[ISN] FBI agent charged with hacking

From: InfoSec News (isnat_private)
Date: Thu Aug 15 2002 - 23:24:05 PDT

  • Next message: InfoSec News: "[ISN] Linux looks to pass government standards"

    http://www.msnbc.com/news/563379.asp?0na=x22034Q2p
    
    By Mike Brunker 
    MSNBC 
    Aug. 15, 2002
    
    In a first in the rapidly evolving field of cyberspace law, Russia's
    counterintelligence service on Thursday filed criminal charges against
    an FBI agent it says lured two Russian hackers to the United States,
    then illegally seized evidence against them by downloading data from
    their computers in Chelyabinsk, Russia.
    
    IGOR TKACH, an investigator with Russia's Federal Security Service, or
    FSB, started criminal proceedings against FBI Agent Michael Schuler
    for unauthorized access to computer information, according to the
    Interfax news agency.
           
    The agency reported the complaint had been forwarded to the U.S.
    Justice Department and that the FSB was awaiting a response.
           
    The FBI said Thursday it had no comment on the case, and the Justice
    Department did not immediately respond to a request seeking comment.
           
    Interfax quoted sources with the FSB as describing the criminal
    complaint as an effort to restore traditional law enforcement borders.
           
    'If the Russian hackers are sentenced on the basis of information
    obtained by the Americans through hacking, that will imply the future
    ability of U.S. secret services to use illegal methods in the
    collection of information in Russia and other countries,' the news
    agency quoted one source as saying.
           
    RUSE WAS WIDELY PRAISED
           
    Schuler and other agents were widely praised for an elaborate ruse
    that led to the arrests of Vasily Gorshkov, 25, and Alexey Ivanov, 20,
    in November 2000. Court papers described the men as kingpins of
    Russian computer crime who hacked into the networks of at least 40
    U.S. companies and then attempted to extort money.
           
    The pair was lured to the United States after Ivanov identified
    himself in an e-mail threatening to destroy data at a victimized
    company, Stephen Schroeder, a now-retired assistant U.S. attorney in
    Seattle who prosecuted Gorshkov, told MSNBC.com last year.
           
    FBI agents then found Ivanov's resumé online and, posing as
    representatives of a fictitious network security company called
    Invita, contacted him to offer him a job.
           
    Once Ivanov and Gorshkov arrived in Seattle, agents posing as Invita
    officials asked the men to demonstrate their prowess on a computer
    outfitted with 'sniffer' software to record every keystroke.  After
    arresting the men, the agents used account numbers and passwords
    obtained by the program to gain access to data stored on the pair's
    computers in Russia.
           
    Fearing that an associate would 'pull the plug' on the computer in
    Russia, the agents downloaded evidence before obtaining a search
    warrant, according to court papers.
    
    AGENTS HONORED
           
    In a news release issued last week honoring Agents Schuler and Marty
    Prewett with the director's award for excellence, the FBI's field
    office in Seattle said the case was the first in the the bureau's
    history to 'utilize the technique of extra-territorial seizure.' The
    procedures employed by the agents had been incorporated into the
    attorney general's guidelines for law enforcement personnel, it said.
    
    Court papers allege that Ivanov and Gorshkov broke into and obtained
    financial information from a number of large U.S. companies and
    penetrated the computer networks of two banks - the Nara Bank of Los
    Angeles and Central National Bank-Waco, based in Texas.
           
    They also were accused of orchestrating 'a massive scheme' to defraud
    the Internet-based payment company PayPal, based in Palo Alto, Calif.,
    by using 'proxy' e-mail addresses from such institutions as public
    schools and stolen credit-card numbers to buy goods.
           
    Prosecutors have indicated they also believe the Russians are linked
    to two other high-profile cases: the theft of data on 300,000 credit
    cards from the CD Universe Web site and another 15,700 credit cards
    from a Western Union Web site.
           
    Gorshkov was convicted in Seattle in September 2001 of 20 counts of
    wire fraud, charges that carry a maximum sentence of 100 years in
    prison. Sentencing was scheduled for January, but court records do not
    reflect that a punishment had been imposed.
           
    Ivanov also has been indicted in New Jersey and Connecticut, where he
    currently is in custody and awaiting trial.
           
    In pretrial motions, Gorshkov's lawyer, Kenneth Kanev, argued that the
    FBI agents had violated Gorshkov's Fourth Amendment right against
    unreasonable search and seizure by secretly obtaining passwords and
    account numbers.
           
    But U.S. District Judge John C. Coughenour of Seattle ruled that
    Gorshkov and Ivanov gave up any expectation of privacy by using
    computers in what they believed were the offices of a public company.
           
    NO EXPECTATION OF PRIVACY
           
    'When (the) defendant sat down at the networked computer - he knew
    that the systems administrator could and likely would monitor his
    activities,' Coughenour wrote. 'Indeed, the undercover agents told
    (Gorshkov) that they wanted to watch in order to see what he was
    capable of doing.'
           
    He also found that the Fourth Amendment did not apply to the
    computers, 'because they are the property of a non-resident and
    located outside the United States,' or to the data - at least until it
    was transmitted to the United States.
           
    The judge noted that investigators obtained a search warrant before
    viewing the vast store of data - nearly 250 gigabytes, according to
    court records. He rejected the argument that the warrant should have
    been obtained before the data was downloaded, noting that 'the agents
    had good reason to fear that if they did not copy the data, (the)
    defendant's co-conspirators would destroy the evidence or make it
    unavailable.'
           
    Finally, Coughenour rejected defense arguments that the FBI's actions
    'were unreasonable and illegal because they failed to comply with
    Russian law,' saying that Russian law does not apply to the agents'
    actions.
           
    NT VULNERABILITY EXPLOITED
           
    Ivanov, Gorshkov and other unidentified associates used the Internet
    to gain illegal access to the U.S. companies' computers, often by
    exploiting a known security vulnerability in Windows NT, according to
    court papers. A 'patch' for the vulnerability had been posted on the
    Microsoft Web site for almost two years, but the companies hit by the
    cyberbandits hadn't updated their software.
    (MSNBC is a Microsoft-NBC joint venture.)
           
    At least one company, Lightrealm Communications of Kirkland, Wash.,
    acceded to a demand that it hire Ivanov as a security consultant after
    he broke into the Internet service provider’s computers, according to
    court documents. Ivanov then used a Lightrealm account to break into
    other companies' computers, they indicated.
           
    Eastern Europe and nations of the former Soviet Union have become a
    hotbed for computer crime aimed at businesses in the United States and
    other Western nations.
           
    When MSNBC.com first reported on the problem of overseas computer
    crime in 1999, Mark Batts, the special agent in charge of the FBI's
    Financial Institution Fraud Unit, said he was not aware of any
    prosecutions of credit card thieves operating from Eastern Europe and
    the nations of the former Soviet Union.
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Aug 16 2002 - 02:39:04 PDT