[ISN] Judge OKs FBI hack of Russian computers

From: InfoSec News (isnat_private)
Date: Thu May 31 2001 - 16:29:03 PDT

  • Next message: InfoSec News: "[ISN] Security's Fighter Pilots"

    http://www.zdnet.com/zdnn/stories/news/0,4586,2767013,00.html
    
    By Mike Brunker 
    MSNBC
    May 31, 2001 
    
    Upholding the rights of law enforcement to cross national borders in
    pursuit of cyberspace criminals, a federal judge has ruled that FBI
    agents did not act improperly when they tricked a pair of suspected
    hackers out of passwords and account numbers and then downloaded
    evidence from their computers in Russia.
    
    U.S. District Judge John C. Coughenour of Seattle rejected several
    motions filed on behalf of Vasily Gorshkov, 25, seeking to suppress
    the evidence obtained from the computers.
    
    Gorshkov's lawyer, Kenneth Kanev of Seattle, argued that the FBI
    agents had violated Gorshkov's Fourth Amendment right against
    unreasonable search and seizure by secretly obtaining the passwords
    and account numbers using a "sniffer" program that recorded his
    keystrokes when he accessed the computers in Chelyabinsk, Russia.
    
    But Coughenour, in a ruling dated May 23 that was made public this
    week, ruled that Gorshkov and his alleged co-conspirator, Alexey
    Ivanov, 20, had no expectation of privacy when they sat down at
    computers in the offices of Invita--actually an FBI front set up to
    lure the suspects to the United States with offers of work in the
    computer security field.
    
    "When (the) defendant sat down at the networked computer ... he knew
    that the systems administrator could and likely would monitor his
    activities," Coughenour wrote. "Indeed, the undercover agents told
    (Gorshkov) that they wanted to watch in order to see what he was
    capable of doing."
    
    He also found that the Fourth Amendment applied neither to the
    computers "because they are the property of a non-resident and located
    outside the United States" nor the data--at least until it was
    transmitted to the United States.
    
    The judge noted that investigators then obtained a search warrant
    before viewing the vast store of data--nearly 250 gigabytes, according
    to court records. He rejected the argument that the warrant should
    have been obtained before the data was downloaded, noting that "the
    agents had good reason to fear that if they did not copy the data,
    (the) defendant's co-conspirators would destroy the evidence or make
    it unavailable."
    
    Finally, Coughenour rejected defense arguments that the FBI's actions
    "were unreasonable and illegal because they failed to comply with
    Russian law," saying that Russian law does not apply to the agents'
    actions.
    
    The judge did grant one defense motion, agreeing to delay Gorshkov's
    trial until Sept. 17.
    
    Tantalizing clues
    
    Prosecutors have dropped tantalizing clues in court papers and in
    testimony suggesting that Gorshkov and Ivanov were kingpins of Russian
    computer crime prior to their arrests.
    
    Court papers indicate that the pair, who were arrested in Seattle on
    Nov. 10, are believed to have broken into and obtained financial
    information from the computer networks of two banks--the Nara Bank of
    Los Angeles and Central National Bank-Waco (Texas). They also charge
    that the duo broke into the computers of at least 38 other U.S.
    companies, often following the intrusion with an extortion demand.
    
    Prosecutors have indicated they believe the two are linked to a pair
    of high-profile cases: the theft of data on 300,000 credit cards from
    the CD Universe Web site and the heist of data on 15,700 credit cards
    from a Western Union Web site. The suspects' alleged connection to
    those cases has not been explained.
    
    Both men have been indicted by a federal grand jury in Seattle. Ivanov
    also has been indicted in New Jersey and Connecticut, where he
    currently is in custody.
    
    NT vulnerability exploited
    
    Ivanov, Gorshkov and other unnamed associates used the Internet to
    gain illegal access to the U.S. companies' computers, often by
    exploiting a known security vulnerability in Windows NT, prosecutors
    say. A "patch" for the vulnerability has been posted on the Microsoft
    Web site for almost two years, but the companies hit by the
    cyberbandits hadn't updated their software. (MSNBC is a Microsoft-NBC
    joint venture.)
    
    At least one company, Lightrealm Communications of Kirkland, Wash.,
    acceded to a demand that it hire Ivanov as a security consultant after
    he broke into the Internet service provider's computers. Prosecutors
    say Ivanov then used a Lightrealm account to break into other
    companies' computers.
    
    The break that eventually led to the arrests came when Ivanov
    identified himself in an e-mail while attempting to extort money from
    a victimized company, Stephen Schroeder, an assistant U.S. attorney in
    Seattle, told MSNBC.com. FBI agents then found his resum online and,
    posing as representatives of a fictitious network security company
    called Invita, contacted him to offer him a job.
    
    "He felt pretty safe because he was in Russia," Schroeder said of
    Ivanov's alleged blunder.
    
    After Ivanov arrived in Seattle, accompanied by Gorshkov, agents
    posing as Invita officials asked the men to demonstrate their prowess
    on a computer outfitted with "sniffer" software to record every
    keystroke. After arresting the duo, they used account numbers and
    passwords obtained by the program to gain access to data stored in the
    computers in Russia, Schroeder said.
    
    Second major bust
    
    The arrest of Ivanov and Gorshkov was the second major computer crime
    bust aimed at former Soviet Union nations in the past year.
    
    In August 2000, federal agents arrested two Kazakh men in London after
    they allegedly broke into the computer systems of financial
    information provider Bloomberg L.P. and attempted to extort $200,000
    from company founder Michael Bloomberg.
    
    U.S. authorities are seeking to extradite Oleg Zezov and Igor Yarimaka
    for trial on the charges. If convicted, Zezov and Yarimaka could
    receive prison sentences of up to 20 years and fines of $250,000 each.
    
    Eastern Europe and nations of the former Soviet Union have become a
    hotbed in recent years for computer crime aimed at businesses in the
    United States and other Western nations.
    
    When MSNBC.com first reported on the problem of overseas computer
    crime in 1999, Mark Batts, the special agent in charge of the FBI's
    Financial Institution Fraud Unit, said he was not aware of any
    prosecutions of credit card thieves operating from Eastern Europe and
    the nations of the former Soviet Union.
     
    
    
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email isn-unsubscribeat_private
    



    This archive was generated by hypermail 2b30 : Fri Jun 01 2001 - 02:58:14 PDT