Return-Path: <sentto-279987-5193-1029504166-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Fri, 16 Aug 2002 06:25:08 -0700 (PDT)
Received: (qmail 20116 invoked by uid 510); 16 Aug 2002 13:21:15 -0000
Received: from n14.grp.scd.yahoo.com (66.218.66.69) by all.net with SMTP; 16 Aug 2002 13:21:15 -0000
X-eGroups-Return: sentto-279987-5193-1029504166-fc=all.net@returns.groups.yahoo.com
Received: from [66.218.66.95] by n14.grp.scd.yahoo.com with NNFMP; 16 Aug 2002 13:22:46 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_7_4); 16 Aug 2002 13:22:45 -0000
Received: (qmail 47264 invoked from network); 16 Aug 2002 13:22:45 -0000
Received: from unknown (66.218.66.217) by m7.grp.scd.yahoo.com with QMQP; 16 Aug 2002 13:22:45 -0000
Received: from unknown (HELO red.all.net) (12.232.72.152) by mta2.grp.scd.yahoo.com with SMTP; 16 Aug 2002 13:22:45 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g7GDNfs12438; Fri, 16 Aug 2002 06:23:41 -0700
Message-Id: <200208161323.g7GDNfs12438@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Fri, 16 Aug 2002 06:23:41 -0700 (PDT)
Subject: [iwar] FBI agent charged with hacking
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, hits=0.0 required=5.0 tests=DIFFERENT_REPLY_TO version=2.20
X-Spam-Level:
FBI agent charged with hacking
Russia alleges agent broke law by downloading evidence
By Mike Brunker
MSNBC
Aug. 15 =97 In a first in the rapidly evolving field of cyberspace law,
Russia=92s counterintelligence service on Thursday filed criminal charges
against an FBI agent it says lured two Russian hackers to the United
States, then illegally seized evidence against them by downloading data
from their computers in Chelyabinsk, Russia.
The case was the first in the FBI=92s history to =91utilize the technique
of extra-territorial seizure.=92
=97 FBI PRESS RELEASE
IGOR TKACH, an investigator with Russia=92s Federal Security
Service, or FSB, started criminal proceedings against FBI Agent Michael
Schuler for unauthorized access to computer information, according to the
Interfax news agency.
The agency reported the complaint had been forwarded to the U.S.
Justice Department and that the FSB was awaiting a response.
The FBI said Thursday it had no comment on the case, and the Justice
Department did not immediately respond to a request seeking comment.
Interfax quoted sources with the FSB as describing the criminal
complaint as an effort to restore traditional law enforcement borders.
=93If the Russian hackers are sentenced on the basis of information
obtained by the Americans through hacking, that will imply the future
ability of U.S. secret services to use illegal methods in the collection
of information in Russia and other countries,=94 the news agency quoted
one source as saying.
RUSE WAS WIDELY PRAISED
Schuler and other agents were widely praised for an elaborate ruse
that led to the arrests of Vasily Gorshkov, 25, and Alexey Ivanov, 20, in
November 2000. Court papers described the men as kingpins of Russian
computer crime who hacked into the networks of at least 40 U.S. companies
and then attempted to extort money.
The pair was lured to the United States after Ivanov identified
himself in an e-mail threatening to destroy data at a victimized company,
Stephen Schroeder, a now-retired assistant U.S. attorney in Seattle who
prosecuted Gorshkov, told MSNBC.com last year.
FBI agents then found Ivanov=92s resum=E9 online and, posing as
representatives of a fictitious network security company called Invita,
contacted him to offer him a job.
Once Ivanov and Gorshkov arrived in Seattle, agents posing as Invita
officials asked the men to demonstrate their prowess on a computer
outfitted with =93sniffer=94 software to record every keystroke. After
arresting the men, the agents used account numbers and passwords obtained
by the program to gain access to data stored on the pair=92s computers in
Russia.
Fearing that an associate would =93pull the plug=94 on the computer
in Russia, the agents downloaded evidence before obtaining a search
warrant, according to court papers.
AGENTS HONORED
In a news release issued last week honoring Agents Schuler and Marty
Prewett with the director=92s award for excellence, the FBI=92s field
office in Seattle said the case was the first in the the bureau=92s
history to =93utilize the technique of extra-territorial seizure.=94 The
procedures employed by the agents had been incorporated into the attorney
general=92s guidelines for law enforcement personnel, it said.
Court papers allege that Ivanov and Gorshkov broke into and
obtained financial information from a number of large U.S. companies and
penetrated the computer networks of two banks =97 the Nara Bank of Los
Angeles and Central National Bank-Waco, based in Texas.
They also were accused of orchestrating =93a massive scheme=94 to
defraud the Internet-based payment company PayPal, based in Palo Alto,
Calif., by using =93proxy=94 e-mail addresses from such institutions as
public schools and stolen credit-card numbers to buy goods.
Prosecutors have indicated they also believe the Russians are linked
to two other high-profile cases: the theft of data on 300,000 credit cards
from the CD Universe Web site and another
15,700 credit cards from a Western Union Web site.
Gorshkov was convicted in Seattle in September 2001 of 20 counts of
wire fraud, charges that carry a maximum sentence of 100 years in prison.
Sentencing was scheduled for January, but court records do not reflect
that a punishment had been imposed.
Ivanov also has been indicted in New Jersey and Connecticut, where
he currently is in custody and awaiting trial.
In pretrial motions, Gorshkov=92s lawyer, Kenneth Kanev, argued that
the FBI agents had violated Gorshkov=92s Fourth Amendment right against
unreasonable search and seizure by secretly obtaining passwords and
account numbers.
But U.S. District Judge John C. Coughenour of Seattle ruled that
Gorshkov and Ivanov gave up any expectation of privacy by using computers
in what they believed were the offices of a public company.
NO EXPECTATION OF PRIVACY
=93When (the) defendant sat down at the networked computer =85 he
knew that the systems administrator could and likely would monitor his
activities,=94 Coughenour wrote. =93Indeed, the undercover agents told
(Gorshkov) that they wanted to watch in order to see what he was capable
of doing.=94
He also found that the Fourth Amendment did not apply to the
computers, =93because they are the property of a non-resident and located
outside the United States,=94 or to the data =97 at least until it was
transmitted to the United States.
The judge noted that investigators obtained a search warrant before
viewing the vast store of data =97 nearly 250 gigabytes, according to
court records. He rejected the argument that the warrant should have been
obtained before the data was downloaded, noting that =93the agents had
good reason to fear that if they did not copy the data, (the)
defendant=92s co-conspirators would destroy the evidence or make it
unavailable.=94
Finally, Coughenour rejected defense arguments that the FBI=92s
actions =93were unreasonable and illegal because they failed to comply
with Russian law,=94 saying that Russian law does not apply to the
agents=92 actions.
NT VULNERABILITY EXPLOITED
Ivanov, Gorshkov and other unidentified associates used the Internet
to gain illegal access to the U.S. companies=92 computers, often by
exploiting a known security vulnerability in Windows NT, according to
court papers. A =93patch=94 for the vulnerability had been posted on the
Microsoft Web site for almost two years, but the companies hit by the
cyberbandits hadn=92t updated their software.
(MSNBC is a Microsoft-NBC joint venture.)
At least one company, Lightrealm Communications of Kirkland, Wash.,
acceded to a demand that it hire Ivanov as a security consultant after he
broke into the Internet service provider=92s computers, according to court
documents. Ivanov then used a Lightrealm account to break into other
companies=92 computers, they indicated.
Eastern Europe and nations of the former Soviet Union have become a
hotbed for computer crime aimed at businesses in the United States and
other Western nations.
When MSNBC.com first reported on the problem of overseas computer
crime in 1999, Mark Batts, the special agent in charge of the FBI=92s
Financial Institution Fraud Unit, said he was not aware of any
prosecutions of credit card thieves operating from Eastern Europe and the
nations of the former Soviet Union.
--This communication is confidential to the parties it is intended to serve--
Fred Cohen Fred Cohen & Associates.........tel/fax:925-454-0171
fc@all.net The University of New Haven.....http://www.unhca.com/
http://all.net/ Sandia National Laboratories....tel:925-294-2087
------------------------ Yahoo! Groups Sponsor ---------------------~-->
4 DVDs Free +s&p Join Now
http://us.click.yahoo.com/pt6YBB/NXiEAA/RN.GAA/kgFolB/TM
---------------------------------------------------------------------~->
------------------
http://all.net/
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:32 PDT