Despite U.S. Efforts, Web Crimes Thrive

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.washingtonpost.com/wp-dyn/articles/A12984-2003May19.html

By Ariana Eunjung Cha
Washington Post Staff Writer
Tuesday, May 20, 2003

Last of three articles 

CHELYABINSK, Russia 

Here in his hometown, Michael is a respected computer programmer. In
the United States, he's a wanted man.

Two and a half years ago, his former boss Vasiliy Gorshkov and
co-worker Alexey Ivanov were arrested for hacking and extorting a
string of American businesses. Michael, who spoke on the condition
that he be identified only by an English translation of his first
name, said he helped them.

Shortly after his associates were captured, the FBI determined that
Michael might be part of the same hacking ring and tried to go after
him, too. An agent sent him an e-mail telling him what had happened to
Gorshkov and Ivanov and asking him what he knew about the men's
criminal activities. Michael responded that by tricking the two men to
travel to Seattle so they could be arrested, the agency had just
started a war.

"We'll keep stealing just like we did in the past," he wrote. "If you
try to stop us there will be more of the same. Better just leave us
alone."

The FBI man, Michael said, apologized and said the agency wouldn't
bother him anymore. And so far it hasn't.

Michael, now 21, still lives in the same downtown apartment he
purchased with funds from the hacking scheme he says he participated
in with Gorshkov and Ivanov. While his compatriots are sitting in
prison, Michael is shopping for a car, a Honda Prelude, with his
illicit profits. He said he continues hacking into company databases
in his spare time, at the rate of about one a week. His recent bounty:  
documents from a corporate site for a computer-chip company, a
medium-size Internet access provider and an agency within the
government of Uruguay.

It's impossible to determine how many of the hackers who are
responsible for the chaos that now seems to regularly erupt on the
Internet remain at large. Many use multiple aliases and electronically
hop from country to country, making it difficult to determine who or
where they are. Statistics on cybercrime show a huge disparity between
the number of attacks reported and the number of people who are
caught. The CERT Coordination Center, a federal clearinghouse, logged
more than 80,000 incidents of break-ins, viruses and other attacks in
2002, up from around 50,000 the year before. Meanwhile, U.S. law
enforcement arrests only several hundred alleged perpetrators each
year.

In a series of interviews with U.S. authorities, Ivanov identified
Michael and six others as co-conspirators; the complete document is
still under seal in U.S. District Court in Connecticut, but portions
of the transcript were obtained by The Washington Post. Justice
Department lawyers in Washington and Connecticut declined to comment
on the investigation because it is continuing. In exchange for
Ivanov's cooperation and in response to his fears that his loved ones
might be in danger, the government flew his mother, his sister and his
girlfriend, Lena, to the United States last fall.

Gorshkov was found guilty of conspiring to extort three companies; he
could be released from jail as early as next month. Ivanov admitted to
hacking into 16 companies' systems and pleaded guilty to extortion and
wire fraud; he still awaits sentencing. But there are literally
hundreds of other victims who experienced nearly identical attacks,
and a significant number of those were by people who identified
themselves, as Gorshkov and Ivanov did, as being part of the "Expert
Group of Protection Against Hackers." The hackers would break into a
system and offer to fix the breach -- if the companies would pay a fee
or hire them as security consultants.

Ivanov declined to be interviewed for this series. But he has told
authorities that he was part of two hacking cells -- one with Gorshkov
and Michael and one with several other associates. He said it was the
latter group that had done more serious damage -- hacking a D.C.-based
company called E-Money Inc. that provides technology for electronic
payments and other companies.

Indeed, while prosecutors had characterized Gorshkov as the ringleader
of the Expert Group, Ivanov said that wasn't true.

Lawyer John Lundin, who represents Gorshkov and who has reviewed the
transcripts of Ivanov's interviews said Ivanov implicated Gorshkov
only "in one small portion of his criminal activity."

"Ivanov had been involved in computer 'cracking' for a long time, well
before he met Gorshkov, with a number of other associates," Lundin
said.

In a letter from prison, Gorshkov wrote that he was not responsible
for some of the crimes he was convicted of. "All the evidence
presented by government shows that the activities I was charged with
didn't stop after my arrest and closing of my company. Whoever was
doing it, was still doing it," he wrote.

The FBI's computer crimes unit, in cooperation with the Secret
Service's financial crimes unit, has been able to piece together much
of the Expert Group extortion network, complete with real names, as
well as some telephone numbers and addresses, of those alleged
perpetrators.

But while U.S. authorities would like to aggressively move to break up
the hackers' club once and for all, local authorities in Russia once
again have not responded to their requests. The ruse that U.S.  
officials used to get Gorshkov and Ivanov to come to the United States
in November 2000, a fake company that promised them legitimate jobs,
isn't likely to work again.

"There is impunity for some violators of law who exist in the
borderless space of the Internet," acknowledged Igor Lukashev, a
former member of the Russian parliament who is now a legislative
staffer pushing for tougher laws on cybercrime.

Hacking is illegal in Russia, just as it is in the United States;  
enforcement is where the countries differ. Here, it's sometimes more
akin to a getting a parking ticket than a serious felony -- something
that on paper is wrong but not morally reprehensible. Local
investigations also are hampered because authorities cite other,
higher priorities.

That means many hackers are able to operate in what are essentially
safe havens. In an interconnected world like the Internet, a few safe
havens are all that is needed to wreak havoc on every country.

Dmitry Chepchugov, chief of the high-tech crimes administration for
the Moscow police and a member of the cybercrime subcommittee for the
Group of Eight, an organization of the world's largest industrialized
nations, said both governments recognize at their highest levels that
better cooperation is necessary. It doesn't always work out that way,
though, in practice.

This is especially important, Chepchugov said, because the biggest
issue between United States and Russia is no longer spy-related.

"Now crime between our countries is about commercial competition," he
said.

What has complicated U.S.-Russian relations even more is that the two
countries are at odds over how the Gorshkov-Ivanov case was handled.  
To gather evidence in the case, the FBI secretly captured the men's
passwords and then used the information to tap into their computers
over the Internet from the United States. The FBI says it acted in
accordance with U.S. laws. But the Russian Federal Security Service
(FSB), the successor to the KGB, has accused the FBI of illegally
hacking into the men's computers to gather evidence.

The FSB has opened a criminal case to find out whether FBI agent
Michael Schuler broke Russian laws by accessing Gorshkov's computers
at tech.net.ru. FSB spokesman Stanislav Neginsky said his agents'
examination of Gorshkov's computer systems show that there was
"destruction of part of the data of the files which contained
commercial information" as a result of the American intrusion. The
Russians accuse the Americans of messing up files that may have caused
Gorshkov's company to lose business contracts.

The FSB said the U.S. Department of Justice has not responded to its
request for assistance in the investigation. Charlie Mandigo, the
agent in charge at the FBI's Seattle field office, defends the
agency's decision to access tech.net.ru. Investigators acted with
court permission and a U.S. judge upheld their actions as legal during
Gorshkov's trial.

But, Mandigo said, "I'm not an expert on Russian law, and I'm not
going to interpret their law in terms of whether there may or may not
be something done wrong" from their perspective.

Family members, friends and others here grumble about other aspects of
the U.S. case against the hackers: that Gorshkov wasn't given access
to a dictionary or interpreter; that the U.S. officials didn't notify
the Russian government they had compatriots in custody, leaving
families in the dark for months; and that the government was so clumsy
in its analysis of what it found on the hackers' computers that
investigators apparently mistook some system files with long numbers
for credit card information.

U.S. law enforcement agents, though, contend that Gorshkov spoke
English well enough not to need a translator, and they said they sent
a fax to the Russian government about the arrest. Agents acknowledged
that investigators might have been confused about some of the files
found on tech.net.ru.

In this former military manufacturing town, Gorshkov and Ivanov have
become folk heroes of sorts. More than a few people are rallying
behind them, saying what they did was, if not perfectly legal, at
least in a gray area. What's illegal in the United States is just
considered aggressive marketing by more than a few people here. In
February, someone hacked a U.S. university Web site and posted the
message "Free Vasiliy Gorshkov" with a link to a story about his
plight.

"I don't care what they got from the boys' computers. It doesn't in
any way prove they used it criminally. It's possible they were
collecting the data for research," said Galina Ivanova, director of
the Ural Press Inform, a news service.

Lev Kazarinov, a dean at Southern Ural State University, which both
Gorshkov and Ivanov attended, expressed pride that his students could
carry out such "marvels of computing." He said that although Gorshkov
and Ivanov should have known hacking is wrong, it doesn't merit the
type of punishment the young men have been subject to.

"The American government overreacted. No doubt about it," he said.

Ivanov's attorney said the men may have been caught up in what could
be characterized as a misunderstanding. Ivanov in fact got his first
job by hacking into the local Internet service provider and showing
evidence of his feat to the company's security director, Victor
Velichko. "Cultural differences in terms of a hard-sell technique made
some communications come across perhaps stronger than was intended,"  
argued Morgan Paul Rueckert.

It's possible both men may be out of prison this year. Ivanov, who has
yet to be sentenced, is attempting to negotiate a light sentence for
his cooperation. Gorshkov has nearly finished his three years.

When he was first arrested, Ivanov was so distraught that he went on
hunger strikes. He is more upbeat now, after the government allowed
his family to be near him in the United States. This spring, of his
own volition, he began hand-writing apologies to his victims.

An April 28 letter addressed to Michael Apgar, chief executive of
Speakeasy Inc., Ivanov details his intrusions into the Internet
service provider's system and expresses remorse for his extortion
demands.

"I promise that upon my release from jail I will begin working hard to
compensate through the court for the damages that I caused by my
criminal behavior," he said. Ivanov then offered his technical
services -- this time at no charge.

Gorshkov, for his part has done well for himself in prison, winning
the chess championship and earning accolades from wardens and fellow
inmates for taking the time to teach others math and Russian. He
spends the little money he makes in prison calling his fiancee, Maria
("Masha"), and his almost 2-year-old daughter, Anastasia, whom he has
never seen.

Gorshkov will probably return home after his sentence is up but said
in a letter that he does not yet know how he will make money to
support his new family.

"I don't know if I still have an employment waiting on me . . .," he
wrote. But "I will be all right."

When word started to leak out in early 2001 that Gorshkov and Ivanov
were arrested in the United States, the hacking community here went
underground. They dumped their old aliases and began using new ones.  
Suidroot, Eliga, XTZ, Skylack, Kotenok and other names that showed up
as players in criminal investigations suddenly disappeared from the
online world. Some of the hackers said they were more careful to route
their hacks through computers in other countries so as to disguise
their whereabouts.

But in many respects, the nature and extent of the Expert Group's
hacking hasn't changed much.

One twentysomething named Andrei said it was and still is common
practice for people to steal or buy credit card numbers from hackers
to make fraudulent purchases of $10 to $15 that companies such as Visa
and MasterCard find difficult to trace.

"Here it is difficult for a person to live on honest wages," he said,
speaking on the condition that his last name not be used.

Of the other five people named in Ivanov's plea agreement as
co-conspirators, one reportedly moved to Belarus, one was known to
Ivanov only by his online alias and two declined to talk. The last
one, Vladimir, denies the allegations. Vladimir, 21, is tall, blond
and well-mannered. He works in sales at a metal-rolling factory. He
has said that while he's a friend of Ivanov's, he has no knowledge of
the extortions.

He said that he helped Ivanov find a lawyer to go over a letter for
the business proposal that Ivanov sent to companies whose systems he
hacked into. Vladimir, who also spoke on the condition that his last
name not be used, believes the note itself isn't illegal.

"He was proposing to help companies. There is nothing wrong about
that," Vladimir said.

U.S. authorities, however, believe that Vladimir may be the central
coordinator of the hacking scheme in this city. Ivanov said he had
Vladimir's help when he committed a wide range of computer break-ins,
including intrusions into the systems of and extorting 11 companies in
four states.

"I was invited . . . by different group of people which I connected to
Vladimir. The purpose of this visit was to do something illegal, to
break into companies, obtain credit cards and make some kind of frauds
to obtain money," Ivanov said in one of the sealed interviews.

As for Michael, Ivanov said he was one of the people who taught him
how to hack. Michael, a tall, dark-haired boy-next-door type who
sometimes moonlights as a disc jockey and loves to snowboard, admits
that he participated in some of the cases Gorshkov and Ivanov are
being punished for but says his involvement was mostly limited to
searching for valuable information in computer systems that had
already been compromised. He said others hacked into the systems and
others extorted the companies.

Michael said he now rarely participates in hacking extortions but has
moved on to a new scheme: finding and selling personal or proprietary
information on the Internet. It's more discreet and sometimes more
lucrative. Recent sales prices: $15,000 for a batch of e-mails to and
from an executive at a major law firm and his apparent mistress and
$75,000 for the strategic plans of a company.

"I don't do anything that's illegal in the Russian Federation,"  
Michael shrugs, "so I don't care if the Americans are after me."

The anonymity of it makes this type of work easier. He said he could
never imagine mugging an old woman to steal her purse or robbing a
house but has no qualms about taking someone's credit card number
online.

His mother, a bookkeeper, knows of his hacking, Michael said, and so
did his first wife. His second wife, a lawyer he married a few months
ago, does not and he plans on keeping it that way.

"In this community, it's not proper to ask questions. No one asks you
how much you make, and no one asks you how you made it," he said.

Things are basically the same, he said, as when Gorshkov and Ivanov
left on their ill-fated trip. Except now he makes sure to check the
FBI's most-wanted list every few weeks and avoids leaving the country.  
Just in case.


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.