia is all over that place, and I have no doubt that these kids were being hassled for "protection money". Many homes in Russia do not even have hot water, so you can't think of this place as you would a western democracy - the people do anything to survive. Now, of course, this is no excuse for criminal behavior. However, I keep thinking - isn't it better that these guys are finding the cracks in your system and telling you about them, instead of just stealing all the credit card info and causing much more damage to your business in bad publicity and pissing off customers? This is really a catch-22. As a business owner, of course I don't want to encourage blackmail. But having vulnerabilities on your business site is YOUR problem and its better that you're told about them before someone else takes advantage. I would rather pay someone and find out about vulnerabilities than have someone else steal all my info and ruin my business reputation. Of course, these guys could just keep coming back for more money every month if they already have my CC#s and info. In that case, your server's vulnerability has cost you big time. Sorry, I don't have a good answer to this, but let's not let the business owners off the hook because they are being blackmailed from people who found mistakes in THEIR OWN servers. To sum up: Blackmail=BAD, businesses that don't secure their systems=ALSO BAD.

    --

    "The prohibition will be strongest when the group is nervous." - Paul Graham

  18. Hmmm... Economics. by paja · · Score: 4, Insightful

    This is just plain stupid. Connecting hacking with economical situation in any country is going nowhere. There are some countries, where You have to know what's going on before You start a company. And a bunch of guys living in such conditions should know about it.

    Just a rule of thumb: running a small family bussines in Eastern Europe means keeping it low. If You don't want to, just be sure You are big enough to face consequences.

  19. Re:True Patriot Act! by gl4ss · · Score: 5, Insightful

    terrorism spawns where political goals can't be met by other means (trying to get something into the public knoweledge or trying to force the majority into something else by terror, or by fighting the oppressing force using unconventional means that cause terror).

    common criminals spawn of poverty and possibilities, much like in usa too.

    however theres a very thin line between criminal and legal person russia.. chances are that to do ordinary business you will have to be at least partly criminal(bribe & etc).

    --
    world was created 5 seconds before this post as it is.
  20. Re:Figures by Anonymous Coward · · Score: 4, Funny

    Dear Lord, shut up already! We know you'd like to be called "crackers" instead of hackers, just like you'd rather be called Trekkers instead of Trekkies. But wake up! IT AIN'T GONNA HAPPEN! This nickname was bestowed upon a group by the general public, you can't decide to change it "just because", it is a part of culture, and contrary to your own personal belief, YOU ARE NOT A JEDI KNIGHT! This isn't a light side vs. dark side thing, it's just a case of people who hack for fun wanting to pretend they are samuri or some shit.

    The name of cracker has already been taken anyway, it refers to a white man.

  21. Recently experienced the joy of credit thef... by reynolds_john · · Score: 4, Insightful

    I hope these guys get the chair. Seriously. My wife and I are *very* careful online, and in all purchases - even so far as shredding all information before it goes into the trash.

    The last two weeks we've had identity/credit theft again.. the second time within a year. Let me tell you first hand, this is NO fun. I spoke with our Credit Union representative about this - she stated that members are being hit with this almost nonstop, and it only shows signs of getting worse. Even better, now (she stated) they have perfected forging other things like money orders and the like, which is on the rise as well.

    This hacking sounds "interesting" up to the point you've lived through it first hand. Now, I just want these guys caught and put away. However, the responsibility doesn't simply rest on their shoulders. Visa and other Banks should have the pants sued off them for giving the public such a laugh of security in the form of credit cards. Why lawsuits? Because once you hit their precious pocketbooks, they will finally take this stuff seriously. If the public truly understood the depth of how laughable the security is, I think they would experience mass account closures almost overnight.

    The ease of use of these things is apalling. Heck, once they have a number, how hard is it to get the rest of the data like address and phone? What a laugh.

    People - protect yourselves. I'm looking more into this: [Private Payments]
    as a method of protecting my primary cards. If anyone else has suggestions, please let me know.

  22. Parent should be modded up by Hobbex · · Score: 5, Insightful

    What kind of a barberous place has America turned into, when people getting raped as part of their imprisonment is considered not only acceptable (a ha-ha-ha standing joke for Letterman and Leno) but desireable?

    What other humiliating physical violence do we think criminals should be subjected to? Should the women get raped as well? Maybe this should be institutionalized, so we can be sure that all inmates get raped and violated in equal measure?

  23. No sympathy for them by Brother52 · · Score: 4, Informative

    There's absolutely NO PROBLEM getting a decent computer job in Russia, if you're any good. Decent programming skills will earn you enough to live on in virtually any city that's not small (Chelyabinsk is big). I'm a Russian, so I guess I know what I'm talking about.

    There's just that kind of people who are reasonably smart, but with ambitions far outweighting their creative abilities. These often become crackers. Living conditions just don't matter here.

    As to mafia demanding "protection money" - I really don't see it happening to a company that is barely afloat and works fully within the law. There're just lots of better targes. So I guess this was a consequence, not the cause.